CVE-2021-34582 : Vulnerability Insights and Analysis

A user with high privileges in Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1, and 1.5.0 can inject HTML code (XSS) through web-based management or the REST API with a manipulated certificate file.

Understanding CVE-2021-34582

This CVE involves a cross-site scripting (XSS) vulnerability in Phoenix Contact FL MGUARD devices.

What is CVE-2021-34582?

Phoenix Contact FL MGUARD 1102 and 1105, versions 1.4.0, 1.4.1, and 1.5.0 allow a user with high privileges to execute XSS attacks via web-based management or the REST API.

The Impact of CVE-2021-34582

The vulnerability can be exploited by an attacker with high privileges to inject malicious HTML code, potentially leading to unauthorized access or data theft.

Technical Details of CVE-2021-34582

This section provides technical details related to the vulnerability.

Vulnerability Description

A user with high privileges can inject HTML code (XSS) through web-based management or the REST API with a manipulated certificate file.

Affected Systems and Versions

FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1, and 1.5.0 are affected by this vulnerability.

Exploitation Mechanism

The vulnerability can be exploited by a user with high privileges through web-based management or the REST API.

Mitigation and Prevention

Measures to mitigate and prevent exploitation of the CVE.

Immediate Steps to Take

If an untrusted user may have exploited the vulnerability, it is recommended to revoke access for that user and re-upload the certificates on the Basic settings > LDAP and Logs > Remote logging pages through the REST API.

Long-Term Security Practices

Regularly update the firmware to the recommended version, currently firmware version 1.5.1 or any later version.

Patching and Updates

PHOENIX CONTACT recommends upgrading to firmware version 1.5.1 (or any later version) to address the vulnerability.