VYPR
Low severity3.8NVD Advisory· Published Aug 9, 2023· Updated Jun 17, 2026

CVE-2023-37857

CVE-2023-37857

Description

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing the attacker to create valid session cookies. These session-cookies created by the attacker are not sufficient to obtain a valid session on the device.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

7
  • PHOENIX CONTACT/WP 6070-WVPSv5
    Range: 0
  • PHOENIX CONTACT/WP 6101-WXPSv5
    Range: 0
  • PHOENIX CONTACT/WP 6121-WXPSv5
    Range: 0
  • PHOENIX CONTACT/WP 6156-WHPSv5
    Range: 0
  • PHOENIX CONTACT/WP 6185-WHPSv5
    Range: 0
  • PHOENIX CONTACT/WP 6215-WHPSv5
    Range: 0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.