CVE-2023-37857 (wp_6070-wvps_firmware, wp_6101-wxps_firmware, wp_6121-wxps_firmware, wp_6156-whps_firmware, wp_6185-whps_firmware, wp_6215-whps_firmware)

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing the attacker to create valid session cookies. This issue cannot be exploited to bypass the web service authentication of the affected device(s).

admin authentication bypass contacts cookies cve device exploited hardcoded issue keys panels phoenix privileges series service session the web valid web