Vulnerability Details CVE-2023-3569
In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an authenticated remote attacker with admin privileges could upload a crafted XML file which causes a denial-of-service.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 42.3%
CVSS Severity
CVSS v3 Score 4.9
References
- http://packetstormsecurity.com/files/174152/Phoenix-Contact-TC-Cloud-TC-Router-2.x-XSS-Memory-Consumption.html
- http://seclists.org/fulldisclosure/2023/Aug/12
- https://cert.vde.com/en/advisories/VDE-2023-017
- http://packetstormsecurity.com/files/174152/Phoenix-Contact-TC-Cloud-TC-Router-2.x-XSS-Memory-Consumption.html
- http://seclists.org/fulldisclosure/2023/Aug/12
- https://cert.vde.com/en/advisories/VDE-2023-017
Products affected by CVE-2023-3569
-
cpe:2.3:h:phoenixcontact:cloud_client_1101t-tx:-
-
cpe:2.3:h:phoenixcontact:tc_cloud_client_1002-4g:-
-
cpe:2.3:h:phoenixcontact:tc_cloud_client_1002-4g_att:-
-
cpe:2.3:h:phoenixcontact:tc_cloud_client_1002-4g_vzw:-
-
cpe:2.3:h:phoenixcontact:tc_router_3002t-4g:-
-
cpe:2.3:h:phoenixcontact:tc_router_3002t-4g_att:-
-
cpe:2.3:h:phoenixcontact:tc_router_3002t-4g_vzw:-
-
cpe:2.3:o:phoenixcontact:cloud_client_1101t-tx_firmware:*
-
cpe:2.3:o:phoenixcontact:tc_cloud_client_1002-4g_att_firmware:*
-
cpe:2.3:o:phoenixcontact:tc_cloud_client_1002-4g_firmware:2.03.17
-
cpe:2.3:o:phoenixcontact:tc_cloud_client_1002-4g_vzw_firmware:*
-
cpe:2.3:o:phoenixcontact:tc_router_3002t-4g_att_firmware:2.05.3
-
cpe:2.3:o:phoenixcontact:tc_router_3002t-4g_firmware:2.05.3
-
cpe:2.3:o:phoenixcontact:tc_router_3002t-4g_vzw_firmware:2.05.3