CVE-2023-37857

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Aug 9, 2023

Updated: Nov 14, 2023

CWE ID 798

Summary

CVE-2023-37857 is a vulnerability affecting the WP 6xxx series web panels from PHOENIX CONTACT in versions prior to 4.0.10. An authenticated attacker with admin privileges can exploit this issue by reading hardcoded cryptographic keys. These keys enable the creation of valid session cookies, which, while not allowing a direct session takeover, may still be exploited for unauthorized access to the device.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/r8cP3l
https://www.cve.org/CVERecord?id=CVE-2023-37857
https://nvd.nist.gov/vuln/detail/CVE-2023-37857

Back to Vulnerability Database

CVE-2023-37857

CVSS 3.1 Score 7.2 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations