CVE-2017-5159

EPSS 0.74%
Published 13.02.2017 21:59:02
Last modified 20.04.2025 01:37:25
Source ics-cert@hq.dhs.gov
Teams watchlist Login
Open Login

An issue was discovered on Phoenix Contact mGuard devices that have been updated to Version 8.4.0. When updating an mGuard device to Version 8.4.0 via the update-upload facility, the update will succeed, but it will reset the password of the admin user to its default value.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Phoenixcontact ≫ Mguard Firmware Version8.4.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.74%	0.706

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-99 Improper Control of Resource Identifiers ('Resource Injection')

The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control.

http://www.securityfocus.com/bid/95648

Third Party Advisory

VDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-17-017-01

Third Party Advisory

US Government Resource

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2017-5159

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-5159

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-5159

EUVD