CVE-2023-3526

In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an unauthenticated remote attacker could use a reflective XSS within the license viewer page of the devices in order to execute code in the context of the user's browser.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.6 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CERTVDECNA
9.6 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 68%
VendorProductVersion
phoenixcontactcloud_client_1101t-tx_firmware
𝑥
< 2.06.10
phoenixcontacttc_cloud_client_1002-4g_att_firmware
𝑥
< 2.07.2
phoenixcontacttc_cloud_client_1002-4g_firmware
𝑥
< 2.07.2
phoenixcontacttc_cloud_client_1002-4g_vzw_firmware
𝑥
< 2.07.2
phoenixcontacttc_router_3002t-4g_att_firmware
𝑥
< 2.07.2
phoenixcontacttc_router_3002t-4g_firmware
𝑥
< 2.07.2
phoenixcontacttc_router_3002t-4g_vzw_firmware
𝑥
< 2.07.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/174152/Phoenix-Contact-TC-Cloud-TC-Router-2.x-XSS-Memory-Consumption.html
http://seclists.org/fulldisclosure/2023/Aug/12
https://cert.vde.com/en/advisories/VDE-2023-017
http://packetstormsecurity.com/files/174152/Phoenix-Contact-TC-Cloud-TC-Router-2.x-XSS-Memory-Consumption.html
http://seclists.org/fulldisclosure/2023/Aug/12
https://cert.vde.com/en/advisories/VDE-2023-017