Share: Email | Twitter

ID

VDE-2017-002

Published

2017-09-07 09:00 (CEST)

Last update

2019-10-16 08:59 (CEST)

Vendor(s)

PHOENIX CONTACT

Product(s)

FL MGUARD DM 1.8.0 and older

Summary

Multiple security issues and vulnerabilities in Oracle Java SE possibly affecting mGuard device manager (mdm / FL MGUARD DM) 1.8.0 and older.

Vulnerabilities



Weakness
Improper Access Control (CWE-284)
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: ...
Weakness
Improper Access Control (CWE-284)
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE ...
Weakness
Improper Access Control (CWE-284)
Summary
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Scripting). The supported version that is affected is Java SE: 8u131. Easily exploitable vulnerability allows low privileged attacker with ...
Weakness
Improper Access Control (CWE-284)
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE ...
Weakness
Improper Access Control (CWE-284)
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: ...
Weakness
Improper Access Control (CWE-284)
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: ...
Weakness
Improper Access Control (CWE-284)
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE ...
Weakness
Improper Access Control (CWE-284)
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE ...
Weakness
Improper Access Control (CWE-284)
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE ...
Weakness
Improper Access Control (CWE-284)
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE ...

Impact

Please see the various CVE entries for details.

Solution

PHOENIX CONTACT recommends that all users of the affected product on Windows should update to at least version 1.8.0.1. The update can be performed by simply executing the installer for version 1.8.0.1 on a Windows system where the product is installed in version 1.8.0. The installer is available for download on the product page, in section “Software” on the Downloads tab. For more information please refer to the document “How to upgrade mGuard device manager” downloaded with the installer. PHOENIX CONTACT that all users of the affected product on Linux should update Java to the latest version. When using the packet source delivered by PHOENIX CONTACT on Ubuntu, this is simply done by using the software updater of the operating system.

Reported by