CVE-2023-3570

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 8, 2023

Updated: Aug 25, 2023

CWE ID 89

Summary

CVE-2023-3570 is a vulnerability affecting PHOENIX CONTACT's WP 6xxx series web panels in versions below 4.0.10. An unauthenticated, low-privileged attacker can exploit this issue by sending a crafted HTTP DELETE request. Successful exploitation grants the attacker full access to the device, posing a significant risk to industrial control systems and other critical infrastructure. It is essential that affected organizations update their web panel software to the latest version to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Progress MOVEit File Transfer

Affected Vendors

Ipswitch, Inc.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/rqHDSm
https://www.cve.org/CVERecord?id=CVE-2023-3570
https://nvd.nist.gov/vuln/detail/CVE-2023-3570

Back to Vulnerability Database