Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for TC ROUTER 3002T-4G ATT by PHOENIX CONTACT

    CVE-2025-41717 (GCVE-0-2025-41717)

    Vulnerability from nvd – Published: 2026-01-13 07:48 – Updated: 2026-02-05 06:19
    VLAI
    Title
    Config-Upload Code Injection
    Summary
    An unauthenticated remote attacker can trick a high privileged user into uploading a malicious payload via the config-upload endpoint, leading to code injection as root. This results in a total loss of confidentiality, availability and integrity due to improper control of code generation ('Code Injection’).
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Credits
    D. Blagojevic, S. Dietz, F. Koroknai, T. Weber from CyberDanube
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41717",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-13T14:22:52.131453Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-13T14:22:59.709Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2026-02-05T06:19:46.032Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2026/Feb/3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TC ROUTER 3002T-3G",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "3.08.8",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TC ROUTER 2002T-3G",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "3.08.8",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TC ROUTER 3002T-4G",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "3.08.8",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TC ROUTER 3002T-4G GL",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "3.08.8",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TC ROUTER 5004T-5G EU",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "1.06.23",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TC ROUTER 3002T-4G VZW",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "3.08.8",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TC ROUTER 3002T-4G ATT",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "3.08.8",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TC ROUTER 2002T-4G",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "3.08.8",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CLOUD CLIENT 1101T-TX/TX",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "3.07.7",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TC CLOUD CLIENT 1002-4G ATT",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "3.08.8",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TC CLOUD CLIENT 1002-TX/TX",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "3.07.7",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "D. Blagojevic, S. Dietz, F. Koroknai, T. Weber from CyberDanube"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated remote attacker can trick a high privileged user into uploading a malicious payload via the config-upload endpoint, leading to code injection as root. This results in a total loss of confidentiality, availability and integrity due to improper control of code generation (\u0027Code Injection\u2019).\u003cbr\u003e"
                }
              ],
              "value": "An unauthenticated remote attacker can trick a high privileged user into uploading a malicious payload via the config-upload endpoint, leading to code injection as root. This results in a total loss of confidentiality, availability and integrity due to improper control of code generation (\u0027Code Injection\u2019)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-13T07:48:19.811Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/de/advisories/VDE-2025-073"
            }
          ],
          "source": {
            "advisory": "VDE-2025-073",
            "defect": [
              "CERT@VDE#641836"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Config-Upload Code Injection",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-41717",
        "datePublished": "2026-01-13T07:48:19.811Z",
        "dateReserved": "2025-04-16T11:17:48.313Z",
        "dateUpdated": "2026-02-05T06:19:46.032Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-3569 (GCVE-0-2023-3569)

    Vulnerability from nvd – Published: 2023-08-08 06:56 – Updated: 2025-02-27 21:10
    VLAI
    Title
    PHOENIX CONTACT: Denial-of-Service due to malicious XML files in TC ROUTER, TC CLOUD CLIENT and CLOUD CLIENT
    Summary
    In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an authenticated remote attacker with admin privileges could upload a crafted XML file which causes a denial-of-service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-776 - Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
    Assigner
    Date Public
    2023-08-08 06:45
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:01:56.701Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2023-017"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2023/Aug/12"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/174152/Phoenix-Contact-TC-Cloud-TC-Router-2.x-XSS-Memory-Consumption.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3569",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-26T21:51:00.842526Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-27T21:10:39.956Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CLOUD CLIENT 1101T-TX/TX",
              "vendor": "PHOENIX CONTACT",
              "versions": [
                {
                  "lessThan": "2.06.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TC CLOUD CLIENT 1002-4G",
              "vendor": "PHOENIX CONTACT",
              "versions": [
                {
                  "lessThan": "2.07.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TC CLOUD CLIENT 1002-4G ATT",
              "vendor": "PHOENIX CONTACT",
              "versions": [
                {
                  "lessThan": "2.07.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TC CLOUD CLIENT 1002-4G VZW",
              "vendor": "PHOENIX CONTACT",
              "versions": [
                {
                  "lessThan": "2.07.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TC ROUTER 3002T-4G",
              "vendor": "PHOENIX CONTACT",
              "versions": [
                {
                  "lessThan": "2.07.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TC ROUTER 3002T-4G ATT",
              "vendor": "PHOENIX CONTACT",
              "versions": [
                {
                  "lessThan": "2.07.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TC ROUTER 3002T-4G VZW",
              "vendor": "PHOENIX CONTACT",
              "versions": [
                {
                  "lessThan": "2.07.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2023-08-08T06:45:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2  as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an authenticated remote attacker with admin privileges could upload a crafted XML file which causes a denial-of-service."
                }
              ],
              "value": "In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2  as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an authenticated remote attacker with admin privileges could upload a crafted XML file which causes a denial-of-service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-776",
                  "description": "CWE-776 Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-14T18:06:28.369Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2023-017"
            },
            {
              "url": "http://seclists.org/fulldisclosure/2023/Aug/12"
            },
            {
              "url": "http://packetstormsecurity.com/files/174152/Phoenix-Contact-TC-Cloud-TC-Router-2.x-XSS-Memory-Consumption.html"
            }
          ],
          "source": {
            "advisory": "VDE-2023-017",
            "defect": [
              "CERT@VDE#64498"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "PHOENIX CONTACT: Denial-of-Service due to malicious XML files in TC ROUTER, TC CLOUD CLIENT and CLOUD CLIENT",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2023-3569",
        "datePublished": "2023-08-08T06:56:40.395Z",
        "dateReserved": "2023-07-10T07:42:55.485Z",
        "dateUpdated": "2025-02-27T21:10:39.956Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3526 (GCVE-0-2023-3526)

    Vulnerability from nvd – Published: 2023-08-08 06:56 – Updated: 2025-02-27 21:10
    VLAI
    Title
    PHOENIX CONTACT: Cross-site Scripting vulnerability in TC ROUTER, TC CLOUD CLIENT and CLOUD CLIENT devices
    Summary
    In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an unauthenticated remote attacker could use a reflective XSS within the license viewer page of the devices in order to execute code in the context of the user's browser.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Date Public
    2023-08-08 06:45
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:55:03.356Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2023-017"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2023/Aug/12"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/174152/Phoenix-Contact-TC-Cloud-TC-Router-2.x-XSS-Memory-Consumption.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3526",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-26T21:54:22.893389Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-27T21:10:47.251Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CLOUD CLIENT 1101T-TX/TX",
              "vendor": "PHOENIX CONTACT",
              "versions": [
                {
                  "lessThan": "2.06.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TC CLOUD CLIENT 1002-4G",
              "vendor": "PHOENIX CONTACT",
              "versions": [
                {
                  "lessThan": "2.07.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TC CLOUD CLIENT 1002-4G ATT",
              "vendor": "PHOENIX CONTACT",
              "versions": [
                {
                  "lessThan": "2.07.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TC CLOUD CLIENT 1002-4G VZW",
              "vendor": "PHOENIX CONTACT",
              "versions": [
                {
                  "lessThan": "2.07.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TC ROUTER 3002T-4G",
              "vendor": "PHOENIX CONTACT",
              "versions": [
                {
                  "lessThan": "2.07.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TC ROUTER 3002T-4G ATT",
              "vendor": "PHOENIX CONTACT",
              "versions": [
                {
                  "lessThan": "2.07.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TC ROUTER 3002T-4G VZW",
              "vendor": "PHOENIX CONTACT",
              "versions": [
                {
                  "lessThan": "2.07.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2023-08-08T06:45:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an unauthenticated remote attacker could use a reflective XSS within the license viewer page of the devices in order to execute code in the context of the user\u0027s browser."
                }
              ],
              "value": "In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an unauthenticated remote attacker could use a reflective XSS within the license viewer page of the devices in order to execute code in the context of the user\u0027s browser."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.6,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-14T18:06:29.846Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2023-017"
            },
            {
              "url": "http://seclists.org/fulldisclosure/2023/Aug/12"
            },
            {
              "url": "http://packetstormsecurity.com/files/174152/Phoenix-Contact-TC-Cloud-TC-Router-2.x-XSS-Memory-Consumption.html"
            }
          ],
          "source": {
            "defect": [
              "CERT@VDE#64498"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "PHOENIX CONTACT: Cross-site Scripting vulnerability in TC ROUTER, TC CLOUD CLIENT and CLOUD CLIENT devices",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2023-3526",
        "datePublished": "2023-08-08T06:56:05.827Z",
        "dateReserved": "2023-07-06T15:05:52.953Z",
        "dateUpdated": "2025-02-27T21:10:47.251Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-41717 (GCVE-0-2025-41717)

    Vulnerability from cvelistv5 – Published: 2026-01-13 07:48 – Updated: 2026-02-05 06:19
    VLAI
    Title
    Config-Upload Code Injection
    Summary
    An unauthenticated remote attacker can trick a high privileged user into uploading a malicious payload via the config-upload endpoint, leading to code injection as root. This results in a total loss of confidentiality, availability and integrity due to improper control of code generation ('Code Injection’).
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Credits
    D. Blagojevic, S. Dietz, F. Koroknai, T. Weber from CyberDanube
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41717",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-13T14:22:52.131453Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-13T14:22:59.709Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2026-02-05T06:19:46.032Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2026/Feb/3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TC ROUTER 3002T-3G",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "3.08.8",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TC ROUTER 2002T-3G",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "3.08.8",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TC ROUTER 3002T-4G",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "3.08.8",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TC ROUTER 3002T-4G GL",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "3.08.8",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TC ROUTER 5004T-5G EU",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "1.06.23",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TC ROUTER 3002T-4G VZW",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "3.08.8",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TC ROUTER 3002T-4G ATT",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "3.08.8",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TC ROUTER 2002T-4G",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "3.08.8",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "CLOUD CLIENT 1101T-TX/TX",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "3.07.7",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TC CLOUD CLIENT 1002-4G ATT",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "3.08.8",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TC CLOUD CLIENT 1002-TX/TX",
              "vendor": "Phoenix Contact",
              "versions": [
                {
                  "lessThan": "3.07.7",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "D. Blagojevic, S. Dietz, F. Koroknai, T. Weber from CyberDanube"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated remote attacker can trick a high privileged user into uploading a malicious payload via the config-upload endpoint, leading to code injection as root. This results in a total loss of confidentiality, availability and integrity due to improper control of code generation (\u0027Code Injection\u2019).\u003cbr\u003e"
                }
              ],
              "value": "An unauthenticated remote attacker can trick a high privileged user into uploading a malicious payload via the config-upload endpoint, leading to code injection as root. This results in a total loss of confidentiality, availability and integrity due to improper control of code generation (\u0027Code Injection\u2019)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-13T07:48:19.811Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/de/advisories/VDE-2025-073"
            }
          ],
          "source": {
            "advisory": "VDE-2025-073",
            "defect": [
              "CERT@VDE#641836"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Config-Upload Code Injection",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-41717",
        "datePublished": "2026-01-13T07:48:19.811Z",
        "dateReserved": "2025-04-16T11:17:48.313Z",
        "dateUpdated": "2026-02-05T06:19:46.032Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-3569 (GCVE-0-2023-3569)

    Vulnerability from cvelistv5 – Published: 2023-08-08 06:56 – Updated: 2025-02-27 21:10
    VLAI
    Title
    PHOENIX CONTACT: Denial-of-Service due to malicious XML files in TC ROUTER, TC CLOUD CLIENT and CLOUD CLIENT
    Summary
    In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an authenticated remote attacker with admin privileges could upload a crafted XML file which causes a denial-of-service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-776 - Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
    Assigner
    Date Public
    2023-08-08 06:45
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:01:56.701Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2023-017"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2023/Aug/12"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/174152/Phoenix-Contact-TC-Cloud-TC-Router-2.x-XSS-Memory-Consumption.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3569",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-26T21:51:00.842526Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-27T21:10:39.956Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CLOUD CLIENT 1101T-TX/TX",
              "vendor": "PHOENIX CONTACT",
              "versions": [
                {
                  "lessThan": "2.06.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TC CLOUD CLIENT 1002-4G",
              "vendor": "PHOENIX CONTACT",
              "versions": [
                {
                  "lessThan": "2.07.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TC CLOUD CLIENT 1002-4G ATT",
              "vendor": "PHOENIX CONTACT",
              "versions": [
                {
                  "lessThan": "2.07.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TC CLOUD CLIENT 1002-4G VZW",
              "vendor": "PHOENIX CONTACT",
              "versions": [
                {
                  "lessThan": "2.07.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TC ROUTER 3002T-4G",
              "vendor": "PHOENIX CONTACT",
              "versions": [
                {
                  "lessThan": "2.07.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TC ROUTER 3002T-4G ATT",
              "vendor": "PHOENIX CONTACT",
              "versions": [
                {
                  "lessThan": "2.07.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TC ROUTER 3002T-4G VZW",
              "vendor": "PHOENIX CONTACT",
              "versions": [
                {
                  "lessThan": "2.07.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2023-08-08T06:45:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2  as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an authenticated remote attacker with admin privileges could upload a crafted XML file which causes a denial-of-service."
                }
              ],
              "value": "In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2  as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an authenticated remote attacker with admin privileges could upload a crafted XML file which causes a denial-of-service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-776",
                  "description": "CWE-776 Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-14T18:06:28.369Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2023-017"
            },
            {
              "url": "http://seclists.org/fulldisclosure/2023/Aug/12"
            },
            {
              "url": "http://packetstormsecurity.com/files/174152/Phoenix-Contact-TC-Cloud-TC-Router-2.x-XSS-Memory-Consumption.html"
            }
          ],
          "source": {
            "advisory": "VDE-2023-017",
            "defect": [
              "CERT@VDE#64498"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "PHOENIX CONTACT: Denial-of-Service due to malicious XML files in TC ROUTER, TC CLOUD CLIENT and CLOUD CLIENT",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2023-3569",
        "datePublished": "2023-08-08T06:56:40.395Z",
        "dateReserved": "2023-07-10T07:42:55.485Z",
        "dateUpdated": "2025-02-27T21:10:39.956Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3526 (GCVE-0-2023-3526)

    Vulnerability from cvelistv5 – Published: 2023-08-08 06:56 – Updated: 2025-02-27 21:10
    VLAI
    Title
    PHOENIX CONTACT: Cross-site Scripting vulnerability in TC ROUTER, TC CLOUD CLIENT and CLOUD CLIENT devices
    Summary
    In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an unauthenticated remote attacker could use a reflective XSS within the license viewer page of the devices in order to execute code in the context of the user's browser.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Date Public
    2023-08-08 06:45
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:55:03.356Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2023-017"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2023/Aug/12"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/174152/Phoenix-Contact-TC-Cloud-TC-Router-2.x-XSS-Memory-Consumption.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3526",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-26T21:54:22.893389Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-27T21:10:47.251Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "CLOUD CLIENT 1101T-TX/TX",
              "vendor": "PHOENIX CONTACT",
              "versions": [
                {
                  "lessThan": "2.06.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TC CLOUD CLIENT 1002-4G",
              "vendor": "PHOENIX CONTACT",
              "versions": [
                {
                  "lessThan": "2.07.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TC CLOUD CLIENT 1002-4G ATT",
              "vendor": "PHOENIX CONTACT",
              "versions": [
                {
                  "lessThan": "2.07.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TC CLOUD CLIENT 1002-4G VZW",
              "vendor": "PHOENIX CONTACT",
              "versions": [
                {
                  "lessThan": "2.07.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TC ROUTER 3002T-4G",
              "vendor": "PHOENIX CONTACT",
              "versions": [
                {
                  "lessThan": "2.07.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TC ROUTER 3002T-4G ATT",
              "vendor": "PHOENIX CONTACT",
              "versions": [
                {
                  "lessThan": "2.07.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TC ROUTER 3002T-4G VZW",
              "vendor": "PHOENIX CONTACT",
              "versions": [
                {
                  "lessThan": "2.07.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2023-08-08T06:45:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an unauthenticated remote attacker could use a reflective XSS within the license viewer page of the devices in order to execute code in the context of the user\u0027s browser."
                }
              ],
              "value": "In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an unauthenticated remote attacker could use a reflective XSS within the license viewer page of the devices in order to execute code in the context of the user\u0027s browser."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.6,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-14T18:06:29.846Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2023-017"
            },
            {
              "url": "http://seclists.org/fulldisclosure/2023/Aug/12"
            },
            {
              "url": "http://packetstormsecurity.com/files/174152/Phoenix-Contact-TC-Cloud-TC-Router-2.x-XSS-Memory-Consumption.html"
            }
          ],
          "source": {
            "defect": [
              "CERT@VDE#64498"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "PHOENIX CONTACT: Cross-site Scripting vulnerability in TC ROUTER, TC CLOUD CLIENT and CLOUD CLIENT devices",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2023-3526",
        "datePublished": "2023-08-08T06:56:05.827Z",
        "dateReserved": "2023-07-06T15:05:52.953Z",
        "dateUpdated": "2025-02-27T21:10:47.251Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }