cve/2023/CVE-2023-37858.md

### [CVE-2023-37858](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37858)
![](https://img.shields.io/static/v1?label=Product&message=WP%206070-WVPS&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=WP%206101-WXPS&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=WP%206121-WXPS&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=WP%206156-WHPS&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=WP%206185-WHPS&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=WP%206215-WHPS&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.0.10%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-311%20Missing%20Encryption%20of%20Sensitive%20Data&color=brighgreen)

### Description

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing to decrypt an encrypted web application login password.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2023-37858](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37858)`
			`![](https://img.shields.io/static/v1?label=Product&message=WP%206070-WVPS&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=WP%206101-WXPS&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=WP%206121-WXPS&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=WP%206156-WHPS&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=WP%206185-WHPS&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=WP%206215-WHPS&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.0.10%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-311%20Missing%20Encryption%20of%20Sensitive%20Data&color=brighgreen)`

			`### Description`

			`In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing to decrypt an encrypted web application login password.`

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/fkie-cad/nvd-json-data-feeds`