In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an authenticated remote attacker with admin privileges could upload a crafted XML file which causes a denial-of-service.
Weakness
The product uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Cloud_client_1101t-tx_firmware | Phoenixcontact | * | 2.06.10 (excluding) |
Potential Mitigations
Related Attack Patterns
References
- http://packetstormsecurity.com/files/174152/Phoenix-Contact-TC-Cloud-TC-Router-2.x-XSS-Memory-Consumption.html
- http://seclists.org/fulldisclosure/2023/Aug/12
- https://cert.vde.com/en/advisories/VDE-2023-017
- http://packetstormsecurity.com/files/174152/Phoenix-Contact-TC-Cloud-TC-Router-2.x-XSS-Memory-Consumption.html
- http://seclists.org/fulldisclosure/2023/Aug/12
- https://cert.vde.com/en/advisories/VDE-2023-017