CVE-2017-16723

Опубликовано: 11 дек. 2017

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

A Cross-site Scripting issue was discovered in PHOENIX CONTACT FL COMSERVER BASIC 232/422/485, FL COMSERVER UNI 232/422/485, FL COMSERVER BAS 232/422/485-T, FL COMSERVER UNI 232/422/485-T, FL COM SERVER RS232, FL COM SERVER RS485, and PSI-MODEM/ETH (running firmware versions prior to 1.99, 2.20, or 2.40). The cross-site scripting vulnerability has been identified, which may allow remote code execution.

Ссылки

http://www.securityfocus.com/bid/102111
Third Party Advisory
VDB Entry
https://cert.vde.com/de-de/advisories/vde-2017-004
Issue Tracking
Third Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-17-341-03
Issue Tracking
Mitigation
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/102111
Third Party Advisory
VDB Entry
https://cert.vde.com/de-de/advisories/vde-2017-004
Issue Tracking
Third Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-17-341-03
Issue Tracking
Mitigation
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:phoenixcontact:fl_comserver_basic_232_firmware:2.40:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:fl_comserver_basic_232:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:phoenixcontact:fl_comserver_uni_422_firmware:2.40:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:fl_comserver_uni_422:-:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

cpe:2.3:o:phoenixcontact:fl_comserver_bas_485-t_firmware:2.40:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:fl_comserver_bas_485-t:-:*:*:*:*:*:*:*

Конфигурация 4

Одновременно

cpe:2.3:o:phoenixcontact:fl_com_server_rs232_firmware:1.99:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:fl_com_server_rs232:-:*:*:*:*:*:*:*

Конфигурация 5

Одновременно

cpe:2.3:o:phoenixcontact:fl_com_server_rs485_firmware:1.99:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:fl_com_server_rs485:-:*:*:*:*:*:*:*

Конфигурация 6

Одновременно

cpe:2.3:o:phoenixcontact:psi-modem\/eth_firmware:2.20:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:psi-modem\/eth:-:*:*:*:*:*:*:*

Конфигурация 7

Одновременно

cpe:2.3:o:phoenixcontact:fl_comserver_basic_422_firmware:2.40:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:fl_comserver_basic_422:-:*:*:*:*:*:*:*

Конфигурация 8

Одновременно

cpe:2.3:o:phoenixcontact:fl_comserver_basic_485_firmware:2.40:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:fl_comserver_basic_485:-:*:*:*:*:*:*:*

Конфигурация 9

Одновременно

cpe:2.3:o:phoenixcontact:fl_comserver_uni_485-t_firmware:2.40:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:fl_comserver_uni_485-t:-:*:*:*:*:*:*:*

Конфигурация 10

Одновременно

cpe:2.3:o:phoenixcontact:fl_comserver_uni_485_firmware:2.40:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:fl_comserver_uni_485:-:*:*:*:*:*:*:*

Конфигурация 11

Одновременно

cpe:2.3:o:phoenixcontact:fl_comserver_uni_232_firmware:2.40:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:fl_comserver_uni_232:-:*:*:*:*:*:*:*

Конфигурация 12

Одновременно

cpe:2.3:o:phoenixcontact:fl_comserver_bas_422_firmware:2.40:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:fl_comserver_bas_422:-:*:*:*:*:*:*:*

Конфигурация 13

Одновременно

cpe:2.3:o:phoenixcontact:fl_comserver_bas_232_firmware:2.40:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:fl_comserver_bas_232:-:*:*:*:*:*:*:*

EPSS

Процентиль: 61%

0.00418

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-2m88-g87r-c599

CVSS3: 6.1

github

больше 3 лет назад

EPSS

Процентиль: 61%

0.00418

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79