Details of VAR-201712-0118

ID

VAR-201712-0118

CVE

CVE-2017-16723

TITLE

Multiple Phoenix Contact Product Cross-Site Scripting Vulnerability

Trust: 0.8

sources: IVD: e2df0bd0-39ab-11e9-8616-000c29342cb1 // CNNVD: CNNVD-201712-286

DESCRIPTION

A Cross-site Scripting issue was discovered in PHOENIX CONTACT FL COMSERVER BASIC 232/422/485, FL COMSERVER UNI 232/422/485, FL COMSERVER BAS 232/422/485-T, FL COMSERVER UNI 232/422/485-T, FL COM SERVER RS232, FL COM SERVER RS485, and PSI-MODEM/ETH (running firmware versions prior to 1.99, 2.20, or 2.40). The cross-site scripting vulnerability has been identified, which may allow remote code execution. plural PHOENIX CONTACT The product contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. PhoenixContactFLCOMSERVER, a serial device server that converts serial signals to Ethernet. PLC input / output module FLCOMSERVERUNI232 / 422 / 485, interface to Ethernet, supports TCP and UDP. A cross-site scripting vulnerability exists in multiple PhoenixContact products that stems from a failure to fully validate user input. An attacker could exploit the vulnerability to execute arbitrary script code on the affected site user's browser, stealing cookie-based authentication credentials and launching other attacks. Phoenix Contact PSI-MODEM/ETH, etc. are all products of the Phoenix Contact Group in Germany. Phoenix Contact PSI-MODEM/ETH is a modem

Trust: 2.7

sources: NVD: CVE-2017-16723 // JVNDB: JVNDB-2017-011540 // CNVD: CNVD-2017-36877 // BID: 102111 // IVD: e2df0bd0-39ab-11e9-8616-000c29342cb1 // VULHUB: VHN-107674

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: e2df0bd0-39ab-11e9-8616-000c29342cb1 // CNVD: CNVD-2017-36877

AFFECTED PRODUCTS

vendor:	phoenixcontact	model:	fl comserver basic 422	scope:	eq	version:	2.40	Trust: 1.6
vendor:	phoenixcontact	model:	fl com server rs485	scope:	eq	version:	1.99	Trust: 1.6
vendor:	phoenixcontact	model:	psi-modem\/eth	scope:	eq	version:	2.20	Trust: 1.6
vendor:	phoenixcontact	model:	fl comserver uni 232	scope:	eq	version:	2.40	Trust: 1.6
vendor:	phoenixcontact	model:	fl comserver uni 485-t	scope:	eq	version:	2.40	Trust: 1.6
vendor:	phoenixcontact	model:	fl comserver bas 232	scope:	eq	version:	2.40	Trust: 1.6
vendor:	phoenixcontact	model:	fl comserver basic 485	scope:	eq	version:	2.40	Trust: 1.6
vendor:	phoenixcontact	model:	fl comserver bas 422	scope:	eq	version:	2.40	Trust: 1.6
vendor:	phoenixcontact	model:	fl comserver uni 485	scope:	eq	version:	2.40	Trust: 1.6
vendor:	phoenixcontact	model:	fl com server rs232	scope:	eq	version:	1.99	Trust: 1.6
vendor:	phoenixcontact	model:	fl comserver uni 422	scope:	eq	version:	2.40	Trust: 1.0
vendor:	phoenixcontact	model:	fl comserver basic 232	scope:	eq	version:	2.40	Trust: 1.0
vendor:	phoenixcontact	model:	fl comserver bas 485-t	scope:	eq	version:	2.40	Trust: 1.0
vendor:	phoenix contact	model:	fl com server rs232	scope:	-	version:	-	Trust: 0.8
vendor:	phoenix contact	model:	fl com server rs485	scope:	-	version:	-	Trust: 0.8
vendor:	phoenix contact	model:	fl comserver bas 232	scope:	-	version:	-	Trust: 0.8
vendor:	phoenix contact	model:	fl comserver bas 422	scope:	-	version:	-	Trust: 0.8
vendor:	phoenix contact	model:	fl comserver bas 485-t	scope:	-	version:	-	Trust: 0.8
vendor:	phoenix contact	model:	fl comserver basic 232	scope:	-	version:	-	Trust: 0.8
vendor:	phoenix contact	model:	fl comserver basic 422	scope:	-	version:	-	Trust: 0.8
vendor:	phoenix contact	model:	fl comserver basic 485	scope:	-	version:	-	Trust: 0.8
vendor:	phoenix contact	model:	fl comserver uni 232	scope:	-	version:	-	Trust: 0.8
vendor:	phoenix contact	model:	fl comserver uni 422	scope:	-	version:	-	Trust: 0.8
vendor:	phoenix contact	model:	fl comserver uni 485	scope:	-	version:	-	Trust: 0.8
vendor:	phoenix contact	model:	fl comserver uni 485-t	scope:	-	version:	-	Trust: 0.8
vendor:	phoenix contact	model:	psi-modem/eth	scope:	-	version:	-	Trust: 0.8
vendor:	phoenix	model:	contact psi-modem/eth	scope:	-	version:	-	Trust: 0.6
vendor:	phoenix	model:	contact fl com server rs232	scope:	-	version:	-	Trust: 0.6
vendor:	phoenix	model:	contact fl com server rs485	scope:	-	version:	-	Trust: 0.6
vendor:	phoenix	model:	contact fl comserver basic	scope:	eq	version:	232/422/485	Trust: 0.6
vendor:	phoenix	model:	contact fl comserver uni	scope:	eq	version:	232/422/485	Trust: 0.6
vendor:	phoenix	model:	contact fl comserver bas 232/422/485-t	scope:	-	version:	-	Trust: 0.6
vendor:	phoenix	model:	contact fl comserver uni 232/422/485-t	scope:	-	version:	-	Trust: 0.6
vendor:	phoenix	model:	contact psi-modem/eth	scope:	eq	version:	0	Trust: 0.3
vendor:	phoenix	model:	contact fl comserver uni 232/422/485-t	scope:	eq	version:	0	Trust: 0.3
vendor:	phoenix	model:	contact fl comserver uni	scope:	eq	version:	232/422/4850	Trust: 0.3
vendor:	phoenix	model:	contact fl comserver basic	scope:	eq	version:	232/422/4850	Trust: 0.3
vendor:	phoenix	model:	contact fl comserver bas 232/422/485-t	scope:	eq	version:	0	Trust: 0.3
vendor:	phoenix	model:	contact fl com server rs485	scope:	eq	version:	0	Trust: 0.3
vendor:	phoenix	model:	contact fl com server rs232	scope:	eq	version:	0	Trust: 0.3
vendor:	phoenix	model:	contact psi-modem/eth	scope:	ne	version:	2.40	Trust: 0.3
vendor:	phoenix	model:	contact psi-modem/eth	scope:	ne	version:	2.20	Trust: 0.3
vendor:	phoenix	model:	contact psi-modem/eth	scope:	ne	version:	1.99	Trust: 0.3
vendor:	phoenix	model:	contact fl comserver uni 232/422/485-t	scope:	ne	version:	2.40	Trust: 0.3
vendor:	phoenix	model:	contact fl comserver uni 232/422/485-t	scope:	ne	version:	2.20	Trust: 0.3
vendor:	phoenix	model:	contact fl comserver uni 232/422/485-t	scope:	ne	version:	1.99	Trust: 0.3
vendor:	phoenix	model:	contact fl comserver uni	scope:	ne	version:	232/422/4852.40	Trust: 0.3
vendor:	phoenix	model:	contact fl comserver uni	scope:	ne	version:	232/422/4852.20	Trust: 0.3
vendor:	phoenix	model:	contact fl comserver uni	scope:	ne	version:	232/422/4851.99	Trust: 0.3
vendor:	phoenix	model:	contact fl comserver basic	scope:	ne	version:	232/422/4852.40	Trust: 0.3
vendor:	phoenix	model:	contact fl comserver basic	scope:	ne	version:	232/422/4852.20	Trust: 0.3
vendor:	phoenix	model:	contact fl comserver basic	scope:	ne	version:	232/422/4851.99	Trust: 0.3
vendor:	phoenix	model:	contact fl comserver bas 232/422/485-t	scope:	ne	version:	2.40	Trust: 0.3
vendor:	phoenix	model:	contact fl comserver bas 232/422/485-t	scope:	ne	version:	2.20	Trust: 0.3
vendor:	phoenix	model:	contact fl comserver bas 232/422/485-t	scope:	ne	version:	1.99	Trust: 0.3
vendor:	phoenix	model:	contact fl com server rs485	scope:	ne	version:	2.40	Trust: 0.3
vendor:	phoenix	model:	contact fl com server rs485	scope:	ne	version:	2.20	Trust: 0.3
vendor:	phoenix	model:	contact fl com server rs485	scope:	ne	version:	1.99	Trust: 0.3
vendor:	phoenix	model:	contact fl com server rs232	scope:	ne	version:	2.40	Trust: 0.3
vendor:	phoenix	model:	contact fl com server rs232	scope:	ne	version:	2.20	Trust: 0.3
vendor:	phoenix	model:	contact fl com server rs232	scope:	ne	version:	1.99	Trust: 0.3
vendor:	fl comserver basic 232	model:	-	scope:	eq	version:	2.40	Trust: 0.2
vendor:	fl comserver uni 485	model:	-	scope:	eq	version:	2.40	Trust: 0.2
vendor:	fl comserver uni 232	model:	-	scope:	eq	version:	2.40	Trust: 0.2
vendor:	fl comserver bas 422	model:	-	scope:	eq	version:	2.40	Trust: 0.2
vendor:	fl comserver bas 232	model:	-	scope:	eq	version:	2.40	Trust: 0.2
vendor:	fl comserver uni 422	model:	-	scope:	eq	version:	2.40	Trust: 0.2
vendor:	fl comserver bas 485 t	model:	-	scope:	eq	version:	2.40	Trust: 0.2
vendor:	fl com server rs232	model:	-	scope:	eq	version:	1.99	Trust: 0.2
vendor:	fl com server rs485	model:	-	scope:	eq	version:	1.99	Trust: 0.2
vendor:	psi modem eth	model:	-	scope:	eq	version:	2.20	Trust: 0.2
vendor:	fl comserver basic 422	model:	-	scope:	eq	version:	2.40	Trust: 0.2
vendor:	fl comserver basic 485	model:	-	scope:	eq	version:	2.40	Trust: 0.2
vendor:	fl comserver uni 485 t	model:	-	scope:	eq	version:	2.40	Trust: 0.2

sources: IVD: e2df0bd0-39ab-11e9-8616-000c29342cb1 // CNVD: CNVD-2017-36877 // BID: 102111 // JVNDB: JVNDB-2017-011540 // CNNVD: CNNVD-201712-286 // NVD: CVE-2017-16723

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-16723
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-16723
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2017-36877
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201712-286
value:	MEDIUM
Trust: 0.6
IVD:	e2df0bd0-39ab-11e9-8616-000c29342cb1
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-107674
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-16723
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-36877
severity:	HIGH
baseScore:	8.5
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	7.8
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2df0bd0-39ab-11e9-8616-000c29342cb1
severity:	HIGH
baseScore:	8.5
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	7.8
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-107674
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-16723
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 1.8

sources: IVD: e2df0bd0-39ab-11e9-8616-000c29342cb1 // CNVD: CNVD-2017-36877 // VULHUB: VHN-107674 // JVNDB: JVNDB-2017-011540 // CNNVD: CNNVD-201712-286 // NVD: CVE-2017-16723

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-107674 // JVNDB: JVNDB-2017-011540 // NVD: CVE-2017-16723

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201712-286

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201712-286

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-011540

PATCH

title:	VDE-2017-004	url:	https://cert.vde.com/de-de/advisories/vde-2017-004	Trust: 0.8
title:	Patch for multiple PhoenixContact product cross-site scripting vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/109847	Trust: 0.6
title:	Multiple Phoenix Contact Fixes for product cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77044	Trust: 0.6

sources: CNVD: CNVD-2017-36877 // JVNDB: JVNDB-2017-011540 // CNNVD: CNNVD-201712-286

EXTERNAL IDS

db:	NVD	id:	CVE-2017-16723	Trust: 3.6
db:	ICS CERT	id:	ICSA-17-341-03	Trust: 3.4
db:	BID	id:	102111	Trust: 2.6
db:	CERT@VDE	id:	VDE-2017-004	Trust: 2.0
db:	CNNVD	id:	CNNVD-201712-286	Trust: 0.9
db:	CNVD	id:	CNVD-2017-36877	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-011540	Trust: 0.8
db:	NSFOCUS	id:	38286	Trust: 0.6
db:	IVD	id:	E2DF0BD0-39AB-11E9-8616-000C29342CB1	Trust: 0.2
db:	VULHUB	id:	VHN-107674	Trust: 0.1

sources: IVD: e2df0bd0-39ab-11e9-8616-000c29342cb1 // CNVD: CNVD-2017-36877 // VULHUB: VHN-107674 // BID: 102111 // JVNDB: JVNDB-2017-011540 // CNNVD: CNNVD-201712-286 // NVD: CVE-2017-16723

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-17-341-03	Trust: 2.5
url:	http://www.securityfocus.com/bid/102111	Trust: 2.3
url:	https://cert.vde.com/de-de/advisories/vde-2017-004	Trust: 2.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16723	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-16723	Trust: 0.8
url:	https://ics-cert.us-cert.gov/advisories/icsa-17-341-03%20icsa-17-341-03	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/38286	Trust: 0.6
url:	https://www.phoenixcontact.com/online/portal/pc	Trust: 0.3
url:	https://ics-cert.us-cert.gov/advisories/icsa-17-341-03 icsa-17-341-03	Trust: 0.3

sources: CNVD: CNVD-2017-36877 // VULHUB: VHN-107674 // BID: 102111 // JVNDB: JVNDB-2017-011540 // CNNVD: CNNVD-201712-286 // NVD: CVE-2017-16723

CREDITS

Maxim Rupp

Trust: 0.9

sources: BID: 102111 // CNNVD: CNNVD-201712-286

SOURCES

db:	IVD	id:	e2df0bd0-39ab-11e9-8616-000c29342cb1
db:	CNVD	id:	CNVD-2017-36877
db:	VULHUB	id:	VHN-107674
db:	BID	id:	102111
db:	JVNDB	id:	JVNDB-2017-011540
db:	CNNVD	id:	CNNVD-201712-286
db:	NVD	id:	CVE-2017-16723

LAST UPDATE DATE

2025-04-20T23:35:40.062000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-36877	date:	2017-12-12T00:00:00
db:	VULHUB	id:	VHN-107674	date:	2018-01-02T00:00:00
db:	BID	id:	102111	date:	2017-12-19T22:01:00
db:	JVNDB	id:	JVNDB-2017-011540	date:	2018-01-18T00:00:00
db:	CNNVD	id:	CNNVD-201712-286	date:	2017-12-11T00:00:00
db:	NVD	id:	CVE-2017-16723	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	IVD	id:	e2df0bd0-39ab-11e9-8616-000c29342cb1	date:	2017-12-12T00:00:00
db:	CNVD	id:	CNVD-2017-36877	date:	2017-12-12T00:00:00
db:	VULHUB	id:	VHN-107674	date:	2017-12-11T00:00:00
db:	BID	id:	102111	date:	2017-12-07T00:00:00
db:	JVNDB	id:	JVNDB-2017-011540	date:	2018-01-18T00:00:00
db:	CNNVD	id:	CNNVD-201712-286	date:	2017-12-11T00:00:00
db:	NVD	id:	CVE-2017-16723	date:	2017-12-11T16:29:00.283