| Title | 複数の PHOENIX CONTACT 製品におけるクロスサイトスクリプティングの脆弱性 |
|---|---|
| Summary | 複数の PHOENIX CONTACT 製品には、クロスサイトスクリプティングの脆弱性が存在します。 |
| Possible impacts | 情報を取得される、および情報を改ざんされる可能性があります。 |
| Solution | ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。 |
| Publication Date | Dec. 5, 2017, midnight |
| Registration Date | Jan. 18, 2018, 4:01 p.m. |
| Last Update | Jan. 18, 2018, 4:01 p.m. |
| CVSS3.0 : 警告 | |
| Score | 6.1 |
|---|---|
| Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
| CVSS2.0 : 警告 | |
| Score | 4.3 |
|---|---|
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
| PHOENIX CONTACT |
| FL COM SERVER RS232 ファームウェア |
| FL COM SERVER RS485 ファームウェア |
| FL COMSERVER BAS 232 ファームウェア |
| FL COMSERVER BAS 422 ファームウェア |
| FL COMSERVER BAS 485-T ファームウェア |
| FL COMSERVER BASIC 232 ファームウェア |
| FL COMSERVER BASIC 422 ファームウェア |
| FL COMSERVER BASIC 485 ファームウェア |
| FL COMSERVER UNI 232 ファームウェア |
| FL COMSERVER UNI 422 ファームウェア |
| FL COMSERVER UNI 485 ファームウェア |
| FL COMSERVER UNI 485-T ファームウェア |
| PSI-MODEM/ETH ファームウェア |
| No | Changed Details | Date of change |
|---|---|---|
| 0 | [2018年01月18日] 掲載 |
Feb. 17, 2018, 10:37 a.m. |
| Summary | A Cross-site Scripting issue was discovered in PHOENIX CONTACT FL COMSERVER BASIC 232/422/485, FL COMSERVER UNI 232/422/485, FL COMSERVER BAS 232/422/485-T, FL COMSERVER UNI 232/422/485-T, FL COM SERVER RS232, FL COM SERVER RS485, and PSI-MODEM/ETH (running firmware versions prior to 1.99, 2.20, or 2.40). The cross-site scripting vulnerability has been identified, which may allow remote code execution. |
|---|---|
| Publication Date | Dec. 12, 2017, 1:29 a.m. |
| Registration Date | Jan. 26, 2021, 1:18 p.m. |
| Last Update | Nov. 21, 2024, 12:16 p.m. |
| Configuration1 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_comserver_basic_232_firmware:2.40:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_comserver_basic_232:-:*:*:*:*:*:*:* | ||||
| Configuration2 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_comserver_uni_422_firmware:2.40:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_comserver_uni_422:-:*:*:*:*:*:*:* | ||||
| Configuration3 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_comserver_bas_485-t_firmware:2.40:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_comserver_bas_485-t:-:*:*:*:*:*:*:* | ||||
| Configuration4 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_com_server_rs232_firmware:1.99:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_com_server_rs232:-:*:*:*:*:*:*:* | ||||
| Configuration5 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_com_server_rs485_firmware:1.99:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_com_server_rs485:-:*:*:*:*:*:*:* | ||||
| Configuration6 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:psi-modem\/eth_firmware:2.20:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:psi-modem\/eth:-:*:*:*:*:*:*:* | ||||
| Configuration7 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_comserver_basic_422_firmware:2.40:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_comserver_basic_422:-:*:*:*:*:*:*:* | ||||
| Configuration8 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_comserver_basic_485_firmware:2.40:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_comserver_basic_485:-:*:*:*:*:*:*:* | ||||
| Configuration9 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_comserver_uni_485-t_firmware:2.40:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_comserver_uni_485-t:-:*:*:*:*:*:*:* | ||||
| Configuration10 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_comserver_uni_485_firmware:2.40:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_comserver_uni_485:-:*:*:*:*:*:*:* | ||||
| Configuration11 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_comserver_uni_232_firmware:2.40:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_comserver_uni_232:-:*:*:*:*:*:*:* | ||||
| Configuration12 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_comserver_bas_422_firmware:2.40:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_comserver_bas_422:-:*:*:*:*:*:*:* | ||||
| Configuration13 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_comserver_bas_232_firmware:2.40:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_comserver_bas_232:-:*:*:*:*:*:*:* | ||||