Vulnerability CVE-2023-3526
Published: 2023-08-08

Description:
In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an unauthenticated remote attacker could use a reflective XSS within the license viewer page of the devices in order to execute code in the context of the user's browser.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Phoenix Contact TC Cloud / TC Router 2.x XSS / Memory Consumption
T. Weber
15.08.2023

Type:

CWE-79

 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

 References:
https://cert.vde.com/en/advisories/VDE-2023-017
Copyright 2024, cxsecurity.com

 

Back to Top