PT-2023-5483 · Phoenix Contact · Phoenix Contact Cloud Client 1101T-Tx/Tx+2
A. Resanovic
+2
·
Published
2023-08-08
·
Updated
2023-08-14
·
CVE-2023-3526
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
PHOENIX CONTACT TC ROUTER versions prior to 2.07.2
PHOENIX CONTACT TC CLOUD CLIENT versions prior to 2.07.2
PHOENIX CONTACT CLOUD CLIENT 1101T-TX/TX versions prior to 2.06.10
Description
The issue allows an unauthenticated remote attacker to use a reflective XSS within the license viewer page of the devices to execute code in the context of the user's browser. This is due to the lack of protection measures for the web page structure.
Recommendations
For PHOENIX CONTACT TC ROUTER versions prior to 2.07.2, update to version 2.07.2 or later.
For PHOENIX CONTACT TC CLOUD CLIENT versions prior to 2.07.2, update to version 2.07.2 or later.
For PHOENIX CONTACT CLOUD CLIENT 1101T-TX/TX versions prior to 2.06.10, update to version 2.06.10 or later.
As a temporary workaround, consider restricting access to the license viewer page until a patch is available.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Phoenix Contact Cloud Client 1101T-Tx/Tx
Phoenix Contact Tc Cloud Client
Phoenix Contact Tc Router