CVE-2023-37855

Name of the Vulnerable Software and Affected Versions PHOENIX CONTACT WP 6xxx series web panels versions prior to 4.0.10

Description A remote attacker with low privileges can gain limited read-access to the device-filesystem within the embedded Qt browser. The issue is related to errors in processing hypertext links. This can allow an attacker to obtain unauthorized access to protected information.

Recommendations For versions prior to 4.0.10, update to version 4.0.10 or later to resolve the issue. As a temporary workaround, consider restricting access to the embedded Qt browser until a patch is available.