CVE-2017-5159

Improper Control of Resource Identifiers ('Resource Injection') (CWE-99)

Published: Feb 13, 2017 / Updated: 39mo ago

010
CVSS 9.8EPSS 0.21%Critical
CVE info copied to clipboard

An issue was discovered on Phoenix Contact mGuard devices that have been updated to Version 8.4.0. When updating an mGuard device to Version 8.4.0 via the update-upload facility, the update will succeed, but it will reset the password of the admin user to its default value.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Timeline

First Article

Feedly found the first article mentioning CVE-2017-5159. See article

Jan 18, 2017 at 12:32 AM / www.isssource.com
EPSS

EPSS Score was set to: 0.21% (Percentile: 58.5%)

Nov 3, 2023 at 5:55 AM
Static CVE Timeline Graph

Affected Systems

Phoenixcontact/mguard_firmware
+null more

Attack Patterns

CAPEC-10: Buffer Overflow via Environment Variables
+null more

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI