CVE-2023-3571

Name of the Vulnerable Software and Affected Versions PHOENIX CONTACTs WP 6xxx series web panels versions prior to 4.0.10

Description The issue exists due to the lack of measures to neutralize special elements used in the operating system command. A remote attacker with low privileges may use a specific HTTP POST related to certificate operations to gain full access to the device.

Recommendations For versions prior to 4.0.10, update to version 4.0.10 or later to resolve the issue. As a temporary workaround, consider restricting access to the certificate operations HTTP POST request to minimize the risk of exploitation.