Multiple vulnerabilities in PHOENIX CONTACT FL SWITCH 3xxx/4xxx/48xx Series



Risk High
Patch available YES
Number of vulnerabilities 4
CVE-ID CVE-2018-10730
CVE-2018-10729
CVE-2018-10728
CVE-2018-10731
CWE-ID CWE-78
CWE-200
CWE-121
Exploitation vector Network
Public exploit N/A
Vulnerable software
 FL SWITCH 4000T-8POE-2SFP-R
Hardware solutions / Routers & switches, VoIP, GSM, etc

FL SWITCH 3012E-2FX SM
Hardware solutions / Routers & switches, VoIP, GSM, etc

FL SWITCH 4800E-24FX SM-4GC
Hardware solutions / Routers & switches, VoIP, GSM, etc

FL SWITCH 4800E-24FX-4GC
Hardware solutions / Routers & switches, VoIP, GSM, etc

FL SWITCH 4824E-4GC
Hardware solutions / Routers & switches, VoIP, GSM, etc

FL SWITCH 4012T-2GT-2FX ST
Hardware solutions / Routers & switches, VoIP, GSM, etc

FL SWITCH 4012T 2GT 2FX
Hardware solutions / Routers & switches, VoIP, GSM, etc

FL SWITCH 4808E-16FX SM LC-4GC
Hardware solutions / Routers & switches, VoIP, GSM, etc

FL SWITCH 4808E-16FX-4GC
Hardware solutions / Routers & switches, VoIP, GSM, etc

FL SWITCH 4808E-16FX ST-4GC
Hardware solutions / Routers & switches, VoIP, GSM, etc

FL SWITCH 4808E-16FX SM ST-4GC
Hardware solutions / Routers & switches, VoIP, GSM, etc

FL SWITCH 4808E-16FX SM-4GC
Hardware solutions / Routers & switches, VoIP, GSM, etc

FL SWITCH 4808E-16FX LC-4GC
Hardware solutions / Routers & switches, VoIP, GSM, etc

FL SWITCH 4008T-2GT-3FX SM
Hardware solutions / Routers & switches, VoIP, GSM, etc

FL SWITCH 4008T-2GT-4FX SM
Hardware solutions / Routers & switches, VoIP, GSM, etc

FL SWITCH 4008T-2SFP
Hardware solutions / Routers & switches, VoIP, GSM, etc

FL SWITCH 3006T-2FX SM
Hardware solutions / Routers & switches, VoIP, GSM, etc

FL SWITCH 3016T
Hardware solutions / Routers & switches, VoIP, GSM, etc

FL SWITCH 3016
Hardware solutions / Routers & switches, VoIP, GSM, etc

FL SWITCH 3016E
Hardware solutions / Routers & switches, VoIP, GSM, etc

FL SWITCH 3012E-2SFX
Hardware solutions / Routers & switches, VoIP, GSM, etc

FL SWITCH 3006T-2FX ST
Hardware solutions / Routers & switches, VoIP, GSM, etc

FL SWITCH 3006T-2FX
Hardware solutions / Routers & switches, VoIP, GSM, etc

FL SWITCH 3008T
Hardware solutions / Routers & switches, VoIP, GSM, etc

FL SWITCH 3008
Hardware solutions / Routers & switches, VoIP, GSM, etc

FL SWITCH 3004T-FX ST
Hardware solutions / Routers & switches, VoIP, GSM, etc

FL SWITCH 3004T-FX
Hardware solutions / Routers & switches, VoIP, GSM, etc

FL SWITCH 3005T
Hardware solutions / Routers & switches, VoIP, GSM, etc

FL SWITCH 3005
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vendor Phoenix Contact GmbH

Security Bulletin

This security bulletin contains information about 4 vulnerabilities.

1) OS command injection

EUVDB-ID: #VU12813

Risk: High

CVSSv4.0: 6.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2018-10730

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.

The weakness exists due to command injection. A remote attacker with permission to transfer configuration files to or from the switch or permission to upgrade firmware can execute arbitrary OS shell commands.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 1.34 or later.

Vulnerable software versions

FL SWITCH 4000T-8POE-2SFP-R: All versions

FL SWITCH 3012E-2FX SM: All versions

FL SWITCH 4800E-24FX SM-4GC: All versions

FL SWITCH 4800E-24FX-4GC: All versions

FL SWITCH 4824E-4GC: All versions

FL SWITCH 4012T-2GT-2FX ST: All versions

FL SWITCH 4012T 2GT 2FX: All versions

FL SWITCH 4808E-16FX SM LC-4GC: All versions

FL SWITCH 4808E-16FX-4GC: All versions

FL SWITCH 4808E-16FX ST-4GC: All versions

FL SWITCH 4808E-16FX SM ST-4GC: All versions

FL SWITCH 4808E-16FX SM-4GC: All versions

FL SWITCH 4808E-16FX LC-4GC: All versions

FL SWITCH 4008T-2GT-3FX SM: All versions

FL SWITCH 4008T-2GT-4FX SM: All versions

FL SWITCH 4008T-2SFP: All versions

FL SWITCH 3006T-2FX SM: All versions

FL SWITCH 3016T: All versions

FL SWITCH 3016: All versions

FL SWITCH 3016E: All versions

FL SWITCH 3012E-2SFX: All versions

FL SWITCH 3006T-2FX ST: All versions

FL SWITCH 3006T-2FX: All versions

FL SWITCH 3008T: All versions

FL SWITCH 3008: All versions

FL SWITCH 3004T-FX ST: All versions

FL SWITCH 3004T-FX: All versions

FL SWITCH 3005T: All versions

FL SWITCH 3005: All versions

CPE2.3 External links

https://ics-cert.us-cert.gov/advisories/ICSA-18-137-02


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Information disclosure

EUVDB-ID: #VU12814

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-10729

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to Web interface CGI applications may copy the contents of the running configuration file to a commonly accessed file. A remote attacker can submit a web login request can expose the contents of this file through to the web browser.

Mitigation

Update to version 1.34 or later.

Vulnerable software versions

FL SWITCH 4000T-8POE-2SFP-R: All versions

FL SWITCH 3012E-2FX SM: All versions

FL SWITCH 4800E-24FX SM-4GC: All versions

FL SWITCH 4800E-24FX-4GC: All versions

FL SWITCH 4824E-4GC: All versions

FL SWITCH 4012T-2GT-2FX ST: All versions

FL SWITCH 4012T 2GT 2FX: All versions

FL SWITCH 4808E-16FX SM LC-4GC: All versions

FL SWITCH 4808E-16FX-4GC: All versions

FL SWITCH 4808E-16FX ST-4GC: All versions

FL SWITCH 4808E-16FX SM ST-4GC: All versions

FL SWITCH 4808E-16FX SM-4GC: All versions

FL SWITCH 4808E-16FX LC-4GC: All versions

FL SWITCH 4008T-2GT-3FX SM: All versions

FL SWITCH 4008T-2GT-4FX SM: All versions

FL SWITCH 4008T-2SFP: All versions

FL SWITCH 3006T-2FX SM: All versions

FL SWITCH 3016T: All versions

FL SWITCH 3016: All versions

FL SWITCH 3016E: All versions

FL SWITCH 3012E-2SFX: All versions

FL SWITCH 3006T-2FX ST: All versions

FL SWITCH 3006T-2FX: All versions

FL SWITCH 3008T: All versions

FL SWITCH 3008: All versions

FL SWITCH 3004T-FX ST: All versions

FL SWITCH 3004T-FX: All versions

FL SWITCH 3005T: All versions

FL SWITCH 3005: All versions

CPE2.3 External links

https://ics-cert.us-cert.gov/advisories/ICSA-18-137-02


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Stack-based buffer overflow

EUVDB-ID: #VU12815

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2018-10728

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to stack-based buffer overflow. A remote attacker can insert a specially crafted cookie into a GET request, trigger memory corruption and execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 1.34 or later.

Vulnerable software versions

FL SWITCH 4000T-8POE-2SFP-R: All versions

FL SWITCH 3012E-2FX SM: All versions

FL SWITCH 4800E-24FX SM-4GC: All versions

FL SWITCH 4800E-24FX-4GC: All versions

FL SWITCH 4824E-4GC: All versions

FL SWITCH 4012T-2GT-2FX ST: All versions

FL SWITCH 4012T 2GT 2FX: All versions

FL SWITCH 4808E-16FX SM LC-4GC: All versions

FL SWITCH 4808E-16FX-4GC: All versions

FL SWITCH 4808E-16FX ST-4GC: All versions

FL SWITCH 4808E-16FX SM ST-4GC: All versions

FL SWITCH 4808E-16FX SM-4GC: All versions

FL SWITCH 4808E-16FX LC-4GC: All versions

FL SWITCH 4008T-2GT-3FX SM: All versions

FL SWITCH 4008T-2GT-4FX SM: All versions

FL SWITCH 4008T-2SFP: All versions

FL SWITCH 3006T-2FX SM: All versions

FL SWITCH 3016T: All versions

FL SWITCH 3016: All versions

FL SWITCH 3016E: All versions

FL SWITCH 3012E-2SFX: All versions

FL SWITCH 3006T-2FX ST: All versions

FL SWITCH 3006T-2FX: All versions

FL SWITCH 3008T: All versions

FL SWITCH 3008: All versions

FL SWITCH 3004T-FX ST: All versions

FL SWITCH 3004T-FX: All versions

FL SWITCH 3005T: All versions

FL SWITCH 3005: All versions

CPE2.3 External links

https://ics-cert.us-cert.gov/advisories/ICSA-18-137-02


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Stack-based buffer overflow

EUVDB-ID: #VU12816

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2018-10731

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to stack-based buffer overflow. A remote attacker can gain unauthorized access to the switches operating system files and the insert executable code into the OS.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 1.34 or later.

Vulnerable software versions

FL SWITCH 4000T-8POE-2SFP-R: All versions

FL SWITCH 3012E-2FX SM: All versions

FL SWITCH 4800E-24FX SM-4GC: All versions

FL SWITCH 4800E-24FX-4GC: All versions

FL SWITCH 4824E-4GC: All versions

FL SWITCH 4012T-2GT-2FX ST: All versions

FL SWITCH 4012T 2GT 2FX: All versions

FL SWITCH 4808E-16FX SM LC-4GC: All versions

FL SWITCH 4808E-16FX-4GC: All versions

FL SWITCH 4808E-16FX ST-4GC: All versions

FL SWITCH 4808E-16FX SM ST-4GC: All versions

FL SWITCH 4808E-16FX SM-4GC: All versions

FL SWITCH 4808E-16FX LC-4GC: All versions

FL SWITCH 4008T-2GT-3FX SM: All versions

FL SWITCH 4008T-2GT-4FX SM: All versions

FL SWITCH 4008T-2SFP: All versions

FL SWITCH 3006T-2FX SM: All versions

FL SWITCH 3016T: All versions

FL SWITCH 3016: All versions

FL SWITCH 3016E: All versions

FL SWITCH 3012E-2SFX: All versions

FL SWITCH 3006T-2FX ST: All versions

FL SWITCH 3006T-2FX: All versions

FL SWITCH 3008T: All versions

FL SWITCH 3008: All versions

FL SWITCH 3004T-FX ST: All versions

FL SWITCH 3004T-FX: All versions

FL SWITCH 3005T: All versions

FL SWITCH 3005: All versions

CPE2.3 External links

https://ics-cert.us-cert.gov/advisories/ICSA-18-137-02


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###