CVE-2017-16723

Published: Dic 11, 2017 Last Modified: Apr 20, 2025 EU-VD ID: EUVD-2017-7907 Aliases: GSD-2017-16723
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 6,1
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: required
Scope: changed
Confidentiality: low
Integrity: low
Availability: none
MEDIUM 4,3
Source: [email protected]
Access Vector: network
Access Complexity: medium
Authentication: none
Confidentiality: none
Integrity: partial
Availability: none

Description

AI Translation Available

A Cross-site Scripting issue was discovered in PHOENIX CONTACT FL COMSERVER BASIC 232/422/485, FL COMSERVER UNI 232/422/485, FL COMSERVER BAS 232/422/485-T, FL COMSERVER UNI 232/422/485-T, FL COM SERVER RS232, FL COM SERVER RS485, and PSI-MODEM/ETH (running firmware versions prior to 1.99, 2.20, or 2.40). The cross-site scripting vulnerability has been identified, which may allow remote code execution.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0042
Percentile
0,6th
Updated

EPSS Score Trend (Last 90 Days)

79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Stable
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Access Control Confidentiality Integrity Availability
Potential Impacts:
Bypass Protection Mechanism Read Application Data Execute Unauthorized Code Or Commands
Applicable Platforms
Technologies: AI/ML, Web Based, Web Server
Likelihood of Exploit: High
View CWE Details
Operating System

Fl Comserver Basic 232 Firmware by Phoenixcontact

Product Information
Vendor Phoenixcontact
Product Fl Comserver Basic 232 Firmware
Version 2.40
cpe:2.3:o:phoenixcontact:fl_comserver_basic_232_firmware:2.40:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Fl Comserver Bas 422 Firmware by Phoenixcontact

Product Information
Vendor Phoenixcontact
Product Fl Comserver Bas 422 Firmware
Version 2.40
cpe:2.3:o:phoenixcontact:fl_comserver_bas_422_firmware:2.40:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Fl Comserver Bas 232 Firmware by Phoenixcontact

Product Information
Vendor Phoenixcontact
Product Fl Comserver Bas 232 Firmware
Version 2.40
cpe:2.3:o:phoenixcontact:fl_comserver_bas_232_firmware:2.40:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Fl Comserver Basic 485 Firmware by Phoenixcontact

Product Information
Vendor Phoenixcontact
Product Fl Comserver Basic 485 Firmware
Version 2.40
cpe:2.3:o:phoenixcontact:fl_comserver_basic_485_firmware:2.40:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Fl Com Server Rs232 Firmware by Phoenixcontact

Product Information
Vendor Phoenixcontact
Product Fl Com Server Rs232 Firmware
Version 1.99
cpe:2.3:o:phoenixcontact:fl_com_server_rs232_firmware:1.99:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Fl Comserver Uni 485 Firmware by Phoenixcontact

Product Information
Vendor Phoenixcontact
Product Fl Comserver Uni 485 Firmware
Version 2.40
cpe:2.3:o:phoenixcontact:fl_comserver_uni_485_firmware:2.40:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Fl Comserver Uni 422 Firmware by Phoenixcontact

Product Information
Vendor Phoenixcontact
Product Fl Comserver Uni 422 Firmware
Version 2.40
cpe:2.3:o:phoenixcontact:fl_comserver_uni_422_firmware:2.40:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Fl Comserver Basic 422 Firmware by Phoenixcontact

Product Information
Vendor Phoenixcontact
Product Fl Comserver Basic 422 Firmware
Version 2.40
cpe:2.3:o:phoenixcontact:fl_comserver_basic_422_firmware:2.40:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Fl Comserver Uni 232 Firmware by Phoenixcontact

Product Information
Vendor Phoenixcontact
Product Fl Comserver Uni 232 Firmware
Version 2.40
cpe:2.3:o:phoenixcontact:fl_comserver_uni_232_firmware:2.40:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Fl Com Server Rs485 Firmware by Phoenixcontact

Product Information
Vendor Phoenixcontact
Product Fl Com Server Rs485 Firmware
Version 1.99
cpe:2.3:o:phoenixcontact:fl_com_server_rs485_firmware:1.99:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Psi-Modem\/Eth Firmware by Phoenixcontact

Product Information
Vendor Phoenixcontact
Product Psi-Modem\/Eth Firmware
Version 2.20
cpe:2.3:o:phoenixcontact:psi-modem\/eth_firmware:2.20:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Fl Comserver Uni 485-T Firmware by Phoenixcontact

Product Information
Vendor Phoenixcontact
Product Fl Comserver Uni 485-T Firmware
Version 2.40
cpe:2.3:o:phoenixcontact:fl_comserver_uni_485-t_firmware:2.40:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Fl Comserver Bas 485-T Firmware by Phoenixcontact

Product Information
Vendor Phoenixcontact
Product Fl Comserver Bas 485-T Firmware
Version 2.40
cpe:2.3:o:phoenixcontact:fl_comserver_bas_485-t_firmware:2.40:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://cert.vde.com/de-de/advisories/vde-2017-004
Issue Tracking Third Party Advisory
https://cert.vde.com/de-de/advisories/vde-2017-004
https://ics-cert.us-cert.gov/advisories/ICSA-17-341-03
Issue Tracking Mitigation Third Party Advisory US Government Resource
https://ics-cert.us-cert.gov/advisories/ICSA-17-341-03
http://www.securityfocus.com/bid/102111
Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/102111
https://cert.vde.com/de-de/advisories/vde-2017-004
Issue Tracking Third Party Advisory
https://cert.vde.com/de-de/advisories/vde-2017-004
https://ics-cert.us-cert.gov/advisories/ICSA-17-341-03
Issue Tracking Mitigation Third Party Advisory US Government Resource
https://ics-cert.us-cert.gov/advisories/ICSA-17-341-03
http://www.securityfocus.com/bid/102111
Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/102111