Share: Email | Twitter

ID

VDE-2017-004

Published

2017-12-05 09:50 (CET)

Last update

2017-12-05 09:50 (CET)

Vendor(s)

PHOENIX CONTACT GmbH & Co. KG

Product(s)

Article No° Product Name Affected Version(s)
2313478 FL COMSERVER BASIC 232/422/485 < 2.40
2904681 FL COMSERVER BASIC 232/422/485-T < 2.40
2744490 FL COM SERVER RS232 < 1.99
2708740 FL COM SERVER RS485 < 1.99
2313452 FL COMSERVER UNI 232/422/485 < 2.40
2904817 FL COMSERVER UNI 232/422/485-T < 2.40
2313300 PSI-MODEM/ETH < 2.20

Summary

A cross-site scripting (XSS) vulnerability affects PHOENIX CONTACT FL COMSERVER products running firmware versions prior to 1.99, 2.20, or 2.40.


Last Update:

Sept. 22, 2019, 9:51 a.m.

Weakness

Cross-site Scripting  (CWE-79) 

Summary

A Cross-site Scripting issue was discovered in PHOENIX CONTACT FL COMSERVER BASIC 232/422/485, FL COMSERVER UNI 232/422/485, FL COMSERVER BAS 232/422/485-T, FL COMSERVER UNI 232/422/485-T, FL COM SERVER RS232, FL COM SERVER RS485, and PSI-MODEM/ETH (running firmware versions prior to 1.99, 2.20, or 2.40). The cross-site scripting vulnerability has been identified, which may allow remote code execution.

Impact

On devices with older firmware versions, an unauthenticated user with network access is able to change (but not activate) the configuration variables by accessing a specific URL on the web server, without authenticating in the web interface first. A changed configuration can only be permanently saved and activated by an authenticated user. However, since the input is not properly sanitised, an attacker could inject malicious JavaScript code. When this code is executed on the client of an authenticated user, changed configuration variables could be saved and activated without user interaction.

Solution

PHOENIX CONTACT released new firmware versions for the affected devices, which fix this vulnerability. Customers using these devices in an unprotected network environment are recommended to update to firmware versions 1.99, 2.20, or 2.40, as listed below.

Art. No. Description Generation Firmware Download link
2313478 FL COMSERVER BASIC 232/422/485 2nd generation 2.40 http://www.phoenixcontact.net/qr/2313478/firmware_update
2313452 FL COMSERVER UNI 232/422/485 2nd generation 2.40 http://www.phoenixcontact.net/qr/2313452/firmware_update
2904681 FL COMSERVER BAS 232/422/485-T 2nd generation 2.40 http://www.phoenixcontact.net/qr/2904681/firmware_update
2904817 FL COMSERVER UNI 232/422/485-T 2nd generation 2.40 http://www.phoenixcontact.net/qr/2904817/firmware_update
2744490 FL COM SERVER RS232 1st generation 1.99 http://www.phoenixcontact.net/qr/2744490/firmware_update
2708740 FL COM SERVER RS485 1st generation 1.99 http://www.phoenixcontact.net/qr/2708740/firmware_update
2313300 PSI-MODEM/ETH 1st generation 2.20 http://www.phoenixcontact.net/qr/2313300/firmware_update

Reported by

Maxim Rupp reported this vulnerability to ICS-CERT.

ICS-CERT coordinated with PHOENIX CONTACT and CERT@VDE.