Multiple vulnerabilities in PHOENIX CONTACT FL SWITCH
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2018-13993 CVE-2018-13990 CVE-2018-13992 CVE-2018-13994 CVE-2018-13991 CVE-2017-3735 |
| CWE-ID | CWE-352 CWE-307 CWE-319 CWE-400 CWE-922 CWE-125 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
FL SWITCH 4004T-8POE-4SFP Hardware solutions / Routers & switches, VoIP, GSM, etc FL SWITCH 4000T-4POE-1SFP Hardware solutions / Routers & switches, VoIP, GSM, etc FL SWITCH 3012E-2FX Hardware solutions / Routers & switches, VoIP, GSM, etc FL SWITCH 4000T-8POE-2SFP-R Hardware solutions / Routers & switches, VoIP, GSM, etc FL SWITCH 3012E-2FX SM Hardware solutions / Routers & switches, VoIP, GSM, etc FL SWITCH 4800E-24FX SM-4GC Hardware solutions / Routers & switches, VoIP, GSM, etc FL SWITCH 4800E-24FX-4GC Hardware solutions / Routers & switches, VoIP, GSM, etc FL SWITCH 4824E-4GC Hardware solutions / Routers & switches, VoIP, GSM, etc FL SWITCH 4012T-2GT-2FX ST Hardware solutions / Routers & switches, VoIP, GSM, etc FL SWITCH 4012T 2GT 2FX Hardware solutions / Routers & switches, VoIP, GSM, etc FL SWITCH 4808E-16FX SM LC-4GC Hardware solutions / Routers & switches, VoIP, GSM, etc FL SWITCH 4808E-16FX-4GC Hardware solutions / Routers & switches, VoIP, GSM, etc FL SWITCH 4808E-16FX ST-4GC Hardware solutions / Routers & switches, VoIP, GSM, etc FL SWITCH 4808E-16FX SM ST-4GC Hardware solutions / Routers & switches, VoIP, GSM, etc FL SWITCH 4808E-16FX SM-4GC Hardware solutions / Routers & switches, VoIP, GSM, etc FL SWITCH 4808E-16FX LC-4GC Hardware solutions / Routers & switches, VoIP, GSM, etc FL SWITCH 4008T-2GT-3FX SM Hardware solutions / Routers & switches, VoIP, GSM, etc FL SWITCH 4008T-2GT-4FX SM Hardware solutions / Routers & switches, VoIP, GSM, etc FL SWITCH 4008T-2SFP Hardware solutions / Routers & switches, VoIP, GSM, etc FL SWITCH 3006T-2FX SM Hardware solutions / Routers & switches, VoIP, GSM, etc FL SWITCH 3016T Hardware solutions / Routers & switches, VoIP, GSM, etc FL SWITCH 3016 Hardware solutions / Routers & switches, VoIP, GSM, etc FL SWITCH 3016E Hardware solutions / Routers & switches, VoIP, GSM, etc FL SWITCH 3012E-2SFX Hardware solutions / Routers & switches, VoIP, GSM, etc FL SWITCH 3006T-2FX ST Hardware solutions / Routers & switches, VoIP, GSM, etc FL SWITCH 3006T-2FX Hardware solutions / Routers & switches, VoIP, GSM, etc FL SWITCH 3008T Hardware solutions / Routers & switches, VoIP, GSM, etc FL SWITCH 3008 Hardware solutions / Routers & switches, VoIP, GSM, etc FL SWITCH 3004T-FX ST Hardware solutions / Routers & switches, VoIP, GSM, etc FL SWITCH 3004T-FX Hardware solutions / Routers & switches, VoIP, GSM, etc FL SWITCH 3005T Hardware solutions / Routers & switches, VoIP, GSM, etc FL SWITCH 3005 Hardware solutions / Routers & switches, VoIP, GSM, etc |
| Vendor | Phoenix Contact GmbH |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Cross-site request forgery
EUVDB-ID: #VU17213
Risk: Low
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-13993
CWE-ID:
CWE-352 - Cross-Site Request Forgery (CSRF)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform cross-site request forgery attacks.
The vulnerability exists due to insufficient validation of the HTTP request origin. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website.
MitigationUpdate to version 1.35 or later.
Vulnerable software versionsFL SWITCH 4004T-8POE-4SFP: All versions
FL SWITCH 4000T-4POE-1SFP: All versions
FL SWITCH 3012E-2FX: All versions
FL SWITCH 4000T-8POE-2SFP-R: All versions
FL SWITCH 3012E-2FX SM: All versions
FL SWITCH 4800E-24FX SM-4GC: All versions
FL SWITCH 4800E-24FX-4GC: All versions
FL SWITCH 4824E-4GC: All versions
FL SWITCH 4012T-2GT-2FX ST: All versions
FL SWITCH 4012T 2GT 2FX: All versions
FL SWITCH 4808E-16FX SM LC-4GC: All versions
FL SWITCH 4808E-16FX-4GC: All versions
FL SWITCH 4808E-16FX ST-4GC: All versions
FL SWITCH 4808E-16FX SM ST-4GC: All versions
FL SWITCH 4808E-16FX SM-4GC: All versions
FL SWITCH 4808E-16FX LC-4GC: All versions
FL SWITCH 4008T-2GT-3FX SM: All versions
FL SWITCH 4008T-2GT-4FX SM: All versions
FL SWITCH 4008T-2SFP: All versions
FL SWITCH 3006T-2FX SM: All versions
FL SWITCH 3016T: All versions
FL SWITCH 3016: All versions
FL SWITCH 3016E: All versions
FL SWITCH 3012E-2SFX: All versions
FL SWITCH 3006T-2FX ST: All versions
FL SWITCH 3006T-2FX: All versions
FL SWITCH 3008T: All versions
FL SWITCH 3008: All versions
FL SWITCH 3004T-FX ST: All versions
FL SWITCH 3004T-FX: All versions
FL SWITCH 3005T: All versions
FL SWITCH 3005: All versions
CPE2.3- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4004t-8poe-4sfp:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4000t-4poe-1sfp:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3012e-2fx:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4000t-8poe-2sfp-r:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3012e-2fx_sm:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4800e-24fx_sm-4gc:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4800e-24fx-4gc:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4824e-4gc:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4012t-2gt-2fx_st:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4012t_2gt_2fx:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4808e-16fx_sm_lc-4gc:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4808e-16fx-4gc:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4808e-16fx_st-4gc:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4808e-16fx_sm_st-4gc:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4808e-16fx_sm-4gc:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4808e-16fx_lc-4gc:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4008t-2gt-3fx_sm:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4008t-2gt-4fx_sm:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4008t-2sfp:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3006t-2fx_sm:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3016t:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3016:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3016e:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3012e-2sfx:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3006t-2fx_st:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3006t-2fx:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3008t:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3008:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3004t-fx_st:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3004t-fx:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3005t:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3005:*:*:*:*:*:*:*:*
https://cert.vde.com/de-de/advisories/vde-2019-001
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Security restrictions bypass
EUVDB-ID: #VU17214
Risk: Low
CVSSv4.0: 6.8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-13990
CWE-ID:
CWE-307 - Improper Restriction of Excessive Authentication Attempts
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to lack of a login time-out feature to prevent high-speed automated username and password combination guessing. A remote attacker can conduct brute forcing attack against usernames and passwords and bypass security restrictions.
MitigationUpdate to version 1.35 or later.
Vulnerable software versionsFL SWITCH 4004T-8POE-4SFP: All versions
FL SWITCH 4000T-4POE-1SFP: All versions
FL SWITCH 3012E-2FX: All versions
FL SWITCH 4000T-8POE-2SFP-R: All versions
FL SWITCH 3012E-2FX SM: All versions
FL SWITCH 4800E-24FX SM-4GC: All versions
FL SWITCH 4800E-24FX-4GC: All versions
FL SWITCH 4824E-4GC: All versions
FL SWITCH 4012T-2GT-2FX ST: All versions
FL SWITCH 4012T 2GT 2FX: All versions
FL SWITCH 4808E-16FX SM LC-4GC: All versions
FL SWITCH 4808E-16FX-4GC: All versions
FL SWITCH 4808E-16FX ST-4GC: All versions
FL SWITCH 4808E-16FX SM ST-4GC: All versions
FL SWITCH 4808E-16FX SM-4GC: All versions
FL SWITCH 4808E-16FX LC-4GC: All versions
FL SWITCH 4008T-2GT-3FX SM: All versions
FL SWITCH 4008T-2GT-4FX SM: All versions
FL SWITCH 4008T-2SFP: All versions
FL SWITCH 3006T-2FX SM: All versions
FL SWITCH 3016T: All versions
FL SWITCH 3016: All versions
FL SWITCH 3016E: All versions
FL SWITCH 3012E-2SFX: All versions
FL SWITCH 3006T-2FX ST: All versions
FL SWITCH 3006T-2FX: All versions
FL SWITCH 3008T: All versions
FL SWITCH 3008: All versions
FL SWITCH 3004T-FX ST: All versions
FL SWITCH 3004T-FX: All versions
FL SWITCH 3005T: All versions
FL SWITCH 3005: All versions
CPE2.3- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4004t-8poe-4sfp:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4000t-4poe-1sfp:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3012e-2fx:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4000t-8poe-2sfp-r:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3012e-2fx_sm:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4800e-24fx_sm-4gc:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4800e-24fx-4gc:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4824e-4gc:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4012t-2gt-2fx_st:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4012t_2gt_2fx:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4808e-16fx_sm_lc-4gc:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4808e-16fx-4gc:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4808e-16fx_st-4gc:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4808e-16fx_sm_st-4gc:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4808e-16fx_sm-4gc:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4808e-16fx_lc-4gc:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4008t-2gt-3fx_sm:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4008t-2gt-4fx_sm:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4008t-2sfp:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3006t-2fx_sm:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3016t:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3016:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3016e:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3012e-2sfx:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3006t-2fx_st:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3006t-2fx:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3008t:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3008:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3004t-fx_st:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3004t-fx:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3005t:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3005:*:*:*:*:*:*:*:*
https://cert.vde.com/de-de/advisories/vde-2019-001
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Information disclosure
EUVDB-ID: #VU17215
Risk: Low
CVSSv4.0: 6.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-13992
CWE-ID:
CWE-319 - Cleartext Transmission of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information.
The vulnerability exists due to default setting of the Web UI (HTTP) allows user credentials to be transmitted unencrypted. A remote attacker can gain access to these credentials.
MitigationUpdate to version 1.35 or later.
Vulnerable software versionsFL SWITCH 4004T-8POE-4SFP: All versions
FL SWITCH 4000T-4POE-1SFP: All versions
FL SWITCH 3012E-2FX: All versions
FL SWITCH 4000T-8POE-2SFP-R: All versions
FL SWITCH 3012E-2FX SM: All versions
FL SWITCH 4800E-24FX SM-4GC: All versions
FL SWITCH 4800E-24FX-4GC: All versions
FL SWITCH 4824E-4GC: All versions
FL SWITCH 4012T-2GT-2FX ST: All versions
FL SWITCH 4012T 2GT 2FX: All versions
FL SWITCH 4808E-16FX SM LC-4GC: All versions
FL SWITCH 4808E-16FX-4GC: All versions
FL SWITCH 4808E-16FX ST-4GC: All versions
FL SWITCH 4808E-16FX SM ST-4GC: All versions
FL SWITCH 4808E-16FX SM-4GC: All versions
FL SWITCH 4808E-16FX LC-4GC: All versions
FL SWITCH 4008T-2GT-3FX SM: All versions
FL SWITCH 4008T-2GT-4FX SM: All versions
FL SWITCH 4008T-2SFP: All versions
FL SWITCH 3006T-2FX SM: All versions
FL SWITCH 3016T: All versions
FL SWITCH 3016: All versions
FL SWITCH 3016E: All versions
FL SWITCH 3012E-2SFX: All versions
FL SWITCH 3006T-2FX ST: All versions
FL SWITCH 3006T-2FX: All versions
FL SWITCH 3008T: All versions
FL SWITCH 3008: All versions
FL SWITCH 3004T-FX ST: All versions
FL SWITCH 3004T-FX: All versions
FL SWITCH 3005T: All versions
FL SWITCH 3005: All versions
CPE2.3- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4004t-8poe-4sfp:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4000t-4poe-1sfp:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3012e-2fx:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4000t-8poe-2sfp-r:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3012e-2fx_sm:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4800e-24fx_sm-4gc:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4800e-24fx-4gc:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4824e-4gc:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4012t-2gt-2fx_st:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4012t_2gt_2fx:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4808e-16fx_sm_lc-4gc:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4808e-16fx-4gc:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4808e-16fx_st-4gc:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4808e-16fx_sm_st-4gc:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4808e-16fx_sm-4gc:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4808e-16fx_lc-4gc:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4008t-2gt-3fx_sm:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4008t-2gt-4fx_sm:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4008t-2sfp:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3006t-2fx_sm:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3016t:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3016:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3016e:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3012e-2sfx:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3006t-2fx_st:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3006t-2fx:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3008t:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3008:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3004t-fx_st:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3004t-fx:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3005t:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3005:*:*:*:*:*:*:*:*
https://cert.vde.com/de-de/advisories/vde-2019-001
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Resource exhaustion
EUVDB-ID: #VU17217
Risk: Low
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-13994
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition.
The vulnerability exists due to resource exhaustion. A remote attacker can initiate a web denial-of-service attack by producing an excessive number of Web UI connections.
MitigationUpdate to version 1.35 or later.
Vulnerable software versionsFL SWITCH 4004T-8POE-4SFP: All versions
FL SWITCH 4000T-4POE-1SFP: All versions
FL SWITCH 3012E-2FX: All versions
FL SWITCH 4000T-8POE-2SFP-R: All versions
FL SWITCH 3012E-2FX SM: All versions
FL SWITCH 4800E-24FX SM-4GC: All versions
FL SWITCH 4800E-24FX-4GC: All versions
FL SWITCH 4824E-4GC: All versions
FL SWITCH 4012T-2GT-2FX ST: All versions
FL SWITCH 4012T 2GT 2FX: All versions
FL SWITCH 4808E-16FX SM LC-4GC: All versions
FL SWITCH 4808E-16FX-4GC: All versions
FL SWITCH 4808E-16FX ST-4GC: All versions
FL SWITCH 4808E-16FX SM ST-4GC: All versions
FL SWITCH 4808E-16FX SM-4GC: All versions
FL SWITCH 4808E-16FX LC-4GC: All versions
FL SWITCH 4008T-2GT-3FX SM: All versions
FL SWITCH 4008T-2GT-4FX SM: All versions
FL SWITCH 4008T-2SFP: All versions
FL SWITCH 3006T-2FX SM: All versions
FL SWITCH 3016T: All versions
FL SWITCH 3016: All versions
FL SWITCH 3016E: All versions
FL SWITCH 3012E-2SFX: All versions
FL SWITCH 3006T-2FX ST: All versions
FL SWITCH 3006T-2FX: All versions
FL SWITCH 3008T: All versions
FL SWITCH 3008: All versions
FL SWITCH 3004T-FX ST: All versions
FL SWITCH 3004T-FX: All versions
FL SWITCH 3005T: All versions
FL SWITCH 3005: All versions
CPE2.3- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4004t-8poe-4sfp:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4000t-4poe-1sfp:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3012e-2fx:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4000t-8poe-2sfp-r:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3012e-2fx_sm:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4800e-24fx_sm-4gc:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4800e-24fx-4gc:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4824e-4gc:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4012t-2gt-2fx_st:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4012t_2gt_2fx:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4808e-16fx_sm_lc-4gc:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4808e-16fx-4gc:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4808e-16fx_st-4gc:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4808e-16fx_sm_st-4gc:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4808e-16fx_sm-4gc:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4808e-16fx_lc-4gc:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4008t-2gt-3fx_sm:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4008t-2gt-4fx_sm:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4008t-2sfp:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3006t-2fx_sm:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3016t:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3016:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3016e:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3012e-2sfx:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3006t-2fx_st:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3006t-2fx:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3008t:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3008:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3004t-fx_st:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3004t-fx:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3005t:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3005:*:*:*:*:*:*:*:*
https://cert.vde.com/de-de/advisories/vde-2019-001
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Information disclosure
EUVDB-ID: #VU17216
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-13991
CWE-ID:
CWE-922 - Insecure Storage of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information.
The vulnerability exists due to insecure storage of sensitive information. A remote attacker can extract the switch’s default private keys from its firmware image.
MitigationUpdate to version 1.35 or later.
Vulnerable software versionsFL SWITCH 4004T-8POE-4SFP: All versions
FL SWITCH 4000T-4POE-1SFP: All versions
FL SWITCH 3012E-2FX: All versions
FL SWITCH 4000T-8POE-2SFP-R: All versions
FL SWITCH 3012E-2FX SM: All versions
FL SWITCH 4800E-24FX SM-4GC: All versions
FL SWITCH 4800E-24FX-4GC: All versions
FL SWITCH 4824E-4GC: All versions
FL SWITCH 4012T-2GT-2FX ST: All versions
FL SWITCH 4012T 2GT 2FX: All versions
FL SWITCH 4808E-16FX SM LC-4GC: All versions
FL SWITCH 4808E-16FX-4GC: All versions
FL SWITCH 4808E-16FX ST-4GC: All versions
FL SWITCH 4808E-16FX SM ST-4GC: All versions
FL SWITCH 4808E-16FX SM-4GC: All versions
FL SWITCH 4808E-16FX LC-4GC: All versions
FL SWITCH 4008T-2GT-3FX SM: All versions
FL SWITCH 4008T-2GT-4FX SM: All versions
FL SWITCH 4008T-2SFP: All versions
FL SWITCH 3006T-2FX SM: All versions
FL SWITCH 3016T: All versions
FL SWITCH 3016: All versions
FL SWITCH 3016E: All versions
FL SWITCH 3012E-2SFX: All versions
FL SWITCH 3006T-2FX ST: All versions
FL SWITCH 3006T-2FX: All versions
FL SWITCH 3008T: All versions
FL SWITCH 3008: All versions
FL SWITCH 3004T-FX ST: All versions
FL SWITCH 3004T-FX: All versions
FL SWITCH 3005T: All versions
FL SWITCH 3005: All versions
CPE2.3- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4004t-8poe-4sfp:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4000t-4poe-1sfp:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3012e-2fx:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4000t-8poe-2sfp-r:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3012e-2fx_sm:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4800e-24fx_sm-4gc:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4800e-24fx-4gc:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4824e-4gc:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4012t-2gt-2fx_st:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4012t_2gt_2fx:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4808e-16fx_sm_lc-4gc:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4808e-16fx-4gc:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4808e-16fx_st-4gc:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4808e-16fx_sm_st-4gc:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4808e-16fx_sm-4gc:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4808e-16fx_lc-4gc:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4008t-2gt-3fx_sm:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4008t-2gt-4fx_sm:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4008t-2sfp:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3006t-2fx_sm:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3016t:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3016:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3016e:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3012e-2sfx:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3006t-2fx_st:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3006t-2fx:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3008t:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3008:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3004t-fx_st:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3004t-fx:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3005t:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3005:*:*:*:*:*:*:*:*
https://cert.vde.com/de-de/advisories/vde-2019-001
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Out-of-bounds read
EUVDB-ID: #VU8487
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-3735
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to one-byte out-of-bounds read when parsing an IPAddressFamily extension in an X.509 certificate. A remote attacker can disguise text display of the certificate.
MitigationUpdate to version 1.35 or later.
Vulnerable software versionsFL SWITCH 4004T-8POE-4SFP: All versions
FL SWITCH 4000T-4POE-1SFP: All versions
FL SWITCH 3012E-2FX: All versions
FL SWITCH 4000T-8POE-2SFP-R: All versions
FL SWITCH 3012E-2FX SM: All versions
FL SWITCH 4800E-24FX SM-4GC: All versions
FL SWITCH 4800E-24FX-4GC: All versions
FL SWITCH 4824E-4GC: All versions
FL SWITCH 4012T-2GT-2FX ST: All versions
FL SWITCH 4012T 2GT 2FX: All versions
FL SWITCH 4808E-16FX SM LC-4GC: All versions
FL SWITCH 4808E-16FX-4GC: All versions
FL SWITCH 4808E-16FX ST-4GC: All versions
FL SWITCH 4808E-16FX SM ST-4GC: All versions
FL SWITCH 4808E-16FX SM-4GC: All versions
FL SWITCH 4808E-16FX LC-4GC: All versions
FL SWITCH 4008T-2GT-3FX SM: All versions
FL SWITCH 4008T-2GT-4FX SM: All versions
FL SWITCH 4008T-2SFP: All versions
FL SWITCH 3006T-2FX SM: All versions
FL SWITCH 3016T: All versions
FL SWITCH 3016: All versions
FL SWITCH 3016E: All versions
FL SWITCH 3012E-2SFX: All versions
FL SWITCH 3006T-2FX ST: All versions
FL SWITCH 3006T-2FX: All versions
FL SWITCH 3008T: All versions
FL SWITCH 3008: All versions
FL SWITCH 3004T-FX ST: All versions
FL SWITCH 3004T-FX: All versions
FL SWITCH 3005T: All versions
FL SWITCH 3005: All versions
CPE2.3- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4004t-8poe-4sfp:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4000t-4poe-1sfp:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3012e-2fx:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4000t-8poe-2sfp-r:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3012e-2fx_sm:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4800e-24fx_sm-4gc:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4800e-24fx-4gc:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4824e-4gc:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4012t-2gt-2fx_st:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4012t_2gt_2fx:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4808e-16fx_sm_lc-4gc:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4808e-16fx-4gc:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4808e-16fx_st-4gc:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4808e-16fx_sm_st-4gc:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4808e-16fx_sm-4gc:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4808e-16fx_lc-4gc:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4008t-2gt-3fx_sm:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4008t-2gt-4fx_sm:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_4008t-2sfp:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3006t-2fx_sm:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3016t:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3016:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3016e:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3012e-2sfx:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3006t-2fx_st:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3006t-2fx:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3008t:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3008:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3004t-fx_st:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3004t-fx:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3005t:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:fl_switch_3005:*:*:*:*:*:*:*:*
https://cert.vde.com/de-de/advisories/vde-2019-001
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
