PatchSiren cyber security CVE debrief
CVE-2017-5159 Phoenixcontact CVE debrief
CVE-2017-5159 describes a password-reset flaw affecting Phoenix Contact mGuard devices updated to firmware version 8.4.0. According to the NVD record, completing an update through the update-upload facility succeeds but resets the admin user password to its default value. That can leave affected devices exposed to unauthorized administrative access if the default credential is known or not immediately changed after the update.
- Vendor
- Phoenixcontact
- Product
- CVE-2017-5159
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2017-02-13
- Original CVE updated
- 2026-05-13
- Advisory published
- 2017-02-13
- Advisory updated
- 2026-05-13
Who should care
Industrial control and network security teams responsible for Phoenix Contact mGuard devices, especially anyone performing firmware upgrades or managing shared/admin access on affected appliances.
Technical summary
The NVD entry identifies mGuard firmware 8.4.0 as vulnerable and describes the issue as an update-upload operation that completes successfully but resets the admin password to its default value. NVD assigns CVSS v3.1 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating a remotely reachable, high-impact authentication-related condition. The listed weakness is CWE-99 in the supplied source data.
Defensive priority
High. Any affected device that has been upgraded to firmware 8.4.0 via the update-upload path should be treated as immediately needing credential verification and access review, because an admin password reset can expose the device to unauthorized control.
Recommended defensive actions
- Identify Phoenix Contact mGuard devices running firmware 8.4.0 and confirm whether the update-upload process was used.
- Immediately verify the admin password on any affected device and change it from the default value if necessary.
- Review administrative access logs and configuration changes for signs of unauthorized access after the firmware update.
- Apply the vendor or US-CERT mitigation guidance referenced in the NVD record before performing further upgrades or maintenance.
- Limit administrative exposure to trusted management networks and ensure strong, unique credentials are enforced on all affected appliances.
Evidence notes
All claims here are limited to the supplied NVD-derived source corpus. The core issue statement comes from the CVE description: updating an mGuard device to version 8.4.0 via the update-upload facility succeeds but resets the admin password to its default value. The vulnerable CPE in the source data is phoenixcontact mGuard firmware 8.4.0. NVD also supplies CVSS v3.1 9.8 with vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H and lists CWE-99. The source corpus references a SecurityFocus BID entry and an ICS-CERT/US-CERT advisory as mitigation or third-party references, but their contents were not used unless stated in the NVD metadata.
Official resources
-
CVE-2017-5159 CVE record
CVE.org
-
CVE-2017-5159 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
-
Mitigation or vendor reference
[email protected] - Mitigation, Third Party Advisory, US Government Resource
CVE published 2017-02-13T21:59:02.800Z; source and CVE metadata last modified 2026-05-13T00:24:29.033Z.