In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing the attacker to create valid session cookies. These session-cookies created by the attacker are not sufficient to obtain a valid session on the device.
References
Link | Resource |
---|---|
https://cert.vde.com/en/advisories/VDE-2023-018/ | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: CERTVDE
Published: 2023-08-09T06:37:26.551Z
Updated: 2023-11-14T09:15:17.696Z
Reserved: 2023-07-10T07:53:04.115Z
Link: CVE-2023-37857
JSON object: View
NVD Information
Status : Modified
Published: 2023-08-09T07:15:10.603
Modified: 2023-11-14T10:15:28.897
Link: CVE-2023-37857
JSON object: View
Redhat Information
No data.
CWE