33 matches found
EUVD-2023-41734
Malicious code in bioql PyPI...
The vulnerability of microprogrammed software in web panels for controlling and monitoring processes in industrial systems, PHOENIX CONTACT WP 6xxx, arises due to errors in processing hypertext links. This vulnerability allows an intruder to gain unauthorized access to protected information.
The vulnerability of microprogrammed software in web panels for controlling and monitoring processes in industrial systems, PHOENIX CONTACT WP 6xxx, is related to errors in processing hypertext links. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized...
CVE-2023-37857
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing the attacker to create valid session cookies. These session-cookies created by the attacker are not sufficient to...
CVE-2023-37860
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote unauthenticated attacker can obtain the r/w community string of the SNMPv2 daemon...
CVE-2023-37855
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem within the embedded Qt browser...
CVE-2023-37857
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing the attacker to create valid session cookies. These session-cookies created by the attacker are not sufficient to...
Code injection
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote unauthenticated attacker can obtain the r/w community string of the SNMPv2 daemon...
Hardcoded credentials
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing to decrypt an encrypted web application login password...
CVE-2023-37858
PHOENIX CONTACT WP 6xxx series web panels (versions
CVE-2023-37857
PHOENIX CONTACT WP 6xxx series web panels are affected in versions prior to 4.0.10. An authenticated administrator can read hardcoded cryptographic keys, enabling the attacker to forge valid session cookies. However, these forged cookies are not sufficient to establish a valid session on the devi...
CVE-2023-37857 PHOENIX CONTACT: Use of Hard-coded Credentials in WP 6xxx Web panels
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing the attacker to create valid session cookies. These session-cookies created by the attacker are not sufficient to...
CVE-2023-37856
PHOENIX CONTACT WP 6xxx series web panels are affected by CVE-2023-37856 (pre-4.0.10). A low-privilege remote attacker can gain read-access to the device file system via a configuration dialog in the embedded Qt browser. Affected product: WP 6xxx web panels; vulnerable versions: prior to 4.0.10. ...
CVE-2023-37856 PHOENIX CONTACT: Unauthorized read-access of root filesystem in WP 6xxx Web panels
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem through a configuration dialog within the embedded Qt browser...
CVE-2023-37863
CVE-2023-37863 affects PHOENIX CONTACT WP 6xxx web panels prior to version 4.0.10, with an OS Command Injection vulnerability. The issue arises in the web panel software, where a remote attacker holding SNMPv2 write privileges can trigger a special SNMP request to gain full device access. Impacte...
CVE-2023-37863 PHOENIX CONTACT: OS Command Injection in WP 6xxx Web panels
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with SNMPv2 write privileges may use an a special SNMP request to gain full access to the device...
CVE-2023-37863 PHOENIX CONTACT: OS Command Injection in WP 6xxx Web panels
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with SNMPv2 write privileges may use an a special SNMP request to gain full access to the device...
CVE-2023-37864 PHOENIX CONTACT: WP 6xxx Web panels prone to download code without integrity check
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with SNMPv2 write privileges may use an a special SNMP request to gain full access to the device...
CVE-2023-37864 PHOENIX CONTACT: WP 6xxx Web panels prone to download code without integrity check
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with SNMPv2 write privileges may use an a special SNMP request to gain full access to the device...
CVE-2023-37862
The CVE-2023-37862 entry concerns PHOENIX CONTACT WP 6xxx series web panels (versions prior to 4.0.10) with insufficient authorization in the HTTP API upload functions. An unauthenticated remote attacker can access the upload endpoints, which can lead to SSL certificate errors and may cause a par...
CVE-2023-37860 PHOENIX CONTACT: Missing Authorization in WP 6xxx Web panels
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote unauthenticated attacker can obtain the r/w community string of the SNMPv2 daemon...