Vulnerabilities > CVE-2017-16743 - Incorrect Authorization vulnerability in Phoenixcontact products

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
phoenixcontact
CWE-863
critical

Summary

An Improper Authorization issue was discovered in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, and 48xxx Series products running firmware Version 1.0 to 1.32. A remote unauthenticated attacker may be able to craft special HTTP requests allowing an attacker to bypass web-service authentication allowing the attacker to obtain administrative privileges on the device.

Vulnerable Configurations

Part Description Count
OS
Phoenixcontact
232
Hardware
Phoenixcontact
29

Common Weakness Enumeration (CWE)