Summary
PHOENIX CONTACT FL SWITCH 3xxx series, FL SWITCH 4xxx series, and FL SWITCH 48xx series products running firmware version 1.0 to 1.32 allow unauthenticated users with network access to gain administrative privileges (CVE-2017-16743) and expose information to unauthenticated users in Monitor Mode (CVE-2017-16741).
Impact
CVE-2017-16743: web-service authentication bypass, improper authorization (CWE-285) By crafting HTTP Set-Cookie and POST requests, an unauthenticated attacker with network access may bypass the web-service authentication and gain administrative privileges on the managed switch devices. CVE-2017-16741: information exposure (CWE-200) Any user with network access to a managed switch device may use Monitor Mode to read diagnostic information from the device's web interface without prior authentication in the web GUI. This includes information about model, subnet mask, uptime, and utilisation.
Affected Product(s)
| Model no. | Product name | Affected versions |
|---|---|---|
| 2891033 | FL SWITCH 3004T-FX | Firmware <1.33 |
| 2891034 | FL SWITCH 3004T-FX ST | Firmware <1.33 |
| 2891030 | FL SWITCH 3005 | Firmware <1.33 |
| 2891032 | FL SWITCH 3005T | Firmware <1.33 |
| 2891036 | FL SWITCH 3006T-2FX | Firmware <1.33 |
| 2891060 | FL SWITCH 3006T-2FX SM | Firmware <1.33 |
| 2891037 | FL SWITCH 3006T-2FX ST | Firmware <1.33 |
| 2891031 | FL SWITCH 3008 | Firmware <1.33 |
| 2891035 | FL SWITCH 3008T | Firmware <1.33 |
| 2891120 | FL SWITCH 3012E-2FX | Firmware <1.33 |
| 2891119 | FL SWITCH 3012E-2FX SM | Firmware <1.33 |
| 2891067 | FL SWITCH 3012E-2SFX | Firmware <1.33 |
| 2891058 | FL SWITCH 3016 | Firmware <1.33 |
| 2891066 | FL SWITCH 3016E | Firmware <1.33 |
| 2891059 | FL SWITCH 3016T | Firmware <1.33 |
| 2891162 | FL SWITCH 4000T-8POE-2SFP-R | Firmware <1.33 |
| 2891160 | FL SWITCH 4008T-2GT-3FX SM | Firmware <1.33 |
| 2891061 | FL SWITCH 4008T-2GT-4FX SM | Firmware <1.33 |
| 2891062 | FL SWITCH 4008T-2SFP | Firmware <1.33 |
| 2891063 | FL SWITCH 4012T-2GT-2FX | Firmware <1.33 |
| 2891161 | FL SWITCH 4012T-2GT-2FX ST | Firmware <1.33 |
| 2891104 | FL SWITCH 4800E-24FX SM-4GC | Firmware <1.33 |
| 2891102 | FL SWITCH 4800E-24FX-4GC | Firmware <1.33 |
| 2891073 | FL SWITCH 4808E-16FX LC-4GC | Firmware <1.33 |
| 2891074 | FL SWITCH 4808E-16FX SM LC-4GC | Firmware <1.33 |
| 2891086 | FL SWITCH 4808E-16FX SM ST-4GC | Firmware <1.33 |
| 2891080 | FL SWITCH 4808E-16FX SM-4GC | Firmware <1.33 |
| 2891085 | FL SWITCH 4808E-16FX ST-4GC | Firmware <1.33 |
| 2891079 | FL SWITCH 4808E-16FX-4GC | Firmware <1.33 |
| 2891072 | FL SWITCH 4824E-4GC | Firmware <1.33 |
Vulnerabilities
Expand / Collapse allAn Improper Authorization issue was discovered in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, and 48xxx Series products running firmware Version 1.0 to 1.32. A remote unauthenticated attacker may be able to craft special HTTP requests allowing an attacker to bypass web-service authentication allowing the attacker to obtain administrative privileges on the device.
An Information Exposure issue was discovered in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, and 48xxx Series products running firmware Version 1.0 to 1.32. A remote unauthenticated attacker may be able to use Monitor Mode on the device to read diagnostic information.
Remediation
Customers using PHOENIX CONTACT FL SWITCH 3xxx series, FL SWITCH 4xxx series, and FL SWITCH 48xx series devices with firmware versions up to 1.32 are recommended to update to firmware version 1.33 or higher, which fixes these vulnerabilities. The updated firmware may be downloaded from the following managed switch product pages on the vendor's website:
| Article No. | Model | Updated Firmware |
|---|---|---|
| 2891030 | FL SWITCH 3005 | Firmware Update |
| 2891032 | FL SWITCH 3005T | Firmware Update |
| 2891033 | FL SWITCH 3004T-FX | Firmware Update |
| 2891034 | FL SWITCH 3004T-FX ST | Firmware Update |
| 2891031 | FL SWITCH 3008 | Firmware Update |
| 2891035 | FL SWITCH 3008T | Firmware Update |
| 2891036 | FL SWITCH 3006T-2FX | Firmware Update |
| 2891037 | FL SWITCH 3006T-2FX ST | Firmware Update |
| 2891067 | FL SWITCH 3012E-2SFX | Firmware Update |
| 2891066 | FL SWITCH 3016E | Firmware Update |
| 2891058 | FL SWITCH 3016 | Firmware Update |
| 2891059 | FL SWITCH 3016T | Firmware Update |
| 2891060 | FL SWITCH 3006T-2FX SM | Firmware Update |
| 2891062 | FL SWITCH 4008T-2SFP | Firmware Update |
| 2891061 | FL SWITCH 4008T-2GT-4FX SM | Firmware Update |
| 2891160 | FL SWITCH 4008T-2GT-3FX SM | Firmware Update |
| 2891073 | FL SWITCH 4808E-16FX LC-4GC | Firmware Update |
| 2891080 | FL SWITCH 4808E-16FX SM-4GC | Firmware Update |
| 2891086 | FL SWITCH 4808E-16FX SM ST-4GC | Firmware Update |
| 2891085 | FL SWITCH 4808E-16FX ST-4GC | Firmware Update |
| 2891079 | FL SWITCH 4808E-16FX-4GC | Firmware Update |
| 2891074 | FL SWITCH 4808E-16FX SM LC-4GC | Firmware Update |
| 2891063 | FL SWITCH 4012T 2GT 2FX | Firmware Update |
| 2891161 | FL SWITCH 4012T-2GT-2FX ST | Firmware Update |
| 2891072 | FL SWITCH 4824E-4GC | Firmware Update |
| 2891102 | FL SWITCH 4800E-24FX-4GC | Firmware Update |
| 2891104 | FL SWITCH 4800E-24FX SM-4GC | Firmware Update |
| 2891120 | FL SWITCH 3012E-2FX | Firmware Update |
| 2891119 | FL SWITCH 3012E-2FX SM | Firmware Update |
| 2891162 | FL SWITCH 4000T-8POE-2SFP-R | Please contact your local customer service |
Revision History
| Version | Date | Summary |
|---|---|---|
| 1 | 10.01.2018 10:36 | Initial revision. |
| 2 | 10.04.2025 15:00 | fixed csaf reference URL |
| 3 | 14.05.2025 15:00 | Fix: added distribution |