First published: Wed Nov 10 2021(Updated: )
In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 a user with high privileges can inject HTML code (XSS) through web-based management or the REST API with a manipulated certificate file.
Credit: info@cert.vde.com
Affected Software | Affected Version | How to fix |
---|---|---|
Phoenixcontact Fl Mguard 1102 Firmware | =1.4.0 | |
Phoenixcontact Fl Mguard 1102 Firmware | =1.4.1 | |
Phoenixcontact Fl Mguard 1102 Firmware | =1.5.0 | |
Phoenixcontact Fl Mguard 1102 | ||
Phoenixcontact Fl Mguard 1105 Firmware | =1.4.0 | |
Phoenixcontact Fl Mguard 1105 Firmware | =1.4.1 | |
Phoenixcontact Fl Mguard 1105 Firmware | =1.5.0 | |
Phoenixcontact Fl Mguard 1105 |
PHOENIX CONTACT recomments to upgrade to firmware version 1.5.1 (or any later version).
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-34582 is a vulnerability in Phoenix Contact FL MGUARD 1102 and 1105 firmware versions 1.4.0, 1.4.1, and 1.5.0 that allows a user with high privileges to inject HTML code (XSS) through the web-based management or the REST API with a manipulated certificate file.
CVE-2021-34582 allows an attacker with high privileges to inject HTML code (XSS) in Phoenix Contact FL MGUARD 1102 and 1105, compromising the security of the system.
The severity of CVE-2021-34582 is medium with a severity score of 4.8.
To fix the HTML code injection vulnerability in Phoenix Contact FL MGUARD 1102 and 1105, users should update to the latest firmware version provided by Phoenix Contact.
More information about CVE-2021-34582 can be found at the following reference: https://cert.vde.com/en/advisories/VDE-2021-046/