VDE-2017-004
Vulnerability from csaf_phoenixcontactgmbhcokg - Published: 2017-12-05 08:50 - Updated: 2025-05-14 12:28Summary
PHOENIX CONTACT: FL COMSERVER cross-site scripting (XSS) vulnerability
Notes
Summary: A cross-site scripting (XSS) vulnerability affects PHOENIX CONTACT FL COMSERVER products running firmware versions prior to 1.99, 2.20, or 2.40.
Impact: On devices with older firmware versions, an unauthenticated user with network access is able to change (but not activate) the configuration variables by accessing a specific URL on the web server, without authenticating in the web interface first. A changed configuration can only be permanently saved and activated by an authenticated user. However, since the input is not properly sanitised, an attacker could inject malicious JavaScript code. When this code is executed on the client of an authenticated user, changed configuration variables could be saved and activated without user interaction.
Remediation: PHOENIX CONTACT released new firmware versions for the affected devices, which fix this vulnerability. Customers using these devices in an unprotected network environment are recommended to update to firmware versions 1.99, 2.20, or 2.40
A cross-site scripting (XSS) vulnerability affects PHOENIX CONTACT FL COMSERVER products running firmware versions prior to 1.99, 2.20, or 2.40.
6.1 (Medium)
Vendor Fix
PHOENIX CONTACT released new firmware version 1.99 for the affected devices, which fixes this vulnerability. Customers using these devices in an unprotected network environment are recommended to update to firmware version 1.99.
Vendor Fix
PHOENIX CONTACT released new firmware version 2.20 for the affected devices, which fixes this vulnerability. Customers using these devices in an unprotected network environment are recommended to update to firmware version 2.20.
Vendor Fix
PHOENIX CONTACT released new firmware version 2.40 for the affected devices, which fixes this vulnerability. Customers using these devices in an unprotected network environment are recommended to update to firmware version 2.40.
References
Acknowledgments
CERTVDE
certvde.com
{
"document": {
"acknowledgments": [
{
"organization": "CERTVDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "A cross-site scripting (XSS) vulnerability affects PHOENIX CONTACT FL COMSERVER products running firmware versions prior to 1.99, 2.20, or 2.40.",
"title": "Summary"
},
{
"category": "description",
"text": "On devices with older firmware versions, an unauthenticated user with network access is able to change (but not activate) the configuration variables by accessing a specific URL on the web server, without authenticating in the web interface first. A changed configuration can only be permanently saved and activated by an authenticated user. However, since the input is not properly sanitised, an attacker could inject malicious JavaScript code. When this code is executed on the client of an authenticated user, changed configuration variables could be saved and activated without user interaction.",
"title": "Impact"
},
{
"category": "description",
"text": "PHOENIX CONTACT released new firmware versions for the affected devices, which fix this vulnerability. Customers using these devices in an unprotected network environment are recommended to update to firmware versions 1.99, 2.20, or 2.40",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@phoenixcontact.com",
"name": "Phoenix Contact GmbH \u0026 Co. KG",
"namespace": "https://phoenixcontact.com/psirt"
},
"references": [
{
"category": "external",
"summary": "Phoenix Contact PSIRT",
"url": "https://www.phoenixcontact.com/de-de/service-und-support/psirt"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for Phoenix Contact",
"url": "https://certvde.com/en/advisories/vendor/phoenixcontact/"
},
{
"category": "self",
"summary": "VDE-2017-004: PHOENIX CONTACT: FL COMSERVER cross-site scripting (XSS) vulnerability - HTML",
"url": "https://certvde.com/en/advisories/VDE-2017-004/"
},
{
"category": "self",
"summary": "VDE-2017-004: PHOENIX CONTACT: FL COMSERVER cross-site scripting (XSS) vulnerability - CSAF",
"url": "https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2017/vde-2017-004.json"
}
],
"title": "PHOENIX CONTACT: FL COMSERVER cross-site scripting (XSS) vulnerability",
"tracking": {
"aliases": [
"VDE-2017-004"
],
"current_release_date": "2025-05-14T12:28:19.000Z",
"generator": {
"date": "2024-10-30T08:49:27.866Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.13"
}
},
"id": "VDE-2017-004",
"initial_release_date": "2017-12-05T08:50:00.000Z",
"revision_history": [
{
"date": "2017-12-05T08:50:00.000Z",
"number": "1",
"summary": "initial revision"
},
{
"date": "2024-11-06T11:27:01.000Z",
"number": "2",
"summary": "Fix: added self-reference"
},
{
"date": "2025-05-14T12:28:19.000Z",
"number": "3",
"summary": "Fix: version space, removed ia, added distribution"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "FL COMSERVER BASIC 232/422/485",
"product": {
"name": "FL COMSERVER BASIC 232/422/485",
"product_id": "CSAFPID-11001",
"product_identification_helper": {
"model_numbers": [
"2313478"
]
}
}
},
{
"category": "product_name",
"name": "FL COMSERVER BASIC 232/422/485-T",
"product": {
"name": "FL COMSERVER BASIC 232/422/485-T",
"product_id": "CSAFPID-11002",
"product_identification_helper": {
"model_numbers": [
"2904681"
]
}
}
},
{
"category": "product_name",
"name": "FL COMSERVER UNI 232/422/485",
"product": {
"name": "FL COMSERVER UNI 232/422/485",
"product_id": "CSAFPID-11003",
"product_identification_helper": {
"model_numbers": [
"2313452"
]
}
}
},
{
"category": "product_name",
"name": "FL COMSERVER UNI 232/422/485-T",
"product": {
"name": "FL COMSERVER UNI 232/422/485-T",
"product_id": "CSAFPID-11004",
"product_identification_helper": {
"model_numbers": [
"2904817"
]
}
}
},
{
"category": "product_name",
"name": "FL COM SERVER RS232",
"product": {
"name": "FL COM SERVER RS232",
"product_id": "CSAFPID-11005",
"product_identification_helper": {
"model_numbers": [
"2744490"
]
}
}
},
{
"category": "product_name",
"name": "FL COM SERVER RS485",
"product": {
"name": "FL COM SERVER RS485",
"product_id": "CSAFPID-11006",
"product_identification_helper": {
"model_numbers": [
"2708740"
]
}
}
},
{
"category": "product_name",
"name": "PSI-MODEM/ETH",
"product": {
"name": "PSI-MODEM/ETH",
"product_id": "CSAFPID-11007",
"product_identification_helper": {
"model_numbers": [
"2313300"
]
}
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2.40",
"product": {
"name": "Firmware \u003c2.40",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version",
"name": "2.40",
"product": {
"name": "Firmware 2.40",
"product_id": "CSAFPID-22001"
}
},
{
"category": "product_version_range",
"name": "\u003c1.99",
"product": {
"name": "Firmware \u003c1.99",
"product_id": "CSAFPID-21005"
}
},
{
"category": "product_version",
"name": "1.99",
"product": {
"name": "Firmware 1.99",
"product_id": "CSAFPID-22005"
}
},
{
"category": "product_version_range",
"name": "\u003c2.20",
"product": {
"name": "Firmware \u003c2.20",
"product_id": "CSAFPID-21007"
}
},
{
"category": "product_version",
"name": "2.20",
"product": {
"name": "Firmware 2.20",
"product_id": "CSAFPID-22007"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "PHOENIX CONTACT GmbH \u0026 Co. KG"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31005",
"CSAFPID-31006"
],
"summary": "Affected Products \u003c1.99"
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
],
"summary": "Affected Products \u003c2.40"
},
{
"group_id": "CSAFGID-0003",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007"
],
"summary": "All Affected Products"
},
{
"group_id": "CSAFGID-0004",
"product_ids": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007"
],
"summary": "Fixed Products"
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2.40 installed on FL COMSERVER BASIC 232/422/485",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2.40 installed on FL COMSERVER BASIC 232/422/485",
"product_id": "CSAFPID-32001"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2.40 installed on FL COMSERVER BASIC 232/422/485-T",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2.40 installed on FL COMSERVER BASIC 232/422/485-T",
"product_id": "CSAFPID-32002"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2.40 installed on FL COMSERVER UNI 232/422/485",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2.40 installed on FL COMSERVER UNI 232/422/485",
"product_id": "CSAFPID-32003"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2.40 installed on FL COMSERVER UNI 232/422/485-T",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2.40 installed on FL COMSERVER UNI 232/422/485-T",
"product_id": "CSAFPID-32004"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.99 installed on FL COM SERVER RS232",
"product_id": "CSAFPID-31005"
},
"product_reference": "CSAFPID-21005",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.99 installed on FL COM SERVER RS232",
"product_id": "CSAFPID-32005"
},
"product_reference": "CSAFPID-22005",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.99 installed on FL COM SERVER RS485",
"product_id": "CSAFPID-31006"
},
"product_reference": "CSAFPID-21005",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.99 installed on FL COM SERVER RS485",
"product_id": "CSAFPID-32006"
},
"product_reference": "CSAFPID-22005",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2.20 installed on PSI-MODEM/ETH",
"product_id": "CSAFPID-31007"
},
"product_reference": "CSAFPID-21007",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2.20 installed on PSI-MODEM/ETH",
"product_id": "CSAFPID-32007"
},
"product_reference": "CSAFPID-22007",
"relates_to_product_reference": "CSAFPID-11007"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-16723",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "A cross-site scripting (XSS) vulnerability affects PHOENIX CONTACT FL COMSERVER products running firmware versions prior to 1.99, 2.20, or 2.40.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "PHOENIX CONTACT released new firmware version 1.99 for the affected devices, which fixes this vulnerability. Customers using these devices in an unprotected network environment are recommended to update to firmware version 1.99.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "PHOENIX CONTACT released new firmware version 2.20 for the affected devices, which fixes this vulnerability. Customers using these devices in an unprotected network environment are recommended to update to firmware version 2.20.",
"product_ids": [
"CSAFPID-31007"
]
},
{
"category": "vendor_fix",
"details": "PHOENIX CONTACT released new firmware version 2.40 for the affected devices, which fixes this vulnerability. Customers using these devices in an unprotected network environment are recommended to update to firmware version 2.40.",
"group_ids": [
"CSAFGID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 6.1,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"temporalScore": 6.1,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007"
]
}
],
"title": "VDE-2017-16723"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…