Summary
A cross-site scripting (XSS) vulnerability affects PHOENIX CONTACT FL COMSERVER products running firmware versions prior to 1.99, 2.20, or 2.40.
Impact
On devices with older firmware versions, an unauthenticated user with network access is able to change (but not activate) the configuration variables by accessing a specific URL on the web server, without authenticating in the web interface first. A changed configuration can only be permanently saved and activated by an authenticated user. However, since the input is not properly sanitised, an attacker could inject malicious JavaScript code. When this code is executed on the client of an authenticated user, changed configuration variables could be saved and activated without user interaction.
Affected Product(s)
| Model no. | Product name | Affected versions |
|---|---|---|
| 2744490 | FL COM SERVER RS232 | Firmware <1.99 |
| 2708740 | FL COM SERVER RS485 | Firmware <1.99 |
| 2313478 | FL COMSERVER BASIC 232/422/485 | Firmware <2.40 |
| 2904681 | FL COMSERVER BASIC 232/422/485-T | Firmware <2.40 |
| 2313452 | FL COMSERVER UNI 232/422/485 | Firmware <2.40 |
| 2904817 | FL COMSERVER UNI 232/422/485-T | Firmware <2.40 |
| 2313300 | PSI-MODEM/ETH | Firmware <2.20 |
Vulnerabilities
Expand / Collapse allA cross-site scripting (XSS) vulnerability affects PHOENIX CONTACT FL COMSERVER products running firmware versions prior to 1.99, 2.20, or 2.40.
Remediation
PHOENIX CONTACT released new firmware versions for the affected devices, which fix this vulnerability. Customers using these devices in an unprotected network environment are recommended to update to firmware versions 1.99, 2.20, or 2.40
Revision History
| Version | Date | Summary |
|---|---|---|
| 1 | 05.12.2017 09:50 | initial revision |
| 2 | 06.11.2024 12:27 | Fix: added self-reference |
| 3 | 14.05.2025 14:28 | Fix: version space, removed ia, added distribution |