PT-2021-20563 · Phoenix Contact · Phoenix Contact Fl Mguard 1102+1
Published
2021-11-10
·
Updated
2022-07-28
·
CVE-2021-34582
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
Phoenix Contact FL MGUARD 1102 versions 1.4.0 through 1.5.0
Phoenix Contact FL MGUARD 1105 versions 1.4.0 through 1.5.0
Description:
A user with high privileges can inject HTML code through web-based management or the REST API with a manipulated certificate file, resulting in a cross-site scripting (XSS) issue. This allows for potential code injection and execution.
Recommendations:
For Phoenix Contact FL MGUARD 1102 versions 1.4.0 through 1.5.0, consider disabling web-based management and REST API access until a patch is available.
For Phoenix Contact FL MGUARD 1105 versions 1.4.0 through 1.5.0, consider disabling web-based management and REST API access until a patch is available.
As a temporary workaround, restrict access to the REST API to minimize the risk of exploitation.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Phoenix Contact Fl Mguard 1102
Phoenix Contact Fl Mguard 1105