CVE-2023-37857

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing the attacker to create valid session cookies. These session-cookies created by the attacker are not sufficient to obtain a valid session on the device.

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://cert.vde.com/en/advisories/VDE-2023-018/	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:h:phoenixcontact:wp_6070-wvps:-:*:*:*:*:*:*:*

cpe:2.3:o:phoenixcontact:wp_6070-wvps_firmware:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:h:phoenixcontact:wp_6101-wxps:-:*:*:*:*:*:*:*

cpe:2.3:o:phoenixcontact:wp_6101-wxps_firmware:*:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:h:phoenixcontact:wp_6121-wxps:-:*:*:*:*:*:*:*

cpe:2.3:o:phoenixcontact:wp_6121-wxps_firmware:*:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:h:phoenixcontact:wp_6156-whps:-:*:*:*:*:*:*:*

cpe:2.3:o:phoenixcontact:wp_6156-whps_firmware:*:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:h:phoenixcontact:wp_6185-whps:-:*:*:*:*:*:*:*

cpe:2.3:o:phoenixcontact:wp_6185-whps_firmware:*:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:h:phoenixcontact:wp_6215-whps:-:*:*:*:*:*:*:*

cpe:2.3:o:phoenixcontact:wp_6215-whps_firmware:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-08-09 07:15

Updated : 2023-11-14 10:15

NVD link : CVE-2023-37857

Mitre link : CVE-2023-37857

CVE.ORG link : CVE-2023-37857

JSON object : View

Products Affected

phoenixcontact

wp_6215-whps_firmware
wp_6070-wvps
wp_6215-whps
wp_6121-wxps_firmware
wp_6070-wvps_firmware
wp_6101-wxps_firmware
wp_6156-whps
wp_6121-wxps
wp_6156-whps_firmware
wp_6185-whps_firmware
wp_6101-wxps
wp_6185-whps

CWE

CWE-798

Use of Hard-coded Credentials

{"id": "CVE-2023-37857", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}, {"type": "Secondary", "source": "info@cert.vde.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.8, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 1.2}]}, "published": "2023-08-09T07:15:10.603", "references": [{"url": "https://cert.vde.com/en/advisories/VDE-2023-018/", "tags": ["Third Party Advisory"], "source": "info@cert.vde.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "info@cert.vde.com", "description": [{"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing the attacker to create valid session cookies. These session-cookies created by the attacker are not sufficient to obtain a valid session on the device.\n"}], "lastModified": "2023-11-14T10:15:28.897", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:wp_6070-wvps:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7746DBEC-655D-4405-B457-202342434B49"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:wp_6070-wvps_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30A330AB-B871-4312-927A-BF73D745DFD1", "versionEndExcluding": "4.0.10"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:wp_6101-wxps:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "04FBD160-0582-4049-B6F2-7A56CC056FF2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:wp_6101-wxps_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E4F5E047-4212-498C-8C8A-4454C53A34DD", "versionEndExcluding": "4.0.10"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:wp_6121-wxps:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "206E4626-E7B8-4744-A258-9B9941652018"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:wp_6121-wxps_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "75E09A8E-A36E-4E5D-A62F-A8DABAB4258F", "versionEndExcluding": "4.0.10"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:wp_6156-whps:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7DF6A8F5-E997-4B75-BB55-4C77BE3011F6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:wp_6156-whps_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1859A631-9C2E-4AA6-BFA1-7DE9E779BD6E", "versionEndExcluding": "4.0.10"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:wp_6185-whps:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3C60EBBD-552C-48AB-975E-C3B7D3009CC7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:wp_6185-whps_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2329179-AE02-4B31-A5FD-BD6E205726F7", "versionEndExcluding": "4.0.10"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:wp_6215-whps:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A6CCE4E8-7EDF-44E9-8ED7-3FB88256674F"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:wp_6215-whps_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D743C23B-054C-4F62-BCFB-BE90CF53832E", "versionEndExcluding": "4.0.10"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "info@cert.vde.com"}