Summary
An attacker may insert a carefully crafted cookie into a GET menu_pxc.cgi or GET index.cgi request to cause a buffer overflow that can initiate a Denial of Service attack and execute arbitrary code.
Impact
If vulnerability is exploited, the attacker may disable Web and Telnet services and execute arbitrary code.
Update 2018-05-28
Due to the way this vulnerability was discovered, the Attack Complexity has been changed from HIGH to LOW. This results in a new CVSS Vector with a severity of 9.8.
Affected Product(s)
| Model no. | Product name | Affected versions |
|---|---|---|
| 2891033 | FL SWITCH 3004T-FX | Firmware <=1.33 |
| 2891034 | FL SWITCH 3004T-FX ST | Firmware <=1.33 |
| 2891030 | FL SWITCH 3005 | Firmware <=1.33 |
| 2891032 | FL SWITCH 3005T | Firmware <=1.33 |
| 2891036 | FL SWITCH 3006T-2FX | Firmware <=1.33 |
| 2891060 | FL SWITCH 3006T-2FX SM | Firmware <=1.33 |
| 2891037 | FL SWITCH 3006T-2FX ST | Firmware <=1.33 |
| 2891031 | FL SWITCH 3008 | Firmware <=1.33 |
| 2891035 | FL SWITCH 3008T | Firmware <=1.33 |
| 2891120 | FL SWITCH 3012E-2FX | Firmware <=1.33 |
| 2891119 | FL SWITCH 3012E-2FX SM | Firmware <=1.33 |
| 2891067 | FL SWITCH 3012E-2SFX | Firmware <=1.33 |
| 2891058 | FL SWITCH 3016 | Firmware <=1.33 |
| 2891066 | FL SWITCH 3016E | Firmware <=1.33 |
| 2891059 | FL SWITCH 3016T | Firmware <=1.33 |
| 2891162 | FL SWITCH 4000T-8POE-2SFP-R | Firmware <=1.33 |
| 2891160 | FL SWITCH 4008T-2GT-3FX SM | Firmware <=1.33 |
| 2891061 | FL SWITCH 4008T-2GT-4FX SM | Firmware <=1.33 |
| 2891062 | FL SWITCH 4008T-2SFP | Firmware <=1.33 |
| 2891063 | FL SWITCH 4012T 2GT 2FX | Firmware <=1.33 |
| 2891161 | FL SWITCH 4012T-2GT-2FX ST | Firmware <=1.33 |
| 2891104 | FL SWITCH 4800E-24FX SM-4GC | Firmware <=1.33 |
| 2891102 | FL SWITCH 4800E-24FX-4GC | Firmware <=1.33 |
| 2891073 | FL SWITCH 4808E-16FX LC-4GC | Firmware <=1.33 |
| 2891074 | FL SWITCH 4808E-16FX SM LC-4GC | Firmware <=1.33 |
| 2891086 | FL SWITCH 4808E-16FX SM ST-4GC | Firmware <=1.33 |
| 2891080 | FL SWITCH 4808E-16FX SM-4GC | Firmware <=1.33 |
| 2891085 | FL SWITCH 4808E-16FX ST-4GC | Firmware <=1.33 |
| 2891079 | FL SWITCH 4808E-16FX-4GC | Firmware <=1.33 |
| 2891072 | FL SWITCH 4824E-4GC | Firmware <=1.33 |
Vulnerabilities
Expand / Collapse allAll Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to buffer overflows (a different vulnerability than CVE-2018-10731).
Mitigation
Customers using Phoenix Contact managed FL SWITCH devices with affected firmware versions are recommended to disable the switch Web Agent.
Remediation
Customers using Phoenix Contact managed FL SWITCH devices with affected firmware versions are recommended to update the firmware to version 1.34 or higher which fixes this vulnerability. The updated firmware may be downloaded from the managed switch product page on the Phoenix Contact website:
| Article No. | Model | Updated Firmware |
|---|---|---|
| 2891030 | FL SWITCH 3005 | Download Firmware |
| 2891032 | FL SWITCH 3005T | Download Firmware |
| 2891033 | FL SWITCH 3004T-FX | Download Firmware |
| 2891034 | FL SWITCH 3004T-FX ST | Download Firmware |
| 2891031 | FL SWITCH 3008 | Download Firmware |
| 2891035 | FL SWITCH 3008T | Download Firmware |
| 2891036 | FL SWITCH 3006T-2FX | Download Firmware |
| 2891037 | FL SWITCH 3006T-2FX ST | Download Firmware |
| 2891067 | FL SWITCH 3012E-2SFX | Download Firmware |
| 2891066 | FL SWITCH 3016E | Download Firmware |
| 2891058 | FL SWITCH 3016 | Download Firmware |
| 2891059 | FL SWITCH 3016T | Download Firmware |
| 2891060 | FL SWITCH 3006T-2FX SM | Download Firmware |
| 2891062 | FL SWITCH 4008T-2SFP | Download Firmware |
| 2891061 | FL SWITCH 4008T-2GT-4FX SM | Download Firmware |
| 2891160 | FL SWITCH 4008T-2GT-3FX SM | Download Firmware |
| 2891073 | FL SWITCH 4808E-16FX LC-4GC | Download Firmware |
| 2891080 | FL SWITCH 4808E-16FX SM-4GC | Download Firmware |
| 2891086 | FL SWITCH 4808E-16FX SM ST-4GC | Download Firmware |
| 2891085 | FL SWITCH 4808E-16FX ST-4GC | Download Firmware |
| 2891079 | FL SWITCH 4808E-16FX-4GC | Download Firmware |
| 2891074 | FL SWITCH 4808E-16FX SM LC-4GC | Download Firmware |
| 2891063 | FL SWITCH 4012T 2GT 2FX | Download Firmware |
| 2891161 | FL SWITCH 4012T-2GT-2FX ST | Download Firmware |
| 2891072 | FL SWITCH 4824E-4GC | Download Firmware |
| 2891102 | FL SWITCH 4800E-24FX-4GC | Download Firmware |
| 2891104 | FL SWITCH 4800E-24FX SM-4GC | Download Firmware |
| 2891120 | FL SWITCH 3012E-2FX | Download Firmware |
| 2891119 | FL SWITCH 3012E-2FX SM | Download Firmware |
| 2891162 | FL SWITCH 4000T-8POE-2SFP-R | please contact your local customer service |
Revision History
| Version | Date | Summary |
|---|---|---|
| 1 | 16.05.2018 12:00 | Initial revision. |
| 2 | 28.05.2018 12:00 | Update |
| 3 | 14.05.2025 15:00 | Fix: added distribution |