CVE-2023-37864

Name of the Vulnerable Software and Affected Versions PHOENIX CONTACT WP 6xxx series web panels versions prior to 4.0.10

Description The issue is related to a software vulnerability in the web panels for management and monitoring of processes in industrial systems. It is associated with shortcomings in the authorization procedure. An attacker with SNMPv2 write privileges may use a special SNMP request to gain full access to the device. This could allow a remote attacker to obtain unauthorized access to the device.

Recommendations For versions prior to 4.0.10, update to version 4.0.10 or later to resolve the issue. As a temporary workaround, consider restricting SNMPv2 write privileges to minimize the risk of exploitation.