Lucene search

[email protected]CVE-2017-5159

HistoryFeb 13, 2017 - 9:59 p.m.

CVE-2017-5159

2017-02-1321:59:00

CWE-99

[email protected]

web.nvd.nist.gov

cve-2017-5159

nvd

phoenix contact

mguard

version 8.4.0

password reset

vulnerability

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

58.6%

JSON

An issue was discovered on Phoenix Contact mGuard devices that have been updated to Version 8.4.0. When updating an mGuard device to Version 8.4.0 via the update-upload facility, the update will succeed, but it will reset the password of the admin user to its default value.

CPENameOperatorVersion
phoenixcontact:mguard_firmwarephoenixcontact mguard firmwareeq8.4.0

CPE	Name	Operator	Version
phoenixcontact:mguard_firmware	phoenixcontact mguard firmware	eq	8.4.0

References

www.securityfocus.com/bid/95648

ics-cert.us-cert.gov/advisories/ICSA-17-017-01

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

58.6%

JSON

Related for CVE-2017-5159

ics1 cvelist1 prion1