| Article No° | Product Name | Affected Version(s) |
|---|---|---|
| 2891033 | FL SWITCH 3004T-FX | 1.0 <= 1.33 |
| 2891034 | FL SWITCH 3004T-FX ST | 1.0 <= 1.33 |
| 2891030 | FL SWITCH 3005 | 1.0 <= 1.33 |
| 2891032 | FL SWITCH 3005T | 1.0 <= 1.33 |
| 2891036 | FL SWITCH 3006T-2FX | 1.0 <= 1.33 |
| 2891060 | FL SWITCH 3006T-2FX SM | 1.0 <= 1.33 |
| 2891037 | FL SWITCH 3006T-2FX ST | 1.0 <= 1.33 |
| 2891031 | FL SWITCH 3008 | 1.0 <= 1.33 |
| 2891035 | FL SWITCH 3008T | 1.0 <= 1.33 |
| 2891120 | FL SWITCH 3012E-2FX | 1.0 <= 1.33 |
| 2891119 | FL SWITCH 3012E-2FX SM | 1.0 <= 1.33 |
| 2891067 | FL SWITCH 3012E-2SFX | 1.0 <= 1.33 |
| 2891058 | FL SWITCH 3016 | 1.0 <= 1.33 |
| 2891066 | FL SWITCH 3016E | 1.0 <= 1.33 |
| 2891059 | FL SWITCH 3016T | 1.0 <= 1.33 |
| 2891162 | FL SWITCH 4000T-8POE-2SFP-R | 1.0 <= 1.33 |
| 2891160 | FL SWITCH 4008T-2GT-3FX SM | 1.0 <= 1.33 |
| 2891061 | FL SWITCH 4008T-2GT-4FX SM | 1.0 <= 1.33 |
| 2891062 | FL SWITCH 4008T-2SFP | 1.0 <= 1.33 |
| 2891063 | FL SWITCH 4012T 2GT 2FX | 1.0 <= 1.33 |
| 2891161 | FL SWITCH 4012T-2GT-2FX ST | 1.0 <= 1.33 |
| 2891102 | FL SWITCH 4800E-24FX-4GC | 1.0 <= 1.33 |
| 2891104 | FL SWITCH 4800E-24FX SM-4GC | 1.0 <= 1.33 |
| 2891079 | FL SWITCH 4808E-16FX-4GC | 1.0 <= 1.33 |
| 2891073 | FL SWITCH 4808E-16FX LC-4GC | 1.0 <= 1.33 |
| 2891080 | FL SWITCH 4808E-16FX SM-4GC | 1.0 <= 1.33 |
| 2891074 | FL SWITCH 4808E-16FX SM LC-4GC | 1.0 <= 1.33 |
| 2891086 | FL SWITCH 4808E-16FX SM ST-4GC | 1.0 <= 1.33 |
| 2891085 | FL SWITCH 4808E-16FX ST-4GC | 1.0 <= 1.33 |
| 2891072 | FL SWITCH 4824E-4GC | 1.0 <= 1.33 |
An attacker may insert a carefully crafted cookie into a GET menu_pxc.cgi or GET index.cgi request to cause a buffer overflow that can initiate a Denial of Service attack and execute arbitrary code.
If vulnerability is exploited, the attacker may disable Web and Telnet services and execute arbitrary code.
Update 2018-05-28
Due to the way this vulnerability was discovered, the Attack Complexity has been changed from HIGH to LOW. This results in a new CVSS Vector with a severity of 9.8.
Temporary Fix / Mitigation
Customers using Phoenix Contact managed FL SWITCH devices with affected firmware versions are recommended to disable the switch Web Agent.
Remediation
Customers using Phoenix Contact managed FL SWITCH devices with affected firmware versions are recommended to update the firmware to version 1.34 or higher which fixes this vulnerability. The updated firmware may be downloaded from the managed switch product page on the Phoenix Contact website:
| Article No. | Model | Updated Firmware |
| 2891030 | FL SWITCH 3005 | download |
| 2891032 | FL SWITCH 3005T | download |
| 2891033 | FL SWITCH 3004T-FX | download |
| 2891034 | FL SWITCH 3004T-FX ST | download |
| 2891031 | FL SWITCH 3008 | download |
| 2891035 | FL SWITCH 3008T | download |
| 2891036 | FL SWITCH 3006T-2FX | download |
| 2891037 | FL SWITCH 3006T-2FX ST | download |
| 2891067 | FL SWITCH 3012E-2SFX | download |
| 2891066 | FL SWITCH 3016E | download |
| 2891058 | FL SWITCH 3016 | download |
| 2891059 | FL SWITCH 3016T | download |
| 2891060 | FL SWITCH 3006T-2FX SM | download |
| 2891062 | FL SWITCH 4008T-2SFP | download |
| 2891061 | FL SWITCH 4008T-2GT-4FX SM | download |
| 2891160 | FL SWITCH 4008T-2GT-3FX SM | download |
| 2891073 | FL SWITCH 4808E-16FX LC-4GC | download |
| 2891080 | FL SWITCH 4808E-16FX SM-4GC | download |
| 2891086 | FL SWITCH 4808E-16FX SM ST-4GC | download |
| 2891085 | FL SWITCH 4808E-16FX ST-4GC | download |
| 2891079 | FL SWITCH 4808E-16FX-4GC | download |
| 2891074 | FL SWITCH 4808E-16FX SM LC-4GC | download |
| 2891063 | FL SWITCH 4012T 2GT 2FX | download |
| 2891161 | FL SWITCH 4012T-2GT-2FX ST | download |
| 2891072 | FL SWITCH 4824E-4GC | download |
| 2891102 | FL SWITCH 4800E-24FX-4GC | download |
| 2891104 | FL SWITCH 4800E-24FX SM-4GC | download |
| 2891120 | FL SWITCH 3012E-2FX | download |
| 2891119 | FL SWITCH 3012E-2FX SM | download |
| 2891162 | FL SWITCH 4000T-8POE-2SFP-R | please contact your local customer service |
Evgeniy Druzhinin, Georgy Zaytsev and Ilya Karpov (Positive Technologies) reported these vulnerabilities to PHOENIX CONTACT