VYPR
← All advisories
Unrated severityNVD Advisory· Published Aug 8, 2023· Updated Oct 15, 2024

PHOENIX CONTACT: Command Injection in WP 6xxx Web panels

CVE-2023-3573

Description

A command injection vulnerability in PHOENIX CONTACT WP 6xxx series web panels allows low-privileged remote attackers to execute arbitrary OS commands and gain full device access.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A command injection vulnerability in PHOENIX CONTACT WP 6xxx series web panels allows low-privileged remote attackers to execute arbitrary OS commands and gain full device access.

Vulnerability

A command injection vulnerability exists in the HTTP POST request handling font configuration operations in PHOENIX CONTACT WP 6xxx series web panels prior to version 4.0.10. A remote attacker with low privileges can inject arbitrary OS commands through the font configuration parameters, exploiting insufficient input validation [1].

Exploitation

An attacker needs a valid low-privileged session to the web interface. By sending a specially crafted HTTP POST request to the font configuration endpoint, the attacker can inject and execute arbitrary OS commands with administrative privileges [1].

Impact

Successful exploitation grants the attacker full control over the device, including the ability to execute arbitrary OS commands, read or modify files, and compromise confidentiality, integrity, and availability [1].

Mitigation

The vulnerability is fixed in firmware version 4.0.10. Users should update to the latest version. No workaround is available [1].

References
  1. Phoenix Contact: Multiple vulnerabilities in WP 6xxx Web panels

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

7
  • Phoenixcontact/WP 6xxx series web panelsllm-fuzzy
    Range: <4.0.10
  • PHOENIX CONTACT/WP 6070-WVPSv5
    Range: 0
  • PHOENIX CONTACT/WP 6101-WXPSv5
    Range: 0
  • PHOENIX CONTACT/WP 6121-WXPSv5
    Range: 0
  • PHOENIX CONTACT/WP 6156-WHPSv5
    Range: 0
  • PHOENIX CONTACT/WP 6185-WHPSv5
    Range: 0
  • PHOENIX CONTACT/WP 6215-WHPSv5
    Range: 0

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.