Share: Email | Twitter

ID

VDE-2019-001

Published

2019-01-23 13:02 (CET)

Last update

2019-01-23 13:02 (CET)

Vendor(s)

PHOENIX CONTACT GmbH & Co. KG

Product(s)

Article No° Product Name Affected Version(s)
2891033 FL SWITCH 3004T-FX 1.0 <= 1.34
2891034 FL SWITCH 3004T-FX ST 1.0 <= 1.34
2891030 FL SWITCH 3005 1.0 <= 1.34
2891032 FL SWITCH 3005T 1.0 <= 1.34
2891036 FL SWITCH 3006T-2FX 1.0 <= 1.34
2891060 FL SWITCH 3006T-2FX SM 1.0 <= 1.34
2891037 FL SWITCH 3006T-2FX ST 1.0 <= 1.34
2891031 FL SWITCH 3008 1.0 <= 1.34
2891035 FL SWITCH 3008T 1.0 <= 1.34
2891120 FL SWITCH 3012E-2FX 1.0 <= 1.34
2891119 FL SWITCH 3012E-2FX SM 1.0 <= 1.34
2891067 FL SWITCH 3012E-2SFX 1.0 <= 1.34
2891058 FL SWITCH 3016 1.0 <= 1.34
2891066 FL SWITCH 3016E 1.0 <= 1.34
2891059 FL SWITCH 3016T 1.0 <= 1.34
1026924 FL SWITCH 4000T-4POE-1SFP 1.0 <= 1.34
1026923 FL SWITCH 4000T-8POE-2SFP 1.0 <= 1.34
1026922 FL SWITCH 4004T-8POE-4SFP 1.0 <= 1.34
2891160 FL SWITCH 4008T-2GT-3FX SM 1.0 <= 1.34
2891061 FL SWITCH 4008T-2GT-4FX SM 1.0 <= 1.34
2891062 FL SWITCH 4008T-2SFP 1.0 <= 1.34
2891063 FL SWITCH 4012T-2GT-2FX 1.0 <= 1.34
2891161 FL SWITCH 4012T-2GT-2FX ST 1.0 <= 1.34
2891102 FL SWITCH 4800E-24FX-4GC 1.0 <= 1.34
2891104 FL SWITCH 4800E-24FX SM-4GC 1.0 <= 1.34
2891079 FL SWITCH 4808E-16FX-4GC 1.0 <= 1.34
2891073 FL SWITCH 4808E-16FX LC-4GC 1.0 <= 1.34
2891080 FL SWITCH 4808E-16FX SM-4GC 1.0 <= 1.34
2891074 FL SWITCH 4808E-16FX SM LC-4GC 1.0 <= 1.34
2891086 FL SWITCH 4808E-16FX SM ST-4GC 1.0 <= 1.34
2891085 FL SWITCH 4808E-16FX ST-4GC 1.0 <= 1.34
2891072 FL SWITCH 4824E-4GC 1.0 <= 1.34

Summary

Multiple vulnerabilities for FL SWITCH have been identified in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx version 1.0 to 1.34. 

Vulnerabilities



Last Update
31. Januar 2020 15:22
Weakness
Cross-Site Request Forgery (CSRF) (CWE-352)
Summary
The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is prone to CSRF.
Last Update
31. Januar 2020 15:27
Weakness
Improper Authentication (CWE-287)
Summary
The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions prior to 1.35 is vulnerable to brute-force attacks, because of Improper Restriction of Excessive Authentication Attempts.
Last Update
31. Januar 2020 15:28
Weakness
Credentials Management (CWE-255)
Summary
The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 allows for plaintext transmission (HTTP) of user credentials by default.
Last Update
31. Januar 2020 15:28
Weakness
Uncontrolled Resource Consumption (CWE-400)
Summary
The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is vulnerable to a denial-of-service attack by making more than 120 connections.
Last Update
31. Januar 2020 15:28
Weakness
Information Exposure (CWE-200)
Summary
The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 leaks private information in firmware images.
Last Update
31. Januar 2020 15:29
Weakness
Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119)
Summary
While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.

Solution

Remediation for CWE-319 (CVE-2018-13992):

Customers using Phoenix Contact managed FL SWITCH devices are recommended to enable HTTP security.


Remediation for CWE-352 (CVE-2018-13993), CWE-307 (CVE-2018-13990), CWE-400 (CVE-2018-13994), CWE-922 (CVE-2018-13991), CWE-119 (CVE-2017-3735)

Customers using Phoenix Contact managed FL SWITCH devices with affected firmware versions are recommended to update the firmware to version 1.35 or higher which fixes these vulnerabilities. The updated firmware may be downloaded from the managed switch product page on the Phoenix Contact website:

Article No.

Model

Updated Firmware

2891033

FL SWITCH 3004T-FX            

download

2891034

FL SWITCH 3004T-FX ST         

download

2891030

FL SWITCH 3005                

download

2891032

FL SWITCH 3005T               

download

2891036

FL SWITCH 3006T-2FX           

download

2891060

FL SWITCH 3006T-2FX SM        

download

2891037

FL SWITCH 3006T-2FX ST        

download

2891031

FL SWITCH 3008                

download

2891035

FL SWITCH 3008T               

download

2891120

FL SWITCH 3012E-2FX           

download

2891119

FL SWITCH 3012E-2FX SM        

download

2891067

FL SWITCH 3012E-2SFX          

download

2891058

FL SWITCH 3016                

download

2891066

FL SWITCH 3016E               

download

2891059

FL SWITCH 3016T               

download

1026924

FL SWITCH 4000T-4POE-1SFP

download

1026923

FL SWITCH 4000T-8POE-2SFP

download

1026922

FL SWITCH 4004T-8POE-4SFP

download

2891160

FL SWITCH 4008T-2GT-3FX SM    

download

2891061

FL SWITCH 4008T-2GT-4FX SM    

download

2891062

FL SWITCH 4008T-2SFP          

download

2891063

FL SWITCH 4012T-2GT-2FX       

download

2891161

FL SWITCH 4012T-2GT-2FX ST    

download

2891104

FL SWITCH 4800E-24FX SM-4GC   

download

2891102

FL SWITCH 4800E-24FX-4GC      

download

2891073

FL SWITCH 4808E-16FX LC-4GC   

download

2891074

FL SWITCH 4808E-16FX SM LC-4GC

download

2891086

FL SWITCH 4808E-16FX SM ST-4GC

download

2891080

FL SWITCH 4808E-16FX SM-4GC   

download

2891085

FL SWITCH 4808E-16FX ST-4GC   

download

2891079

FL SWITCH 4808E-16FX-4GC      

download

2891072

FL SWITCH 4824E-4GC           

download

Reported by

Theses vulnerabilities have been discovered by Evgeniy Druzhinin, Ilya Karpov and Georgy Zaytsev (Positive Technologies).

PHOENIX CONTACT reported these vulnerabilities to CERT@VDE.