Back to overview

PHOENIX CONTACT: Advisory for TC ROUTER and CLOUD CLIENT

VDE-2022-053
Last update
05/14/2025 15:00
Published at
03/07/2023 08:00
Vendor(s)
Phoenix Contact GmbH & Co. KG
External ID
VDE-2022-053
CSAF Document
Download

Summary

Two Vulnerabilities have been discovered in TC ROUTER 4000 series and CLOUD CLIENT 2000 series up to firmware version 4.5.7x.107.
The web administration interface is vulnerable for authenticated admin users to path traversals, which could lead to arbitrary file uploads or deletion. Unvalidated user input also enables execution of OS commands.

Impact

The web interface is available only after authentication. An authorized admin user could use these vulnerabilities to execute arbitrary commands, upload arbitrary files or delete files from the device. This may lead to the device no longer functioning properly.

Affected Product(s)

Model no. Product name Affected versions
1234355 CLOUD CLIENT 2002T-4G EU <4.5.73.107 CLOUD CLIENT 2002T-4G EU <4.5.73.107
1234360 CLOUD CLIENT 2002T-WLAN <4.5.73.107 CLOUD CLIENT 2002T-WLAN <4.5.73.107
1234357 CLOUD CLIENT 2102T-4G EU WLAN <4.5.73.107 CLOUD CLIENT 2102T-4G EU WLAN <4.5.73.107
1234352 TC ROUTER 4002T-4G EU <4.5.72.107 TC ROUTER 4002T-4G EU <4.5.72.107
1234353 TC ROUTER 4102T-4G EU WLAN <4.5.72.107 TC ROUTER 4102T-4G EU WLAN <4.5.72.107
1234354 TC ROUTER 4202T-4G EU WLAN <4.5.72.107 TC ROUTER 4202T-4G EU WLAN <4.5.72.107

Vulnerabilities

Expand / Collapse all

Published
09/22/2025 14:57
Severity
8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
Summary

The NetModule NSRW web administration interface is vulnerable to path traversals, which could lead to arbitrary file uploads and deletion. By uploading malicious files to the web root directory, authenticated users could gain remote command execution with elevated privileges.

This issue affects NSRW: from 4.3.0.0 before 4.3.0.119, from 4.4.0.0 before 4.4.0.118, from 4.6.0.0 before 4.6.0.105, from 4.7.0.0 before 4.7.0.103.

References
cve.org | nvd.nist.gov

Published
09/22/2025 14:57
Severity
8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)
Summary

NetModule NSRW web administration interface executes an OS command constructed with unsanitized user input. A successful exploit could allow an authenticated user to execute arbitrary commands with elevated privileges.
This issue affects NSRW: from 4.3.0.0 before 4.3.0.119, from 4.4.0.0 before 4.4.0.118, from 4.6.0.0 before 4.6.0.105, from 4.7.0.0 before 4.7.0.103.

References
cve.org | nvd.nist.gov

Mitigation

Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note: Measures to protect network-capable devices with Ethernet connection

Remediation

The vulnerability is fixed in firmware version 4.6.7x.101. We strongly recommend all affected users to upgrade to this or a later version.

Revision History

Version Date Summary
1 03/07/2023 08:00 Initial revision.
2 05/14/2025 15:00 Fix: added distribution