← Back to CVEs

CVE-2017-5159

CRITICAL

9.8

Description

An issue was discovered on Phoenix Contact mGuard devices that have been updated to Version 8.4.0. When updating an mGuard device to Version 8.4.0 via the update-upload facility, the update will succeed, but it will reset the password of the admin user to its default value.

CVE Details

CVSS v3.1 Score9.8

SeverityCRITICAL

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredNONE

User InteractionNONE

Published2/13/2017

Last Modified4/20/2025

Sourcenvd

Honeypot Sightings0

Affected Products

phoenixcontact:mguard_firmware

Weaknesses (CWE)

CWE-99

References

http://www.securityfocus.com/bid/95648(ics-cert@hq.dhs.gov)

https://ics-cert.us-cert.gov/advisories/ICSA-17-017-01(ics-cert@hq.dhs.gov)

http://www.securityfocus.com/bid/95648(af854a3a-2127-422b-91ae-364da2661108)

https://ics-cert.us-cert.gov/advisories/ICSA-17-017-01(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.