CVE-2023-37856

Name of the Vulnerable Software and Affected Versions PHOENIX CONTACT WP 6xxx versions prior to 4.0.10

Description The issue is related to errors in processing hypertext links in the web panel software for PHOENIX CONTACT WP 6xxx series industrial systems. A remote attacker with low privileges can gain limited read-access to the device-filesystem through a configuration dialog within the embedded Qt browser.

Recommendations For versions prior to 4.0.10, update to version 4.0.10 or later to resolve the issue. As a temporary workaround, consider restricting access to the configuration dialog within the embedded Qt browser until a patch is available.