CVE-2023-3569
MEDIUMPhoenixcontact Cloud Client 1101t-tx Firmware < 2.06.10 - XML Entity Expansion
Title source: ruleDescription
In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an authenticated remote attacker with admin privileges could upload a crafted XML file which causes a denial-of-service.
Scores
CVSS v3
4.9
EPSS
0.0022
EPSS Percentile
44.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Classification
CWE
CWE-776
Status
published
Affected Products (7)
phoenixcontact/cloud_client_1101t-tx_firmware
< 2.06.10
phoenixcontact/tc_cloud_client_1002-4g_att_firmware
< 2.07.2
phoenixcontact/tc_cloud_client_1002-4g_firmware
< 2.07.2
phoenixcontact/tc_cloud_client_1002-4g_vzw_firmware
< 2.07.2
phoenixcontact/tc_router_3002t-4g_att_firmware
< 2.07.2
phoenixcontact/tc_router_3002t-4g_firmware
< 2.07.2
phoenixcontact/tc_router_3002t-4g_vzw_firmware
< 2.07.2
Timeline
Published
Aug 08, 2023
Tracked Since
Feb 18, 2026