PHOENIX CONTACT: Use of Hard-coded Credentials in WP 6xxx Web panels

Vulnerability

In PHOENIX CONTACT WP 6xxx series web panels versions prior to 4.0.10, hardcoded cryptographic keys are stored in the device. These keys can be read by an authenticated attacker with admin privileges, enabling decryption of the encrypted web application login password [1].

Exploitation

An attacker must have network access to the device and valid administrative credentials. Once authenticated, the attacker can extract the hardcoded keys and use them to decrypt the stored encrypted password for the web service [1].

Impact

Successful exploitation allows the attacker to recover the plaintext web application login password, compromising confidentiality. With the password, the attacker can impersonate the legitimate web service user, potentially gaining further unauthorized access to device functions [1].

Mitigation

Phoenix Contact has released version 4.0.10 which removes the hardcoded cryptographic keys. Users should update to version 4.0.10 or later as soon as possible [1]. No workaround is available.