PHOENIX CONTACT: Unauthorized read-access of root filesystem in WP 6xxx Web panels

Vulnerability

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10, a vulnerability allows a remote attacker with low privileges to gain limited read-access to the device filesystem through the embedded Qt browser. The attacker can read files that are accessible to the 'browser' user [1].

Exploitation

An attacker with low-privileged access (e.g., a standard user account) on the device can exploit this issue by leveraging the embedded Qt browser's ability to access the filesystem. No user interaction beyond the attacker's own actions is required, and the attack can be carried out remotely over the network [1].

Impact

Successful exploitation grants the attacker the ability to read arbitrary files from the device filesystem, limited only by the permissions of the 'browser' user. This can lead to the disclosure of sensitive information, such as configuration files, credentials, or other data stored on the device [1].

Mitigation

The vulnerability is fixed in firmware version 4.0.10 of the WP 6xxx series. Users should upgrade to this version or later. No workarounds are available. The advisory from VDE provides further details [1].