PT-2017-14533 · Phoenix Contact · Fl Comserver Uni 232/422/485+4
Published
2017-12-11
·
Updated
2018-01-02
·
CVE-2017-16723
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
PHOENIX CONTACT FL COMSERVER BASIC 232/422/485 versions prior to 1.99
PHOENIX CONTACT FL COMSERVER UNI 232/422/485 versions prior to 1.99
PHOENIX CONTACT FL COMSERVER BAS 232/422/485-T versions prior to 1.99
PHOENIX CONTACT FL COMSERVER UNI 232/422/485-T versions prior to 1.99
PHOENIX CONTACT FL COM SERVER RS232 versions prior to 2.20
PHOENIX CONTACT FL COM SERVER RS485 versions prior to 2.20
PHOENIX CONTACT PSI-MODEM/ETH versions prior to 2.40
Description
A Cross-site Scripting issue was discovered, which may allow remote code execution.
Recommendations
For PHOENIX CONTACT FL COMSERVER BASIC 232/422/485, update to version 1.99 or later.
For PHOENIX CONTACT FL COMSERVER UNI 232/422/485, update to version 1.99 or later.
For PHOENIX CONTACT FL COMSERVER BAS 232/422/485-T, update to version 1.99 or later.
For PHOENIX CONTACT FL COMSERVER UNI 232/422/485-T, update to version 1.99 or later.
For PHOENIX CONTACT FL COM SERVER RS232, update to version 2.20 or later.
For PHOENIX CONTACT FL COM SERVER RS485, update to version 2.20 or later.
For PHOENIX CONTACT PSI-MODEM/ETH, update to version 2.40 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fl Com Server Rs232
Fl Com Server Rs485
Fl Comserver Bas 232/422/485-T
Fl Comserver Uni 232/422/485
Psi-Modem/Eth