← Retour aux CVEs

CVE-2017-5159

CRITICAL

9.8

Description

An issue was discovered on Phoenix Contact mGuard devices that have been updated to Version 8.4.0. When updating an mGuard device to Version 8.4.0 via the update-upload facility, the update will succeed, but it will reset the password of the admin user to its default value.

Details CVE

Score CVSS v3.19.8

SeveriteCRITICAL

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie2/13/2017

Derniere modification4/20/2025

Sourcenvd

Observations honeypot0

Produits affectes

phoenixcontact:mguard_firmware

Faiblesses (CWE)

CWE-99

References

http://www.securityfocus.com/bid/95648(ics-cert@hq.dhs.gov)

https://ics-cert.us-cert.gov/advisories/ICSA-17-017-01(ics-cert@hq.dhs.gov)

http://www.securityfocus.com/bid/95648(af854a3a-2127-422b-91ae-364da2661108)

https://ics-cert.us-cert.gov/advisories/ICSA-17-017-01(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.