In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing the attacker to create valid session cookies. These session-cookies created by the attacker are not sufficient to obtain a valid session on the device.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://cert.vde.com/en/advisories/VDE-2023-018/ |
History
No history.
MITRE
Status: PUBLISHED
Assigner: CERTVDE
Published: 2023-08-09T06:37:26.551Z
Updated: 2024-08-02T17:23:26.887Z
Reserved: 2023-07-10T07:53:04.115Z
Link: CVE-2023-37857
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-08-09T07:15:10.603
Modified: 2023-11-14T10:15:28.897
Link: CVE-2023-37857
Redhat
No data.