CVE-2017-16723

A Cross-site Scripting issue was discovered in PHOENIX CONTACT FL COMSERVER BASIC 232/422/485, FL COMSERVER UNI 232/422/485, FL COMSERVER BAS 232/422/485-T, FL COMSERVER UNI 232/422/485-T, FL COM SERVER RS232, FL COM SERVER RS485, and PSI-MODEM/ETH (running firmware versions prior to 1.99, 2.20, or 2.40). The cross-site scripting vulnerability has been identified, which may allow remote code execution.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
icscertCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 60%
VendorProductVersion
phoenixcontactfl_comserver_basic_232_firmware
2.40
phoenixcontactfl_comserver_uni_422_firmware
2.40
phoenixcontactfl_comserver_bas_485-t_firmware
2.40
phoenixcontactfl_com_server_rs232_firmware
1.99
phoenixcontactfl_com_server_rs485_firmware
1.99
phoenixcontactpsi-modem\/eth_firmware
2.20
phoenixcontactfl_comserver_basic_422_firmware
2.40
phoenixcontactfl_comserver_basic_485_firmware
2.40
phoenixcontactfl_comserver_uni_485-t_firmware
2.40
phoenixcontactfl_comserver_uni_485_firmware
2.40
phoenixcontactfl_comserver_uni_232_firmware
2.40
phoenixcontactfl_comserver_bas_422_firmware
2.40
phoenixcontactfl_comserver_bas_232_firmware
2.40
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/102111
https://cert.vde.com/de-de/advisories/vde-2017-004
https://ics-cert.us-cert.gov/advisories/ICSA-17-341-03
http://www.securityfocus.com/bid/102111
https://cert.vde.com/de-de/advisories/vde-2017-004
https://ics-cert.us-cert.gov/advisories/ICSA-17-341-03