Lucene search

IcscertCVE-2017-16723

HistoryDec 11, 2017 - 4:29 p.m.

CVE-2017-16723

2017-12-1116:29:00

CWE-79

icscert

web.nvd.nist.gov

cve-2017-16723

cross-site scripting

phoenix contact

fl comserver

remote code execution

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.3

Confidence

High

EPSS

0.011

Percentile

84.9%

JSON

A Cross-site Scripting issue was discovered in PHOENIX CONTACT FL COMSERVER BASIC 232/422/485, FL COMSERVER UNI 232/422/485, FL COMSERVER BAS 232/422/485-T, FL COMSERVER UNI 232/422/485-T, FL COM SERVER RS232, FL COM SERVER RS485, and PSI-MODEM/ETH (running firmware versions prior to 1.99, 2.20, or 2.40). The cross-site scripting vulnerability has been identified, which may allow remote code execution.

Affected configurations

Nvd

Node

phoenixcontactfl_comserver_basic_232_firmwareMatch2.40

AND

phoenixcontactfl_comserver_basic_232Match-

Node

phoenixcontactfl_comserver_uni_422_firmwareMatch2.40

AND

phoenixcontactfl_comserver_uni_422Match-

Node

phoenixcontactfl_comserver_bas_485-t_firmwareMatch2.40

AND

phoenixcontactfl_comserver_bas_485-tMatch-

Node

phoenixcontactfl_com_server_rs232_firmwareMatch1.99

AND

phoenixcontactfl_com_server_rs232Match-

Node

phoenixcontactfl_com_server_rs485_firmwareMatch1.99

AND

phoenixcontactfl_com_server_rs485Match-

Node

phoenixcontactpsi-modem\/eth_firmwareMatch2.20

AND

phoenixcontactpsi-modem\/ethMatch-

Node

phoenixcontactfl_comserver_basic_422_firmwareMatch2.40

AND

phoenixcontactfl_comserver_basic_422Match-

Node

phoenixcontactfl_comserver_basic_485_firmwareMatch2.40

AND

phoenixcontactfl_comserver_basic_485Match-

Node

phoenixcontactfl_comserver_uni_485-t_firmwareMatch2.40

AND

phoenixcontactfl_comserver_uni_485-tMatch-

Node

phoenixcontactfl_comserver_uni_485_firmwareMatch2.40

AND

phoenixcontactfl_comserver_uni_485Match-

Node

phoenixcontactfl_comserver_uni_232_firmwareMatch2.40

AND

phoenixcontactfl_comserver_uni_232Match-

Node

phoenixcontactfl_comserver_bas_422_firmwareMatch2.40

AND

phoenixcontactfl_comserver_bas_422Match-

Node

phoenixcontactfl_comserver_bas_232_firmwareMatch2.40

AND

phoenixcontactfl_comserver_bas_232Match-

VendorProductVersionCPE
phoenixcontactfl_comserver_basic_232_firmware2.40cpe:2.3:o:phoenixcontact:fl_comserver_basic_232_firmware:2.40:*:*:*:*:*:*:*
phoenixcontactfl_comserver_basic_232-cpe:2.3:h:phoenixcontact:fl_comserver_basic_232:-:*:*:*:*:*:*:*
phoenixcontactfl_comserver_uni_422_firmware2.40cpe:2.3:o:phoenixcontact:fl_comserver_uni_422_firmware:2.40:*:*:*:*:*:*:*
phoenixcontactfl_comserver_uni_422-cpe:2.3:h:phoenixcontact:fl_comserver_uni_422:-:*:*:*:*:*:*:*
phoenixcontactfl_comserver_bas_485-t_firmware2.40cpe:2.3:o:phoenixcontact:fl_comserver_bas_485-t_firmware:2.40:*:*:*:*:*:*:*
phoenixcontactfl_comserver_bas_485-t-cpe:2.3:h:phoenixcontact:fl_comserver_bas_485-t:-:*:*:*:*:*:*:*
phoenixcontactfl_com_server_rs232_firmware1.99cpe:2.3:o:phoenixcontact:fl_com_server_rs232_firmware:1.99:*:*:*:*:*:*:*
phoenixcontactfl_com_server_rs232-cpe:2.3:h:phoenixcontact:fl_com_server_rs232:-:*:*:*:*:*:*:*
phoenixcontactfl_com_server_rs485_firmware1.99cpe:2.3:o:phoenixcontact:fl_com_server_rs485_firmware:1.99:*:*:*:*:*:*:*
phoenixcontactfl_com_server_rs485-cpe:2.3:h:phoenixcontact:fl_com_server_rs485:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
phoenixcontact	fl_comserver_basic_232_firmware	2.40	cpe:2.3:o:phoenixcontact:fl_comserver_basic_232_firmware:2.40:::::::*
phoenixcontact	fl_comserver_basic_232	-	cpe:2.3:h:phoenixcontact:fl_comserver_basic_232:-:::::::*
phoenixcontact	fl_comserver_uni_422_firmware	2.40	cpe:2.3:o:phoenixcontact:fl_comserver_uni_422_firmware:2.40:::::::*
phoenixcontact	fl_comserver_uni_422	-	cpe:2.3:h:phoenixcontact:fl_comserver_uni_422:-:::::::*
phoenixcontact	fl_comserver_bas_485-t_firmware	2.40	cpe:2.3:o:phoenixcontact:fl_comserver_bas_485-t_firmware:2.40:::::::*
phoenixcontact	fl_comserver_bas_485-t	-	cpe:2.3:h:phoenixcontact:fl_comserver_bas_485-t:-:::::::*
phoenixcontact	fl_com_server_rs232_firmware	1.99	cpe:2.3:o:phoenixcontact:fl_com_server_rs232_firmware:1.99:::::::*
phoenixcontact	fl_com_server_rs232	-	cpe:2.3:h:phoenixcontact:fl_com_server_rs232:-:::::::*
phoenixcontact	fl_com_server_rs485_firmware	1.99	cpe:2.3:o:phoenixcontact:fl_com_server_rs485_firmware:1.99:::::::*
phoenixcontact	fl_com_server_rs485	-	cpe:2.3:h:phoenixcontact:fl_com_server_rs485:-:::::::*

Rows per page:

1-10 of 261

CNA Affected

[
  {
    "product": "PHOENIX CONTACT FL COMSERVER, FL COM SERVER, and PSI-MODEM/ETH",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "PHOENIX CONTACT FL COMSERVER, FL COM SERVER, and PSI-MODEM/ETH"
      }
    ]
  }
]

References

www.securityfocus.com/bid/102111

cert.vde.com/de-de/advisories/vde-2017-004

ics-cert.us-cert.gov/advisories/ICSA-17-341-03

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.3

Confidence

High

EPSS

0.011

Percentile

84.9%

JSON

Related for CVE-2017-16723