CVE-2023-3569

Name of the Vulnerable Software and Affected Versions PHOENIX CONTACT TC ROUTER versions prior to 2.07.2 PHOENIX CONTACT TC CLOUD CLIENT versions prior to 2.07.2 PHOENIX CONTACT CLOUD CLIENT 1101T-TX/TX versions prior to 2.06.10

Description The issue is related to the incorrect restriction of XML links to external objects in PHOENIX CONTACT's TC ROUTER and TC CLOUD CLIENT. An authenticated remote attacker with admin privileges could upload a crafted XML file, causing a denial-of-service.

Recommendations For PHOENIX CONTACT TC ROUTER versions prior to 2.07.2, update to version 2.07.2 or later. For PHOENIX CONTACT TC CLOUD CLIENT versions prior to 2.07.2, update to version 2.07.2 or later. For PHOENIX CONTACT CLOUD CLIENT 1101T-TX/TX versions prior to 2.06.10, update to version 2.06.10 or later.