CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-21002 – Denial of Service in Phoenix Contact FL COMSERVER UNI products
https://notcve.org/view.php?id=CVE-2021-21002
In Phoenix Contact FL COMSERVER UNI in versions < 2.40 a invalid Modbus exception response can lead to a temporary denial of service. En Phoenix Contact FL COMSERVER UNI en versiones anteriores a 2.40, una respuesta de excepción Modbus no válida puede conllevar a una denegación de servicio temporal • https://cert.vde.com/en-us/advisories/vde-2021-022 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.1EPSS: 1%CPEs: 26EXPL: 0CVE-2017-16723
https://notcve.org/view.php?id=CVE-2017-16723
A Cross-site Scripting issue was discovered in PHOENIX CONTACT FL COMSERVER BASIC 232/422/485, FL COMSERVER UNI 232/422/485, FL COMSERVER BAS 232/422/485-T, FL COMSERVER UNI 232/422/485-T, FL COM SERVER RS232, FL COM SERVER RS485, and PSI-MODEM/ETH (running firmware versions prior to 1.99, 2.20, or 2.40). The cross-site scripting vulnerability has been identified, which may allow remote code execution. Se ha descubierto un problema de Cross-Site Scripting en PHOENIX CONTACT FL COMSERVER BASIC 232/422/485, FL COMSERVER UNI 232/422/485, FL COMSERVER BAS 232/422/485-T, FL COMSERVER UNI 232/422/485-T, FL COM SERVER RS232, FL COM SERVER RS485 y PSI-MODEM/ETH (ejecutando firmware en versiones anteriores a la 1.99, 2.20 o 2.40). La vulnerabilidad de Cross-Site Scripting (XSS) se ha identificado, la cual podría permitir la ejecución remota de código. • http://www.securityfocus.com/bid/102111 https://cert.vde.com/de-de/advisories/vde-2017-004 https://ics-cert.us-cert.gov/advisories/ICSA-17-341-03 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •