VDE-2017-004 | CERT@VDE

2017-12-05 09:50 (CET) VDE-2017-004

PHOENIX CONTACT: FL COMSERVER cross-site scripting (XSS) vulnerability

Share: Email | Twitter

ID

VDE-2017-004

Published

2017-12-05 09:50 (CET)

Last update

2017-12-05 09:50 (CET)

Vendor(s)

PHOENIX CONTACT GmbH & Co. KG

Product(s)

Article No°	Product Name	Affected Version(s)
2313478	FL COMSERVER BASIC 232/422/485	< 2.40
2904681	FL COMSERVER BASIC 232/422/485-T	< 2.40
2744490	FL COM SERVER RS232	< 1.99
2708740	FL COM SERVER RS485	< 1.99
2313452	FL COMSERVER UNI 232/422/485	< 2.40
2904817	FL COMSERVER UNI 232/422/485-T	< 2.40
2313300	PSI-MODEM/ETH	< 2.20

Summary

A cross-site scripting (XSS) vulnerability affects PHOENIX CONTACT FL COMSERVER products running firmware versions prior to 1.99, 2.20, or 2.40.

CVE ID

CVE-2017-16723

Last Update:

Sept. 22, 2019, 9:51 a.m.

Severity

6.1 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

Weakness

Cross-site Scripting (CWE-79)

Summary

A Cross-site Scripting issue was discovered in PHOENIX CONTACT FL COMSERVER BASIC 232/422/485, FL COMSERVER UNI 232/422/485, FL COMSERVER BAS 232/422/485-T, FL COMSERVER UNI 232/422/485-T, FL COM SERVER RS232, FL COM SERVER RS485, and PSI-MODEM/ETH (running firmware versions prior to 1.99, 2.20, or 2.40). The cross-site scripting vulnerability has been identified, which may allow remote code execution.

Details

nvd.nist.gov

Impact

On devices with older firmware versions, an unauthenticated user with network access is able to change (but not activate) the configuration variables by accessing a specific URL on the web server, without authenticating in the web interface first. A changed configuration can only be permanently saved and activated by an authenticated user. However, since the input is not properly sanitised, an attacker could inject malicious JavaScript code. When this code is executed on the client of an authenticated user, changed configuration variables could be saved and activated without user interaction.

Solution

PHOENIX CONTACT released new firmware versions for the affected devices, which fix this vulnerability. Customers using these devices in an unprotected network environment are recommended to update to firmware versions 1.99, 2.20, or 2.40, as listed below.

Art. No.	Description	Generation	Firmware	Download link
2313478	FL COMSERVER BASIC 232/422/485	2^nd generation	2.40	http://www.phoenixcontact.net/qr/2313478/firmware_update
2313452	FL COMSERVER UNI 232/422/485	2^nd generation	2.40	http://www.phoenixcontact.net/qr/2313452/firmware_update
2904681	FL COMSERVER BAS 232/422/485-T	2^nd generation	2.40	http://www.phoenixcontact.net/qr/2904681/firmware_update
2904817	FL COMSERVER UNI 232/422/485-T	2^nd generation	2.40	http://www.phoenixcontact.net/qr/2904817/firmware_update
2744490	FL COM SERVER RS232	1^st generation	1.99	http://www.phoenixcontact.net/qr/2744490/firmware_update
2708740	FL COM SERVER RS485	1^st generation	1.99	http://www.phoenixcontact.net/qr/2708740/firmware_update
2313300	PSI-MODEM/ETH	1^st generation	2.20	http://www.phoenixcontact.net/qr/2313300/firmware_update

Reported by

Maxim Rupp reported this vulnerability to ICS-CERT.

ICS-CERT coordinated with PHOENIX CONTACT and CERT@VDE.