CVE-2023-37859

Name of the Vulnerable Software and Affected Versions PHOENIX CONTACT WP 6xxx series web panels versions prior to 4.0.10

Description The issue is related to the SNMP daemon running with root privileges, allowing a remote attacker with knowledge of the SNMPv2 read/write community string to execute system commands as root. This is due to insecure privilege management in the web panels' firmware.

Recommendations For versions prior to 4.0.10, update to version 4.0.10 or later to resolve the issue. As a temporary workaround, consider restricting access to the SNMP daemon or changing the SNMPv2 read/write community string to minimize the risk of exploitation.