CVE-2023-3526

Name of the Vulnerable Software and Affected Versions PHOENIX CONTACT TC ROUTER versions prior to 2.07.2 PHOENIX CONTACT TC CLOUD CLIENT versions prior to 2.07.2 PHOENIX CONTACT CLOUD CLIENT 1101T-TX/TX versions prior to 2.06.10

Description The issue allows an unauthenticated remote attacker to use a reflective XSS within the license viewer page of the devices to execute code in the context of the user's browser. This is due to the lack of protection measures for the web page structure.

Recommendations For PHOENIX CONTACT TC ROUTER versions prior to 2.07.2, update to version 2.07.2 or later. For PHOENIX CONTACT TC CLOUD CLIENT versions prior to 2.07.2, update to version 2.07.2 or later. For PHOENIX CONTACT CLOUD CLIENT 1101T-TX/TX versions prior to 2.06.10, update to version 2.06.10 or later. As a temporary workaround, consider restricting access to the license viewer page until a patch is available.