Zurück zur Übersicht

Phoenix Contact: FL SWITCH 3xxx/4xxx/48xx series through 1.33 allows Command Injection

VDE-2018-004
Last update
14.05.2025 14:28
Published at
16.05.2018 07:35
Vendor(s)
Phoenix Contact GmbH & Co. KG
External ID
VDE-2018-004
CSAF Document
Download

Summary

An attacker with permission to transfer configuration files to/from the switch or permission to upgrade firmware, is able to execute arbitrary OS shell commands. CGI applications config_transfer.cgi and software_update.cgi are prone to OS command injection through targeted manipulation of their web-request headers.

Impact

If the vulnerability is exploited, the attacker may create their own executable files that could further exploit the integrity of the managed FL SWITCH. For example, the attacker may deny switch network access.

Affected Product(s)

Model no. Product name Affected versions
2891033 FL SWITCH 3004T-FX Firmware 1.0<=1.33
2891034 FL SWITCH 3004T-FX ST Firmware 1.0<=1.33
2891030 FL SWITCH 3005 Firmware 1.0<=1.33
2891032 FL SWITCH 3005T Firmware 1.0<=1.33
2891036 FL SWITCH 3006T-2FX Firmware 1.0<=1.33
2891060 FL SWITCH 3006T-2FX SM Firmware 1.0<=1.33
2891037 FL SWITCH 3006T-2FX ST Firmware 1.0<=1.33
2891031 FL SWITCH 3008 Firmware 1.0<=1.33
2891035 FL SWITCH 3008T Firmware 1.0<=1.33
2891120 FL SWITCH 3012E-2FX Firmware 1.0<=1.33
2891119 FL SWITCH 3012E-2FX SM Firmware 1.0<=1.33
2891067 FL SWITCH 3012E-2SFX Firmware 1.0<=1.33
2891058 FL SWITCH 3016 Firmware 1.0<=1.33
2891066 FL SWITCH 3016E Firmware 1.0<=1.33
2891059 FL SWITCH 3016T Firmware 1.0<=1.33
2891162 FL SWITCH 4000T-8POE-2SFP-R Firmware 1.0<=1.33
2891160 FL SWITCH 4008T-2GT-3FX SM Firmware 1.0<=1.33
2891061 FL SWITCH 4008T-2GT-4FX SM Firmware 1.0<=1.33
2891062 FL SWITCH 4008T-2SFP Firmware 1.0<=1.33
2891063 FL SWITCH 4012T 2GT 2FX Firmware 1.0<=1.33
2891161 FL SWITCH 4012T-2GT-2FX ST Firmware 1.0<=1.33
2891104 FL SWITCH 4800E-24FX SM-4GC Firmware 1.0<=1.33
2891102 FL SWITCH 4800E-24FX-4GC Firmware 1.0<=1.33
2891073 FL SWITCH 4808E-16FX LC-4GC Firmware 1.0<=1.33
2891074 FL SWITCH 4808E-16FX SM LC-4GC Firmware 1.0<=1.33
2891086 FL SWITCH 4808E-16FX SM ST-4GC Firmware 1.0<=1.33
2891080 FL SWITCH 4808E-16FX SM-4GC Firmware 1.0<=1.33
2891085 FL SWITCH 4808E-16FX ST-4GC Firmware 1.0<=1.33
2891079 FL SWITCH 4808E-16FX-4GC Firmware 1.0<=1.33
2891072 FL SWITCH 4824E-4GC Firmware 1.0<=1.33

Vulnerabilities

Expand / Collapse all

Published
22.09.2025 14:57
Severity
9.1 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Weakness
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)
Summary

All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to OS command injection.

References
cve.org | nvd.nist.gov

Mitigation

Customers using Phoenix Contact managed FL SWITCH devices with affected firmware versions are recommended to disable the switch Web Agent.

Remediation

Customers using Phoenix Contact managed FL SWITCH devices with affected firmware versions are recommended to update the firmware to version 1.34 or higher which fixes this vulnerability. The updated firmware may be downloaded from the managed switch product page on the Phoenix Contact website.

Revision History

Version Date Summary
1 16.05.2018 07:35 Initial revision.
2 06.11.2024 12:27 Fix: correct certvde domain, added self-reference
3 14.05.2025 14:28 Fix: version space, added distribution