| Article No° | Product Name | Affected Version(s) |
|---|---|---|
| 2891033 | FL SWITCH 3004T-FX | < 1.33 |
| 2891034 | FL SWITCH 3004T-FX ST | < 1.33 |
| 2891030 | FL SWITCH 3005 | < 1.33 |
| 2891032 | FL SWITCH 3005T | < 1.33 |
| 2891036 | FL SWITCH 3006T-2FX | < 1.33 |
| 2891060 | FL SWITCH 3006T-2FX SM | < 1.33 |
| 2891037 | FL SWITCH 3006T-2FX ST | < 1.33 |
| 2891031 | FL SWITCH 3008 | < 1.33 |
| 2891035 | FL SWITCH 3008T | < 1.33 |
| 2891120 | FL SWITCH 3012E-2FX | < 1.33 |
| 2891119 | FL SWITCH 3012E-2FX SM | < 1.33 |
| 2891067 | FL SWITCH 3012E-2SFX | < 1.33 |
| 2891058 | FL SWITCH 3016 | < 1.33 |
| 2891066 | FL SWITCH 3016E | < 1.33 |
| 2891059 | FL SWITCH 3016T | < 1.33 |
| 2891162 | FL SWITCH 4000T-8POE-2SFP-R | < 1.33 |
| 2891160 | FL SWITCH 4008T-2GT-3FX SM | < 1.33 |
| 2891061 | FL SWITCH 4008T-2GT-4FX SM | < 1.33 |
| 2891062 | FL SWITCH 4008T-2SFP | < 1.33 |
| 2891063 | FL SWITCH 4012T 2GT 2FX | < 1.33 |
| 2891161 | FL SWITCH 4012T-2GT-2FX ST | < 1.33 |
| 2891102 | FL SWITCH 4800E-24FX-4GC | < 1.33 |
| 2891104 | FL SWITCH 4800E-24FX SM-4GC | < 1.33 |
| 2891079 | FL SWITCH 4808E-16FX-4GC | < 1.33 |
| 2891073 | FL SWITCH 4808E-16FX LC-4GC | < 1.33 |
| 2891080 | FL SWITCH 4808E-16FX SM-4GC | < 1.33 |
| 2891074 | FL SWITCH 4808E-16FX SM LC-4GC | < 1.33 |
| 2891086 | FL SWITCH 4808E-16FX SM ST-4GC | < 1.33 |
| 2891085 | FL SWITCH 4808E-16FX ST-4GC | < 1.33 |
| 2891072 | FL SWITCH 4824E-4GC | < 1.33 |
PHOENIX CONTACT FL SWITCH 3xxx series, FL SWITCH 4xxx series, and FL SWITCH 48xx series products running firmware version 1.0 to 1.32 allow unauthenticated users with network access to gain administrative privileges (CVE-2017-16743) and expose information to unauthenticated users in Monitor Mode (CVE-2017-16741).
CVE-2017-16743: web-service authentication bypass, improper authorization (CWE-285)
By crafting HTTP Set-Cookie and POST requests, an unauthenticated attacker with network access may bypass the web-service authentication and gain administrative privileges on the managed switch devices.
CVE-2017-16741: information exposure (CWE-200)
Any user with network access to a managed switch device may use Monitor Mode to read diagnostic information from the device's web interface without prior authentication in the web GUI. This includes information about model, subnet mask, uptime, and utilisation.
Customers using PHOENIX CONTACT FL SWITCH 3xxx series, FL SWITCH 4xxx series and FL SWITCH 48xx series devices with firmware versions up to 1.32 are recommended to update to firmware version 1.33 or higher, which fixes these vulnerabilities. The updated firmware may be downloaded from the following managed switch product pages on the vendor's website:
Ilya Karpov and Evgeniy Druzhinin (Positive Technologies) reported these vulnerabilities to PHOENIX CONTACT.