CVE-2023-37862

HIGH

Phoenixcontact WP 6070-wvps Firmware < 4.0.10 - Missing Authorization

Title source: rule
STIX 2.1

Description

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an unauthenticated remote attacker can access upload-functions of the HTTP API. This might cause certificate errors for SSL-connections and might result in a partial denial-of-service.

References (1)

Core 1
Core References

Scores

CVSS v3 8.2
EPSS 0.0037
EPSS Percentile 29.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-862
Status published
Products (6)
phoenixcontact/wp_6070-wvps_firmware < 4.0.10
phoenixcontact/wp_6101-wxps_firmware < 4.0.10
phoenixcontact/wp_6121-wxps_firmware < 4.0.10
phoenixcontact/wp_6156-whps_firmware < 4.0.10
phoenixcontact/wp_6185-whps_firmware < 4.0.10
phoenixcontact/wp_6215-whps_firmware < 4.0.10
Published Aug 09, 2023
Tracked Since Feb 18, 2026