SB2017092008 - Multiple vulnerabilities in PHOENIX CONTACT mGuard Device Manager 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017092008

SB2017092008 - Multiple vulnerabilities in PHOENIX CONTACT mGuard Device Manager

Published: September 20, 2017

Security Bulletin ID SB2017092008
Severity
High
Patch available
YES
Number of vulnerabilities 10
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

High 20% Low 80%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 10 secuirty vulnerabilities.


1) Remote code execution (CVE-ID: CVE-2017-10102)

The vulnerability allows a remote authenticated attacker to execute arbitrary code.

The weakness exists due to unknown error. A remote attacker can trick the victim into visiting a specially crafted website, execute arbitrary code with elevated privileges and take full control over the system.

2) Remote code execution (CVE-ID: CVE-2017-10116)

The vulnerability allows a remote authenticated attacker to execute arbitrary code.

The weakness exists due to unknown error. A remote attacker can trick the victim into visiting a specially crafted website, execute arbitrary code with elevated privileges and take full control over the system.

3) Security restrictions bypass (CVE-ID: CVE-2017-10078)

The vulnerability allows a remote attacker to bypass security restrictions.

The weakness exists due to unknown error. A remote attacker can trick the victim into visiting a specially crafted website, bypass security restrictions and disclose and modify important data on the system.

4) Information disclosure (CVE-ID: CVE-2017-10115)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to unknown error. A remote attacker can disclose important data on the target system

5) Information disclosure (CVE-ID: CVE-2017-10118)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to unknown error. A remote attacker can disclose important data on the target system

6) Information disclosure (CVE-ID: CVE-2017-10176)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to unknown error. A remote attacker can disclose important data on the target system

7) Information disclosure (CVE-ID: CVE-2017-10198)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to unknown error. A remote attacker can use multiple protocols to disclose important data on the target system

8) Information disclosure (CVE-ID: CVE-2017-10135)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to unknown error. A remote attacker can disclose important data on the target system

9) Denial of service (CVE-ID: CVE-2017-10053)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to unknown error. A remote attacker can cause the application to crash.

10) Denial of service (CVE-ID: CVE-2017-10108)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to unknown error. A remote attacker can cause the application to crash.

Remediation

Install update from vendor's website.

References