In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing the attacker to create valid session cookies. These session-cookies created by the attacker are not sufficient to obtain a valid session on the device.

Aug 9, 2023

3.8

CVE ID ⇅	Severity ↓	CVSS ⇅	Description	Published ⇅
CVE-2023-37857	LOW	3.8	In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote a…	Aug 9, 2023	›

1 / 85

CVE-2023-37857LOW

Aug 9, 2023

3.8

CVE ID ⇅	Severity ↓	CVSS ⇅	Description	Published ⇅
CVE-2023-37857	LOW	3.8	In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote a…	Aug 9, 2023	›