Vulnerability Details : CVE-2023-3569
In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an authenticated remote attacker with admin privileges could upload a crafted XML file which causes a denial-of-service.
Vulnerability category: Denial of service
Products affected by CVE-2023-3569
- cpe:2.3:o:phoenixcontact:tc_router_3002t-4g_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:phoenixcontact:tc_router_3002t-4g_vzw_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:phoenixcontact:tc_router_3002t-4g_att_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:phoenixcontact:tc_cloud_client_1002-4g_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:phoenixcontact:cloud_client_1101t-tx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:phoenixcontact:tc_cloud_client_1002-4g_att_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:phoenixcontact:tc_cloud_client_1002-4g_vzw_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-3569
0.22%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 61 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-3569
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.9
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
1.2
|
3.6
|
CERT VDE |
CWE ids for CVE-2023-3569
-
The product uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities.Assigned by:
- info@cert.vde.com (Primary)
- nvd@nist.gov (Secondary)
References for CVE-2023-3569
-
http://packetstormsecurity.com/files/174152/Phoenix-Contact-TC-Cloud-TC-Router-2.x-XSS-Memory-Consumption.html
Phoenix Contact TC Cloud / TC Router 2.x XSS / Memory Consumption ≈ Packet Storm
-
https://cert.vde.com/en/advisories/VDE-2023-017
VDE-2023-017 | CERT@VDEThird Party Advisory
-
http://seclists.org/fulldisclosure/2023/Aug/12
Full Disclosure: St. Poelten UAS | Multiple Vulnerabilities in Phoenix Contact TC Cloud Client / TC Router / Cloud Client
Jump to