Low severity3.8NVD Advisory· Published Aug 9, 2023· Updated Jun 17, 2026
CVE-2023-37857
CVE-2023-37857
Description
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing the attacker to create valid session cookies. These session-cookies created by the attacker are not sufficient to obtain a valid session on the device.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7- Range: <4.0.10
- PHOENIX CONTACT/WP 6070-WVPSv5Range: 0
- PHOENIX CONTACT/WP 6101-WXPSv5Range: 0
- PHOENIX CONTACT/WP 6121-WXPSv5Range: 0
- PHOENIX CONTACT/WP 6156-WHPSv5Range: 0
- PHOENIX CONTACT/WP 6185-WHPSv5Range: 0
- PHOENIX CONTACT/WP 6215-WHPSv5Range: 0
Patches
Vulnerability mechanics
References
1- cert.vde.com/en/advisories/VDE-2023-018/nvdThird Party Advisory
News mentions
0No linked articles in our index yet.