// For flags

CVE-2017-5159

 

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An issue was discovered on Phoenix Contact mGuard devices that have been updated to Version 8.4.0. When updating an mGuard device to Version 8.4.0 via the update-upload facility, the update will succeed, but it will reset the password of the admin user to its default value.

Ha sido descubierto un problema en dispositivos Phoenix Contact mGuard que se actualizaron a la Versión 8.4.0. Cuando se está actualizando un dispositivo mGuard a la Versión 8.4.0 mediante la función de actualización-carga, la actualización se realizará correctamente, pero restablecerá la contraseña del usuario administrador a su valor predeterminado.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-01-03 CVE Reserved
  • 2017-02-13 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-05 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-99: Improper Control of Resource Identifiers ('Resource Injection')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Phoenixcontact
Search vendor "Phoenixcontact"
 Mguard Firmware
Search vendor "Phoenixcontact" for product "Mguard Firmware"
 8.4.0
Search vendor "Phoenixcontact" for product "Mguard Firmware" and version "8.4.0"
-
Affected