Lucene search
K

33 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-41734

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.00607EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2023/08/28 12:0 a.m.6 views

The vulnerability of microprogrammed software in web panels for controlling and monitoring processes in industrial systems, PHOENIX CONTACT WP 6xxx, arises due to errors in processing hypertext links. This vulnerability allows an intruder to gain unauthorized access to protected information.

The vulnerability of microprogrammed software in web panels for controlling and monitoring processes in industrial systems, PHOENIX CONTACT WP 6xxx, is related to errors in processing hypertext links. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized...

4.3CVSS5.5AI score0.00429EPSS
Exploits0References2Affected Software6
OSV
OSV
added 2023/08/09 7:15 a.m.4 views

CVE-2023-37857

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing the attacker to create valid session cookies. These session-cookies created by the attacker are not sufficient to...

7.2CVSS5.8AI score
Exploits0References1
NVD
NVD
added 2023/08/09 7:15 a.m.28 views

CVE-2023-37857

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing the attacker to create valid session cookies. These session-cookies created by the attacker are not sufficient to...

7.2CVSS4.9AI score0.00441EPSS
Exploits0References1
OSV
OSV
added 2023/08/09 7:15 a.m.6 views

CVE-2023-37860

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote unauthenticated attacker can obtain the r/w community string of the SNMPv2 daemon...

7.5CVSS5.8AI score0.00607EPSS
Exploits0References1
NVD
NVD
added 2023/08/09 7:15 a.m.21 views

CVE-2023-37855

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem within the embedded Qt browser...

4.3CVSS4.8AI score0.00429EPSS
Exploits0References1
Prion
Prion
added 2023/08/09 7:15 a.m.26 views

Code injection

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote unauthenticated attacker can obtain the r/w community string of the SNMPv2 daemon...

5CVSS7.5AI score0.00607EPSS
Exploits0References1Affected Software6
Prion
Prion
added 2023/08/09 7:15 a.m.38 views

Hardcoded credentials

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing to decrypt an encrypted web application login password...

3.3CVSS5.1AI score0.00339EPSS
Exploits0References1Affected Software6
CVE
CVE
added 2023/08/09 6:37 a.m.50 views

CVE-2023-37858

PHOENIX CONTACT WP 6xxx series web panels (versions

4.9CVSS5AI score0.00339EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/08/09 6:37 a.m.34 views

CVE-2023-37857 PHOENIX CONTACT: Use of Hard-coded Credentials in WP 6xxx Web panels

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing the attacker to create valid session cookies. These session-cookies created by the attacker are not sufficient to...

3.8CVSS7AI score0.00441EPSS
Exploits0References1
CVE
CVE
added 2023/08/09 6:37 a.m.50 views

CVE-2023-37857

PHOENIX CONTACT WP 6xxx series web panels are affected in versions prior to 4.0.10. An authenticated administrator can read hardcoded cryptographic keys, enabling the attacker to forge valid session cookies. However, these forged cookies are not sufficient to establish a valid session on the devi...

7.2CVSS4.9AI score0.00441EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/08/09 6:36 a.m.20 views

CVE-2023-37856 PHOENIX CONTACT: Unauthorized read-access of root filesystem in WP 6xxx Web panels

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem through a configuration dialog within the embedded Qt browser...

4.3CVSS5.2AI score0.00429EPSS
Exploits0References1
CVE
CVE
added 2023/08/09 6:36 a.m.51 views

CVE-2023-37856

PHOENIX CONTACT WP 6xxx series web panels are affected by CVE-2023-37856 (pre-4.0.10). A low-privilege remote attacker can gain read-access to the device file system via a configuration dialog in the embedded Qt browser. Affected product: WP 6xxx web panels; vulnerable versions: prior to 4.0.10. ...

4.3CVSS4.8AI score0.00429EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/08/09 6:36 a.m.25 views

CVE-2023-37863 PHOENIX CONTACT: OS Command Injection in WP 6xxx Web panels

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with SNMPv2 write privileges may use an a special SNMP request to gain full access to the device...

7.2CVSS7.4AI score0.00693EPSS
Exploits0References1
CVE
CVE
added 2023/08/09 6:36 a.m.41 views

CVE-2023-37863

CVE-2023-37863 affects PHOENIX CONTACT WP 6xxx web panels prior to version 4.0.10, with an OS Command Injection vulnerability. The issue arises in the web panel software, where a remote attacker holding SNMPv2 write privileges can trigger a special SNMP request to gain full device access. Impacte...

7.2CVSS7.1AI score0.00693EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/09 6:36 a.m.12 views

CVE-2023-37863 PHOENIX CONTACT: OS Command Injection in WP 6xxx Web panels

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with SNMPv2 write privileges may use an a special SNMP request to gain full access to the device...

7.2CVSS7.2AI score0.00693EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/08/09 6:35 a.m.13 views

CVE-2023-37864 PHOENIX CONTACT: WP 6xxx Web panels prone to download code without integrity check

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with SNMPv2 write privileges may use an a special SNMP request to gain full access to the device...

7.2CVSS7.2AI score0.00319EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/08/09 6:35 a.m.26 views

CVE-2023-37864 PHOENIX CONTACT: WP 6xxx Web panels prone to download code without integrity check

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with SNMPv2 write privileges may use an a special SNMP request to gain full access to the device...

7.2CVSS7.3AI score0.00319EPSS
Exploits0References1
CVE
CVE
added 2023/08/09 6:35 a.m.2486 views

CVE-2023-37862

The CVE-2023-37862 entry concerns PHOENIX CONTACT WP 6xxx series web panels (versions prior to 4.0.10) with insufficient authorization in the HTTP API upload functions. An unauthenticated remote attacker can access the upload endpoints, which can lead to SSL certificate errors and may cause a par...

8.2CVSS8.1AI score0.00374EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/09 6:34 a.m.24 views

CVE-2023-37860 PHOENIX CONTACT: Missing Authorization in WP 6xxx Web panels

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote unauthenticated attacker can obtain the r/w community string of the SNMPv2 daemon...

7.5CVSS7AI score0.00607EPSS
Exploits0References1
Rows per page
Query Builder