| Article No° | Product Name | Affected Version(s) |
|---|---|---|
| 2891033 | FL SWITCH 3004T-FX | 1.0 <= 1.33 |
| 2891034 | FL SWITCH 3004T-FX ST | 1.0 <= 1.33 |
| 2891030 | FL SWITCH 3005 | 1.0 <= 1.33 |
| 2891032 | FL SWITCH 3005T | 1.0 <= 1.33 |
| 2891036 | FL SWITCH 3006T-2FX | 1.0 <= 1.33 |
| 2891060 | FL SWITCH 3006T-2FX SM | 1.0 <= 1.33 |
| 2891037 | FL SWITCH 3006T-2FX ST | 1.0 <= 1.33 |
| 2891031 | FL SWITCH 3008 | 1.0 <= 1.33 |
| 2891035 | FL SWITCH 3008T | 1.0 <= 1.33 |
| 2891120 | FL SWITCH 3012E-2FX | 1.0 <= 1.33 |
| 2891119 | FL SWITCH 3012E-2FX SM | 1.0 <= 1.33 |
| 2891067 | FL SWITCH 3012E-2SFX | 1.0 <= 1.33 |
| 2891058 | FL SWITCH 3016 | 1.0 <= 1.33 |
| 2891066 | FL SWITCH 3016E | 1.0 <= 1.33 |
| 2891059 | FL SWITCH 3016T | 1.0 <= 1.33 |
| 2891162 | FL SWITCH 4000T-8POE-2SFP-R | 1.0 <= 1.33 |
| 2891160 | FL SWITCH 4008T-2GT-3FX SM | 1.0 <= 1.33 |
| 2891061 | FL SWITCH 4008T-2GT-4FX SM | 1.0 <= 1.33 |
| 2891062 | FL SWITCH 4008T-2SFP | 1.0 <= 1.33 |
| 2891063 | FL SWITCH 4012T 2GT 2FX | 1.0 <= 1.33 |
| 2891161 | FL SWITCH 4012T-2GT-2FX ST | 1.0 <= 1.33 |
| 2891102 | FL SWITCH 4800E-24FX-4GC | 1.0 <= 1.33 |
| 2891104 | FL SWITCH 4800E-24FX SM-4GC | 1.0 <= 1.33 |
| 2891079 | FL SWITCH 4808E-16FX-4GC | 1.0 <= 1.33 |
| 2891073 | FL SWITCH 4808E-16FX LC-4GC | 1.0 <= 1.33 |
| 2891080 | FL SWITCH 4808E-16FX SM-4GC | 1.0 <= 1.33 |
| 2891074 | FL SWITCH 4808E-16FX SM LC-4GC | 1.0 <= 1.33 |
| 2891086 | FL SWITCH 4808E-16FX SM ST-4GC | 1.0 <= 1.33 |
| 2891085 | FL SWITCH 4808E-16FX ST-4GC | 1.0 <= 1.33 |
| 2891072 | FL SWITCH 4824E-4GC | 1.0 <= 1.33 |
Web interface CGI applications may copy the contents of the running configuration file to a commonly accessed file. Clever manipulation of a web login request can expose the contents of this file through to the web browser. A successful web interface login attempt is not required to read the configuration file contents.
FL SWITCH Configuration File can be read by unauthenticated user.
FL SWITCH Configuration File can be read by unauthenticated user.
Temporary Fix / Mitigation
Customers using Phoenix Contact managed FL SWITCH devices with affected firmware versions are recommended to disable the switch Web Agent.
Remediation
Customers using Phoenix Contact managed FL SWITCH devices with affected firmware versions are recommended to update the firmware to version 1.34 or higher which fixes this vulnerability. The updated firmware may be downloaded from the managed switch product page on the Phoenix Contact website:
| Article No. | Model | Updated Firmware |
| 2891030 | FL SWITCH 3005 | download |
| 2891032 | FL SWITCH 3005T | download |
| 2891033 | FL SWITCH 3004T-FX | download |
| 2891034 | FL SWITCH 3004T-FX ST | download |
| 2891031 | FL SWITCH 3008 | download |
| 2891035 | FL SWITCH 3008T | download |
| 2891036 | FL SWITCH 3006T-2FX | download |
| 2891037 | FL SWITCH 3006T-2FX ST | download |
| 2891067 | FL SWITCH 3012E-2SFX | download |
| 2891066 | FL SWITCH 3016E | download |
| 2891058 | FL SWITCH 3016 | download |
| 2891059 | FL SWITCH 3016T | download |
| 2891060 | FL SWITCH 3006T-2FX SM | download |
| 2891062 | FL SWITCH 4008T-2SFP | download |
| 2891061 | FL SWITCH 4008T-2GT-4FX SM | download |
| 2891160 | FL SWITCH 4008T-2GT-3FX SM | download |
| 2891073 | FL SWITCH 4808E-16FX LC-4GC | download |
| 2891080 | FL SWITCH 4808E-16FX SM-4GC | download |
| 2891086 | FL SWITCH 4808E-16FX SM ST-4GC | download |
| 2891085 | FL SWITCH 4808E-16FX ST-4GC | download |
| 2891079 | FL SWITCH 4808E-16FX-4GC | download |
| 2891074 | FL SWITCH 4808E-16FX SM LC-4GC | download |
| 2891063 | FL SWITCH 4012T 2GT 2FX | download |
| 2891161 | FL SWITCH 4012T-2GT-2FX ST | download |
| 2891072 | FL SWITCH 4824E-4GC | download |
| 2891102 | FL SWITCH 4800E-24FX-4GC | download |
| 2891104 | FL SWITCH 4800E-24FX SM-4GC | download |
| 2891120 | FL SWITCH 3012E-2FX | download |
| 2891119 | FL SWITCH 3012E-2FX SM | download |
| 2891162 | FL SWITCH 4000T-8POE-2SFP-R | please contact your local customer service |
Semen Sokolov (Positive Technologies) reported these vulnerabilities to PHOENIX CONTACT