In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an unauthenticated remote attacker could use a reflective XSS within the license viewer page of the devices in order to execute code in the context o
In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an unauthenticated remote attacker could use a reflective XSS within the license viewer page of the devices in order to execute code in the context of the user's browser.
| Vendor | Product | Versions |
|---|---|---|
| PHOENIX CONTACT | CLOUD CLIENT 1101T | TX/TX — 0 |
| PHOENIX CONTACT | TC CLOUD CLIENT 1002 | 4G — 0 |
| PHOENIX CONTACT | TC CLOUD CLIENT 1002 | 4G ATT — 0 |
| PHOENIX CONTACT | TC CLOUD CLIENT 1002 | 4G VZW — 0 |
| PHOENIX CONTACT | TC ROUTER 3002T | 4G — 0 |
| PHOENIX CONTACT | TC ROUTER 3002T | 4G ATT — 0 |
| PHOENIX CONTACT | TC ROUTER 3002T | 4G VZW — 0 |
Not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog. EPSS is the best forward-looking signal — see the EPSS row above.
For the full vendor write-up, exploit chains, and reference implementations, see the references list in section 09.
Open the Sigma generator with a pre-filled prompt for this CVE to draft a starting detection in your stack of choice:
No directly-cited follow-up CVEs in the KB record for this advisory. The references list in section 09 carries the vendor cross-references.