Severity

4.9

Vulnerability Type

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') (CWE-776)

Summary

In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an authenticated remote attacker with admin privileges could upload a crafted XML file which causes a denial-of-service.