CVE-2023-3573

Name of the Vulnerable Software and Affected Versions PHOENIX CONTACTs WP 6xxx series web panels versions prior to 4.0.10

Description A remote attacker with low privileges may use a command injection in a HTTP POST request related to font configuration operations to gain full access to the device. The vulnerability exists due to the lack of measures to neutralize special elements used in the operating system command. Exploitation of the vulnerability may allow an attacker to gain unauthorized access to the device using a specially crafted POST request.

Recommendations For versions prior to 4.0.10, update to version 4.0.10 or later to resolve the issue. As a temporary workaround, consider restricting access to the font configuration operations to minimize the risk of exploitation. Avoid using the vulnerable HTTP POST request related to font configuration operations until the issue is resolved.