PHOENIX CONTACT: OS Command Injection in WP 6xxx Web panels

Vulnerability

In PHOENIX CONTACT's WP 6xxx series web panels in versions prior to 4.0.10, a vulnerability exists in the SNMP service that allows a remote attacker with SNMPv2 write privileges to send a specially crafted SNMP request to gain full administrative access to the device [1].

Exploitation

An attacker must have SNMPv2 write privileges to the affected device. By sending a specially crafted SNMP request, the attacker can trigger the vulnerability without requiring any additional authentication or user interaction [1].

Impact

Successful exploitation grants the attacker full administrative access to the device, including the ability to execute arbitrary OS commands, read arbitrary files, craft valid session cookies, decrypt the web service password, retrieve SNMP communities, and craft malicious firmware update packets [1].

Mitigation

Phoenix Contact has released firmware version 4.0.10 for the WP 6xxx series web panels to address this vulnerability. Users should update to this version or later as soon as possible [1].