Phoenix Contact: FL SWITCH 3xxx/4xxx/48xx series - Stack-based Buffer Overflow in shared object file

VDE-2018-007

Last update

05/22/2025 15:03

Published at

05/16/2018 12:00

Vendor(s)

Phoenix Contact GmbH & Co. KG

External ID

VDE-2018-007

CSAF Document

Download

Summary

An attacker may exploit a 'long cookie' related vulnerability to cause a buffer overflow that allows unauthorized access to the switches operating system files. The attacker can then insert executable code into the OS.

Impact

If vulnerability is exploited, the attacker may create their own executable files that could further exploit the integrity of the managed FL SWITCH. For example, the attacker may deny switch network access.

Affected Product(s)

Model no.	Product name	Affected versions
2891033	FL SWITCH 3004T-FX	Firmware 1.0<=1.33
2891034	FL SWITCH 3004T-FX ST	Firmware 1.0<=1.33
2891030	FL SWITCH 3005	Firmware 1.0<=1.33
2891032	FL SWITCH 3005T	Firmware 1.0<=1.33
2891036	FL SWITCH 3006T-2FX	Firmware 1.0<=1.33
2891060	FL SWITCH 3006T-2FX SM	Firmware 1.0<=1.33
2891037	FL SWITCH 3006T-2FX ST	Firmware 1.0<=1.33
2891031	FL SWITCH 3008	Firmware 1.0<=1.33
2891035	FL SWITCH 3008T	Firmware 1.0<=1.33
2891120	FL SWITCH 3012E-2FX	Firmware 1.0<=1.33
2891119	FL SWITCH 3012E-2FX SM	Firmware 1.0<=1.33
2891067	FL SWITCH 3012E-2SFX	Firmware 1.0<=1.33
2891058	FL SWITCH 3016	Firmware 1.0<=1.33
2891066	FL SWITCH 3016E	Firmware 1.0<=1.33
2891059	FL SWITCH 3016T	Firmware 1.0<=1.33
2891162	FL SWITCH 4000T-8POE-2SFP-R	Firmware 1.0<=1.33
2891160	FL SWITCH 4008T-2GT-3FX SM	Firmware 1.0<=1.33
2891061	FL SWITCH 4008T-2GT-4FX SM	Firmware 1.0<=1.33
2891062	FL SWITCH 4008T-2SFP	Firmware 1.0<=1.33
2891063	FL SWITCH 4012T 2GT 2FX	Firmware 1.0<=1.33
2891161	FL SWITCH 4012T-2GT-2FX ST	Firmware 1.0<=1.33
2891104	FL SWITCH 4800E-24FX SM-4GC	Firmware 1.0<=1.33
2891102	FL SWITCH 4800E-24FX-4GC	Firmware 1.0<=1.33
2891073	FL SWITCH 4808E-16FX LC-4GC	Firmware 1.0<=1.33
2891074	FL SWITCH 4808E-16FX SM LC-4GC	Firmware 1.0<=1.33
2891086	FL SWITCH 4808E-16FX SM ST-4GC	Firmware 1.0<=1.33
2891080	FL SWITCH 4808E-16FX SM-4GC	Firmware 1.0<=1.33
2891085	FL SWITCH 4808E-16FX ST-4GC	Firmware 1.0<=1.33
2891079	FL SWITCH 4808E-16FX-4GC	Firmware 1.0<=1.33
2891072	FL SWITCH 4824E-4GC	Firmware 1.0<=1.33

Vulnerabilities

Expand / Collapse all

Published

09/22/2025 14:57

Severity

9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Weakness

Stack-based Buffer Overflow (CWE-121)

Summary

All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to buffer overflows when handling very large cookies (a different vulnerability than CVE-2018-10728).

References

cve.org | nvd.nist.gov

Mitigation

Customers using Phoenix Contact managed FL SWITCH devices with affected firmware versions are recommended to disable the switch Web Agent.

Remediation

Customers using Phoenix Contact managed FL SWITCH devices with affected firmware versions are recommended to update the firmware to version 1.34 or higher which fixes this vulnerability. The updated firmware may be downloaded from the managed switch product page on the Phoenix Contact website.

Revision History

Version	Date	Summary
1	05/16/2018 12:00	Initial revision.
2	11/06/2024 12:27	Fix: correct certvde domain, added self-reference
3	05/22/2025 15:03	Fix: version space, added distribution, quotation mark

Phoenix Contact: FL SWITCH 3xxx/4xxx/48xx series - Stack-based Buffer Overflow in shared object file

Summary

Impact

Affected Product(s)

Vulnerabilities

CVE-2018-10731 9

Mitigation

Remediation

Revision History