CVE-2017-16723 - OpenCVE

A Cross-site Scripting issue was discovered in PHOENIX CONTACT FL COMSERVER BASIC 232/422/485, FL COMSERVER UNI 232/422/485, FL COMSERVER BAS 232/422/485-T, FL COMSERVER UNI 232/422/485-T, FL COM SERVER RS232, FL COM SERVER RS485, and PSI-MODEM/ETH (running firmware versions prior to 1.99, 2.20, or 2.40). The cross-site scripting vulnerability has been identified, which may allow remote code execution.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Phoenixcontact	Fl Comserver Basic 422 Fl Comserver Bas 485-t Fl Comserver Uni 422 Fl Comserver Basic 232 Fl Com Server Rs485 Psi-modem\/eth Firmware Fl Comserver Bas 485-t Firmware Fl Com Server Rs232 Fl Comserver Bas 422 Firmware Fl Comserver Uni 232 Firmware Fl Comserver Uni 485 Firmware Fl Com Server Rs485 Firmware Fl Comserver Basic 485 Fl Com Server Rs232 Firmware Fl Comserver Basic 232 Firmware Fl Comserver Bas 232 Fl Comserver Basic 422 Firmware Fl Comserver Bas 232 Firmware Fl Comserver Uni 232 Fl Comserver Uni 485-t Fl Comserver Uni 485 Fl Comserver Uni 422 Firmware Psi-modem\/eth Fl Comserver Uni 485-t Firmware Fl Comserver Bas 422 Fl Comserver Basic 485 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:phoenixcontact:fl_comserver_basic_232_firmware:2.40:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:fl_comserver_basic_232:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:phoenixcontact:fl_comserver_uni_422_firmware:2.40:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:fl_comserver_uni_422:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:phoenixcontact:fl_comserver_bas_485-t_firmware:2.40:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:fl_comserver_bas_485-t:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:phoenixcontact:fl_com_server_rs232_firmware:1.99:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:fl_com_server_rs232:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:phoenixcontact:fl_com_server_rs485_firmware:1.99:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:fl_com_server_rs485:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:phoenixcontact:psi-modem\/eth_firmware:2.20:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:psi-modem\/eth:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:phoenixcontact:fl_comserver_basic_422_firmware:2.40:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:fl_comserver_basic_422:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:phoenixcontact:fl_comserver_basic_485_firmware:2.40:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:fl_comserver_basic_485:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:phoenixcontact:fl_comserver_uni_485-t_firmware:2.40:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:fl_comserver_uni_485-t:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:phoenixcontact:fl_comserver_uni_485_firmware:2.40:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:fl_comserver_uni_485:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:phoenixcontact:fl_comserver_uni_232_firmware:2.40:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:fl_comserver_uni_232:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:phoenixcontact:fl_comserver_bas_422_firmware:2.40:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:fl_comserver_bas_422:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:phoenixcontact:fl_comserver_bas_232_firmware:2.40:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:fl_comserver_bas_232:-:*:*:*:*:*:*:*

References

Link	Resource
http://www.securityfocus.com/bid/102111	Third Party Advisory VDB Entry
https://cert.vde.com/de-de/advisories/vde-2017-004	Issue Tracking Third Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-17-341-03	Issue Tracking Mitigation Third Party Advisory US Government Resource