PHOENIX CONTACT: Missing Authorization in WP 6xxx Web panels

Vulnerability

In PHOENIX CONTACT's WP 6xxx series web panels, versions prior to 4.0.10, an unauthenticated remote attacker can access upload functions of the HTTP API. This vulnerability exists due to missing authentication on those endpoints. The affected products include various WP 6xxx models [1].

Exploitation

The attacker does not require any authentication or prior access. By sending crafted HTTP requests to the upload functions, the attacker can trigger certificate errors for SSL connections. The exact steps involve accessing the upload API endpoints without credentials [1].

Impact

Successful exploitation may cause certificate errors for SSL connections, leading to a partial denial-of-service. The confidentiality and integrity of communications may be compromised due to degraded TLS security. The attacker does not gain code execution or data access directly from this vulnerability [1].

Mitigation

The vulnerability is fixed in version 4.0.10 of the WP 6xxx firmware. Users should update to this version or later. There are no reported workarounds; however, restricting network access to the web panel can reduce exposure [1].