CVE-2023-3570

Name of the Vulnerable Software and Affected Versions PHOENIX CONTACT WP 6xxx series web panels versions prior to 4.0.10

Description A remote attacker with low privileges may use a specific HTTP DELETE request to gain full access to the device. The issue exists due to the lack of measures to neutralize special elements in the web panel's software.

Recommendations For versions prior to 4.0.10, update to version 4.0.10 or later to resolve the issue. As a temporary workaround, consider restricting access to the HTTP DELETE request until a patch is available.