SB2018051807 - Multiple vulnerabilities in PHOENIX CONTACT FL SWITCH 3xxx/4xxx/48xx Series

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) OS command injection (CVE-ID: CVE-2018-10730)

The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.

The weakness exists due to command injection. A remote attacker with permission to transfer configuration files to or from the switch or permission to upgrade firmware can execute arbitrary OS shell commands.

Successful exploitation of the vulnerability may result in system compromise.

2) Information disclosure (CVE-ID: CVE-2018-10729)

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to Web interface CGI applications may copy the contents of the running configuration file to a commonly accessed file. A remote attacker can submit a web login request can expose the contents of this file through to the web browser.

3) Stack-based buffer overflow (CVE-ID: CVE-2018-10728)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to stack-based buffer overflow. A remote attacker can insert a specially crafted cookie into a GET request, trigger memory corruption and execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

4) Stack-based buffer overflow (CVE-ID: CVE-2018-10731)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to stack-based buffer overflow. A remote attacker can gain unauthorized access to the switches operating system files and the insert executable code into the OS.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Install update from vendor's website.

References

• https://ics-cert.us-cert.gov/advisories/ICSA-18-137-02