Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2023-3569
PUBLISHED
More InfoOfficial Page
Assigner-CERTVDE
Assigner Org ID-270ccfa6-a436-4e77-922e-914ec3a9685c
View Known Exploited Vulnerability (KEV) details
Published At-08 Aug, 2023 | 06:56
Updated At-27 Feb, 2025 | 21:10
Rejected At-
▼CVE Numbering Authority (CNA)
PHOENIX CONTACT: Denial-of-Service due to malicious XML files in TC ROUTER, TC CLOUD CLIENT and CLOUD CLIENT

In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an authenticated remote attacker with admin privileges could upload a crafted XML file which causes a denial-of-service.

Affected Products
Vendor
Phoenix Contact GmbH & Co. KGPHOENIX CONTACT
Product
CLOUD CLIENT 1101T-TX/TX
Default Status
unaffected
Versions
Affected
  • From 0 before 2.06.10 (semver)
Vendor
Phoenix Contact GmbH & Co. KGPHOENIX CONTACT
Product
TC CLOUD CLIENT 1002-4G
Default Status
unaffected
Versions
Affected
  • From 0 before 2.07.2 (semver)
Vendor
Phoenix Contact GmbH & Co. KGPHOENIX CONTACT
Product
TC CLOUD CLIENT 1002-4G ATT
Default Status
unaffected
Versions
Affected
  • From 0 before 2.07.2 (semver)
Vendor
Phoenix Contact GmbH & Co. KGPHOENIX CONTACT
Product
TC CLOUD CLIENT 1002-4G VZW
Default Status
unaffected
Versions
Affected
  • From 0 before 2.07.2 (semver)
Vendor
Phoenix Contact GmbH & Co. KGPHOENIX CONTACT
Product
TC ROUTER 3002T-4G
Default Status
unaffected
Versions
Affected
  • From 0 before 2.07.2 (semver)
Vendor
Phoenix Contact GmbH & Co. KGPHOENIX CONTACT
Product
TC ROUTER 3002T-4G ATT
Default Status
unaffected
Versions
Affected
  • From 0 before 2.07.2 (semver)
Vendor
Phoenix Contact GmbH & Co. KGPHOENIX CONTACT
Product
TC ROUTER 3002T-4G VZW
Default Status
unaffected
Versions
Affected
  • From 0 before 2.07.2 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-776CWE-776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
Type: CWE
CWE ID: CWE-776
Description: CWE-776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
Metrics
VersionBase scoreBase severityVector
3.14.9MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 4.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://cert.vde.com/en/advisories/VDE-2023-017
N/A
http://seclists.org/fulldisclosure/2023/Aug/12
N/A
http://packetstormsecurity.com/files/174152/Phoenix-Contact-TC-Cloud-TC-Router-2.x-XSS-Memory-Consumption.html
N/A
Hyperlink: https://cert.vde.com/en/advisories/VDE-2023-017
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2023/Aug/12
Resource: N/A
Hyperlink: http://packetstormsecurity.com/files/174152/Phoenix-Contact-TC-Cloud-TC-Router-2.x-XSS-Memory-Consumption.html
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://cert.vde.com/en/advisories/VDE-2023-017
x_transferred
http://seclists.org/fulldisclosure/2023/Aug/12
x_transferred
http://packetstormsecurity.com/files/174152/Phoenix-Contact-TC-Cloud-TC-Router-2.x-XSS-Memory-Consumption.html
x_transferred
Hyperlink: https://cert.vde.com/en/advisories/VDE-2023-017
Resource:
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2023/Aug/12
Resource:
x_transferred
Hyperlink: http://packetstormsecurity.com/files/174152/Phoenix-Contact-TC-Cloud-TC-Router-2.x-XSS-Memory-Consumption.html
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found