| Article No° | Product Name | Affected Version(s) |
|---|---|---|
| 2891033 | FL SWITCH 3004T-FX | 1.0 <= 1.33 |
| 2891034 | FL SWITCH 3004T-FX ST | 1.0 <= 1.33 |
| 2891030 | FL SWITCH 3005 | 1.0 <= 1.33 |
| 2891032 | FL SWITCH 3005T | 1.0 <= 1.33 |
| 2891036 | FL SWITCH 3006T-2FX | 1.0 <= 1.33 |
| 2891060 | FL SWITCH 3006T-2FX SM | 1.0 <= 1.33 |
| 2891037 | FL SWITCH 3006T-2FX ST | 1.0 <= 1.33 |
| 2891031 | FL SWITCH 3008 | 1.0 <= 1.33 |
| 2891035 | FL SWITCH 3008T | 1.0 <= 1.33 |
| 2891120 | FL SWITCH 3012E-2FX | 1.0 <= 1.33 |
| 2891119 | FL SWITCH 3012E-2FX SM | 1.0 <= 1.33 |
| 2891067 | FL SWITCH 3012E-2SFX | 1.0 <= 1.33 |
| 2891058 | FL SWITCH 3016 | 1.0 <= 1.33 |
| 2891066 | FL SWITCH 3016E | 1.0 <= 1.33 |
| 2891059 | FL SWITCH 3016T | 1.0 <= 1.33 |
| 2891162 | FL SWITCH 4000T-8POE-2SFP-R | 1.0 <= 1.33 |
| 2891160 | FL SWITCH 4008T-2GT-3FX SM | 1.0 <= 1.33 |
| 2891061 | FL SWITCH 4008T-2GT-4FX SM | 1.0 <= 1.33 |
| 2891062 | FL SWITCH 4008T-2SFP | 1.0 <= 1.33 |
| 2891063 | FL SWITCH 4012T 2GT 2FX | 1.0 <= 1.33 |
| 2891161 | FL SWITCH 4012T-2GT-2FX ST | 1.0 <= 1.33 |
| 2891102 | FL SWITCH 4800E-24FX-4GC | 1.0 <= 1.33 |
| 2891104 | FL SWITCH 4800E-24FX SM-4GC | 1.0 <= 1.33 |
| 2891079 | FL SWITCH 4808E-16FX-4GC | 1.0 <= 1.33 |
| 2891073 | FL SWITCH 4808E-16FX LC-4GC | 1.0 <= 1.33 |
| 2891080 | FL SWITCH 4808E-16FX SM-4GC | 1.0 <= 1.33 |
| 2891074 | FL SWITCH 4808E-16FX SM LC-4GC | 1.0 <= 1.33 |
| 2891086 | FL SWITCH 4808E-16FX SM ST-4GC | 1.0 <= 1.33 |
| 2891085 | FL SWITCH 4808E-16FX ST-4GC | 1.0 <= 1.33 |
| 2891072 | FL SWITCH 4824E-4GC | 1.0 <= 1.33 |
An attacker with permission to transfer configuration files to/from the switch or permission to upgrade firmware, is able to execute arbitrary OS shell commands. CGI applications config_transfer.cgi and software_update.cgi are prone to OS command injection through targeted manipulation of their web-request headers.
If the vulnerability is exploited, the attacker may create their own executable files that could further exploit the integrity of the managed FL SWITCH. For example, the attacker may deny switch network access.
Temporary Fix / Mitigation
Customers using Phoenix Contact managed FL SWITCH devices with affected firmware versions are recommended to disable the switch Web Agent.
Remediation
Customers using Phoenix Contact managed FL SWITCH devices with affected firmware versions are recommended to update the firmware to version 1.34 or higher which fixes this vulnerability. The updated firmware may be downloaded from the managed switch product page on the Phoenix Contact website:
| Article No. | Model | Updated Firmware |
| 2891030 | FL SWITCH 3005 | download |
| 2891032 | FL SWITCH 3005T | download |
| 2891033 | FL SWITCH 3004T-FX | download |
| 2891034 | FL SWITCH 3004T-FX ST | download |
| 2891031 | FL SWITCH 3008 | download |
| 2891035 | FL SWITCH 3008T | download |
| 2891036 | FL SWITCH 3006T-2FX | download |
| 2891037 | FL SWITCH 3006T-2FX ST | download |
| 2891067 | FL SWITCH 3012E-2SFX | download |
| 2891066 | FL SWITCH 3016E | download |
| 2891058 | FL SWITCH 3016 | download |
| 2891059 | FL SWITCH 3016T | download |
| 2891060 | FL SWITCH 3006T-2FX SM | download |
| 2891062 | FL SWITCH 4008T-2SFP | download |
| 2891061 | FL SWITCH 4008T-2GT-4FX SM | download |
| 2891160 | FL SWITCH 4008T-2GT-3FX SM | download |
| 2891073 | FL SWITCH 4808E-16FX LC-4GC | download |
| 2891080 | FL SWITCH 4808E-16FX SM-4GC | download |
| 2891086 | FL SWITCH 4808E-16FX SM ST-4GC | download |
| 2891085 | FL SWITCH 4808E-16FX ST-4GC | download |
| 2891079 | FL SWITCH 4808E-16FX-4GC | download |
| 2891074 | FL SWITCH 4808E-16FX SM LC-4GC | download |
| 2891063 | FL SWITCH 4012T 2GT 2FX | download |
| 2891161 | FL SWITCH 4012T-2GT-2FX ST | download |
| 2891072 | FL SWITCH 4824E-4GC | download |
| 2891102 | FL SWITCH 4800E-24FX-4GC | download |
| 2891104 | FL SWITCH 4800E-24FX SM-4GC | download |
| 2891120 | FL SWITCH 3012E-2FX | download |
| 2891119 | FL SWITCH 3012E-2FX SM | download |
| 2891162 | FL SWITCH 4000T-8POE-2SFP-R | please contact your local customer service |
Vyacheslav Moskvin (Positive Technologies) reported these vulnerabilities to PHOENIX CONTACT