PHOENIX CONTACT: Missing Authorization in WP 6xxx Web panels

Vulnerability

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10, the SNMPv2 daemon exposes the read-write community string to a remote unauthenticated attacker [1]. This occurs because the device does not properly protect the community string in network communications, allowing it to be retrieved without authentication or prior access.

Exploitation

An attacker with network access to the affected web panel can obtain the SNMPv2 read-write community string by sending unauthenticated requests to the SNMP daemon. No prior authentication or user interaction is required [1]. The attacker only needs to be able to reach the device over the network.

Impact

Successful exploitation allows the attacker to gain the read-write community string for SNMPv2, enabling them to read and modify SNMP-managed objects on the device. This can lead to disclosure of device configuration information and potentially further compromise of the device's integrity and availability [1].

Mitigation

The vulnerability is fixed in version 4.0.10 of the WP 6xxx series firmware. Users should update to this version or later as soon as possible to mitigate the risk [1]. No workaround is mentioned in the available references.