Headline
CVE-2023-3569: VDE-2023-017 | CERT@VDE
In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an authenticated remote attacker with admin privileges could upload a crafted XML file which causes a denial-of-service.
2023-08-08 06:00 (CEST) VDE-2023-017
PHOENIX CONTACT: Multiple vulnerabilities in TC ROUTER, TC CLOUD CLIENT and CLOUD CLIENT devices
Share: Email | Twitter
**
Published
**
2023-08-08 06:00 (CEST)
**
Last update
**
2023-07-31 13:14 (CEST)
Vendor(s)
PHOENIX CONTACT GmbH & Co. KG
Product(s)
Article No°
Product Name
Affected Version(s)
1221706
CLOUD CLIENT 1101T-TX/TX
< 2.06.10
2702886
TC CLOUD CLIENT 1002-4G
< 2.07.2
2702888
TC CLOUD CLIENT 1002-4G ATT
< 2.07.2
2702887
TC CLOUD CLIENT 1002-4G VZW
< 2.07.2
2702528
TC ROUTER 3002T-4G
< 2.07.2
2702533
TC ROUTER 3002T-4G ATT
< 2.07.2
2702532
TC ROUTER 3002T-4G VZW
< 2.07.2
**
Vulnerabilities
**
Last Update
Aug. 8, 2023, 8:43 a.m.
Weakness
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) (CWE-79)
Summary
In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an unauthenticated remote attacker could use a reflective XSS within the license viewer page of the devices in order to execute code in the context of the user’s browser.
Last Update
Aug. 8, 2023, 8:43 a.m.
Weakness
Improper Restriction of Recursive Entity References in DTDs (‘XML Entity Expansion’) (CWE-776)
Summary
In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an authenticated remote attacker with admin privileges could upload a crafted XML file which causes a denial-of-service.
**
Impact
**
Multiple issues have been identified for the affected devices. Please consult the CVEs for details.
**
Solution
**
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note.
Measures to protect network-capable devices with Ethernet connection
Remediation
Phoenix Contact strongly recommends updating to the latest available firmware version, which fixes these vulnerabilities.
**
Reported by
**
These vulnerabilities were discovered by A. Resanovic and S. Stockinger at St. Pölten UAS and coordinated by T. Weber of CyberDanube Security Research.
CERT@VDE coordinated with PHOENIX CONTACT.
Related news
Phoenix Contact TC Router 3002T-4G* versions prior to 2.0.2, TC Cloud Client 1002-4G* versions prior to 2.07.2, and Cloud Client 1101T-TX/TX versions prior to 2.06.10 suffer from cross site scripting and memory consumption vulnerabilities.