CVE-2017-16723 — MEDIUM (6.1)

Vulnerability Description

A Cross-site Scripting issue was discovered in PHOENIX CONTACT FL COMSERVER BASIC 232/422/485, FL COMSERVER UNI 232/422/485, FL COMSERVER BAS 232/422/485-T, FL COMSERVER UNI 232/422/485-T, FL COM SERVER RS232, FL COM SERVER RS485, and PSI-MODEM/ETH (running firmware versions prior to 1.99, 2.20, or 2.40). The cross-site scripting vulnerability has been identified, which may allow remote code execution.

CVSS Score

6.1

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Phoenixcontact	Fl Comserver Basic 232 Firmware	2.40
Phoenixcontact	Fl Comserver Basic 232	-
Phoenixcontact	Fl Comserver Uni 422 Firmware	2.40
Phoenixcontact	Fl Comserver Uni 422	-
Phoenixcontact	Fl Comserver Bas 485-T Firmware	2.40
Phoenixcontact	Fl Comserver Bas 485-T	-
Phoenixcontact	Fl Com Server Rs232 Firmware	1.99
Phoenixcontact	Fl Com Server Rs232	-
Phoenixcontact	Fl Com Server Rs485 Firmware	1.99
Phoenixcontact	Fl Com Server Rs485	-
Phoenixcontact	Psi-Modem\/Eth Firmware	2.20
Phoenixcontact	Psi-Modem\/Eth	-
Phoenixcontact	Fl Comserver Basic 422 Firmware	2.40
Phoenixcontact	Fl Comserver Basic 422	-
Phoenixcontact	Fl Comserver Basic 485 Firmware	2.40
Phoenixcontact	Fl Comserver Basic 485	-
Phoenixcontact	Fl Comserver Uni 485-T Firmware	2.40
Phoenixcontact	Fl Comserver Uni 485-T	-
Phoenixcontact	Fl Comserver Uni 485 Firmware	2.40
Phoenixcontact	Fl Comserver Uni 485	-

Related Weaknesses (CWE)

CWE-79

References

http://www.securityfocus.com/bid/102111Third Party AdvisoryVDB Entry
https://cert.vde.com/de-de/advisories/vde-2017-004Issue TrackingThird Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-17-341-03Issue TrackingMitigationThird Party Advisory
http://www.securityfocus.com/bid/102111Third Party AdvisoryVDB Entry
https://cert.vde.com/de-de/advisories/vde-2017-004Issue TrackingThird Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-17-341-03Issue TrackingMitigationThird Party Advisory

FAQ

What is CVE-2017-16723?

CVE-2017-16723 is a vulnerability with a CVSS score of 6.1 (MEDIUM). A Cross-site Scripting issue was discovered in PHOENIX CONTACT FL COMSERVER BASIC 232/422/485, FL COMSERVER UNI 232/422/485, FL COMSERVER BAS 232/422/485-T, FL COMSERVER UNI 232/422/485-T, FL COM SERV...

How severe is CVE-2017-16723?

CVE-2017-16723 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-16723?

Check the references section above for vendor advisories and patch information. Affected products include: Phoenixcontact Fl Comserver Basic 232 Firmware, Phoenixcontact Fl Comserver Basic 232, Phoenixcontact Fl Comserver Uni 422 Firmware, Phoenixcontact Fl Comserver Uni 422, Phoenixcontact Fl Comserver Bas 485-T Firmware.