VDE-2018-004
Vulnerability from csaf_phoenixcontactgmbhcokg - Published: 2018-05-16 05:35 - Updated: 2025-05-14 12:28Summary
Phoenix Contact: FL SWITCH 3xxx/4xxx/48xx series through 1.33 allows Command Injection
Notes
Summary: An attacker with permission to transfer configuration files to/from the switch or permission to upgrade firmware, is able to execute arbitrary OS shell commands. CGI applications config_transfer.cgi and software_update.cgi are prone to OS command injection through targeted manipulation of their web-request headers.
Impact: If the vulnerability is exploited, the attacker may create their own executable files that could further exploit the integrity of the managed FL SWITCH. For example, the attacker may deny switch network access.
Mitigation: Customers using Phoenix Contact managed FL SWITCH devices with affected firmware versions are recommended to disable the switch Web Agent.
Remediation: Customers using Phoenix Contact managed FL SWITCH devices with affected firmware versions are recommended to update the firmware to version 1.34 or higher which fixes this vulnerability. The updated firmware may be downloaded from the managed switch product page on the Phoenix Contact website.
All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to OS command injection.
9.1 (Critical)
Vendor Fix
Customers using Phoenix Contact managed FL SWITCH devices with affected firmware versions are recommended to update the firmware to version 1.34 or higher which fixes this vulnerability. The updated firmware may be downloaded from the managed switch product page on the Phoenix Contact website.
References
Acknowledgments
CERT@VDE
certvde.com
Positive Technologies
Vyacheslav Moskvin
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
},
{
"names": [
"Vyacheslav Moskvin"
],
"organization": "Positive Technologies"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "An attacker with permission to transfer configuration files to/from the switch or permission to upgrade firmware, is able to execute arbitrary OS shell commands. CGI applications config_transfer.cgi and software_update.cgi are prone to OS command injection through targeted manipulation of their web-request headers.",
"title": "Summary"
},
{
"category": "description",
"text": "If the vulnerability is exploited, the attacker may create their own executable files that could further exploit the integrity of the managed FL SWITCH. For example, the attacker may deny switch network access.",
"title": "Impact"
},
{
"category": "description",
"text": "Customers using Phoenix Contact managed FL SWITCH devices with affected firmware versions are recommended to disable the switch Web Agent.",
"title": "Mitigation"
},
{
"category": "description",
"text": "Customers using Phoenix Contact managed FL SWITCH devices with affected firmware versions are recommended to update the firmware to version 1.34 or higher which fixes this vulnerability. The updated firmware may be downloaded from the managed switch product page on the Phoenix Contact website.",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@phoenixcontact.com",
"name": "Phoenix Contact GmbH \u0026 Co. KG",
"namespace": "https://phoenixcontact.com/psirt"
},
"references": [
{
"category": "external",
"summary": "CERT@VDE Security Advisories for Phoenix Contact",
"url": "https://certvde.com/en/advisories/vendor/phoenixcontact/"
},
{
"category": "self",
"summary": "VDE-2018-004: Phoenix Contact: FL SWITCH 3xxx/4xxx/48xx series through 1.33 allows Command Injection - HTML",
"url": "https://certvde.com/en/advisories/VDE-2018-004"
},
{
"category": "self",
"summary": "VDE-2018-004: Phoenix Contact: FL SWITCH 3xxx/4xxx/48xx series through 1.33 allows Command Injection - CSAF",
"url": "https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2018/vde-2018-004.json"
}
],
"title": "Phoenix Contact: FL SWITCH 3xxx/4xxx/48xx series through 1.33 allows Command Injection",
"tracking": {
"aliases": [
"VDE-2018-004"
],
"current_release_date": "2025-05-14T12:28:19.000Z",
"generator": {
"date": "2024-07-05T08:20:50.227Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.4"
}
},
"id": "VDE-2018-004",
"initial_release_date": "2018-05-16T05:35:00.000Z",
"revision_history": [
{
"date": "2018-05-16T05:35:00.000Z",
"number": "1",
"summary": "Initial revision."
},
{
"date": "2024-11-06T11:27:01.000Z",
"number": "2",
"summary": "Fix: correct certvde domain, added self-reference"
},
{
"date": "2025-05-14T12:28:19.000Z",
"number": "3",
"summary": "Fix: version space, added distribution"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "FL SWITCH 3004T-FX",
"product": {
"name": "FL SWITCH 3004T-FX",
"product_id": "CSAFPID-11001",
"product_identification_helper": {
"model_numbers": [
"2891033"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 3004T-FX ST",
"product": {
"name": "FL SWITCH 3004T-FX ST",
"product_id": "CSAFPID-11002",
"product_identification_helper": {
"model_numbers": [
"2891034"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 3005",
"product": {
"name": "FL SWITCH 3005",
"product_id": "CSAFPID-11003",
"product_identification_helper": {
"model_numbers": [
"2891030"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 3005T",
"product": {
"name": "FL SWITCH 3005T",
"product_id": "CSAFPID-11004",
"product_identification_helper": {
"model_numbers": [
"2891032"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 3006T-2FX",
"product": {
"name": "FL SWITCH 3006T-2FX",
"product_id": "CSAFPID-11005",
"product_identification_helper": {
"model_numbers": [
"2891036"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 3006T-2FX SM",
"product": {
"name": "FL SWITCH 3006T-2FX SM",
"product_id": "CSAFPID-11006",
"product_identification_helper": {
"model_numbers": [
"2891060"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 3006T-2FX ST",
"product": {
"name": "FL SWITCH 3006T-2FX ST",
"product_id": "CSAFPID-11007",
"product_identification_helper": {
"model_numbers": [
"2891037"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 3008",
"product": {
"name": "FL SWITCH 3008",
"product_id": "CSAFPID-11008",
"product_identification_helper": {
"model_numbers": [
"2891031"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 3008T",
"product": {
"name": "FL SWITCH 3008T",
"product_id": "CSAFPID-11009",
"product_identification_helper": {
"model_numbers": [
"2891035"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 3012E-2FX",
"product": {
"name": "FL SWITCH 3012E-2FX",
"product_id": "CSAFPID-11010",
"product_identification_helper": {
"model_numbers": [
"2891120"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 3012E-2FX SM",
"product": {
"name": "FL SWITCH 3012E-2FX SM",
"product_id": "CSAFPID-11011",
"product_identification_helper": {
"model_numbers": [
"2891119"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 3012E-2SFX",
"product": {
"name": "FL SWITCH 3012E-2SFX",
"product_id": "CSAFPID-11012",
"product_identification_helper": {
"model_numbers": [
"2891067"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 3016",
"product": {
"name": "FL SWITCH 3016",
"product_id": "CSAFPID-11013",
"product_identification_helper": {
"model_numbers": [
"2891058"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 3016E",
"product": {
"name": "FL SWITCH 3016E",
"product_id": "CSAFPID-11014",
"product_identification_helper": {
"model_numbers": [
"2891066"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 3016T",
"product": {
"name": "FL SWITCH 3016T",
"product_id": "CSAFPID-11015",
"product_identification_helper": {
"model_numbers": [
"2891059"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 4000T-8POE-2SFP-R",
"product": {
"name": "FL SWITCH 4000T-8POE-2SFP-R",
"product_id": "CSAFPID-11016",
"product_identification_helper": {
"model_numbers": [
"2891162"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 4008T-2GT-3FX SM",
"product": {
"name": "FL SWITCH 4008T-2GT-3FX SM",
"product_id": "CSAFPID-11017",
"product_identification_helper": {
"model_numbers": [
"2891160"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 4008T-2GT-4FX SM",
"product": {
"name": "FL SWITCH 4008T-2GT-4FX SM",
"product_id": "CSAFPID-11018",
"product_identification_helper": {
"model_numbers": [
"2891061"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 4008T-2SFP",
"product": {
"name": "FL SWITCH 4008T-2SFP",
"product_id": "CSAFPID-11019",
"product_identification_helper": {
"model_numbers": [
"2891062"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 4012T 2GT 2FX",
"product": {
"name": "FL SWITCH 4012T 2GT 2FX",
"product_id": "CSAFPID-11020",
"product_identification_helper": {
"model_numbers": [
"2891063"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 4012T-2GT-2FX ST",
"product": {
"name": "FL SWITCH 4012T-2GT-2FX ST",
"product_id": "CSAFPID-11021",
"product_identification_helper": {
"model_numbers": [
"2891161"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 4800E-24FX-4GC",
"product": {
"name": "FL SWITCH 4800E-24FX-4GC",
"product_id": "CSAFPID-11022",
"product_identification_helper": {
"model_numbers": [
"2891102"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 4800E-24FX SM-4GC",
"product": {
"name": "FL SWITCH 4800E-24FX SM-4GC",
"product_id": "CSAFPID-11023",
"product_identification_helper": {
"model_numbers": [
"2891104"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 4808E-16FX-4GC",
"product": {
"name": "FL SWITCH 4808E-16FX-4GC",
"product_id": "CSAFPID-11024",
"product_identification_helper": {
"model_numbers": [
"2891079"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 4808E-16FX LC-4GC",
"product": {
"name": "FL SWITCH 4808E-16FX LC-4GC",
"product_id": "CSAFPID-11025",
"product_identification_helper": {
"model_numbers": [
"2891073"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 4808E-16FX SM-4GC",
"product": {
"name": "FL SWITCH 4808E-16FX SM-4GC",
"product_id": "CSAFPID-11026",
"product_identification_helper": {
"model_numbers": [
"2891080"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 4808E-16FX SM LC-4GC",
"product": {
"name": "FL SWITCH 4808E-16FX SM LC-4GC",
"product_id": "CSAFPID-11027",
"product_identification_helper": {
"model_numbers": [
"2891074"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 4808E-16FX SM ST-4GC",
"product": {
"name": "FL SWITCH 4808E-16FX SM ST-4GC",
"product_id": "CSAFPID-11028",
"product_identification_helper": {
"model_numbers": [
"2891086"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 4808E-16FX ST-4GC",
"product": {
"name": "FL SWITCH 4808E-16FX ST-4GC",
"product_id": "CSAFPID-11029",
"product_identification_helper": {
"model_numbers": [
"2891085"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 4824E-4GC",
"product": {
"name": "FL SWITCH 4824E-4GC",
"product_id": "CSAFPID-11030",
"product_identification_helper": {
"model_numbers": [
"2891072"
]
}
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "1.0\u003c=1.33",
"product": {
"name": "Firmware 1.0\u003c=1.33",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version",
"name": "1.34",
"product": {
"name": "Firmware 1.34",
"product_id": "CSAFPID-22001"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "Phoenix Contact"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030"
],
"summary": "Affected products."
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014",
"CSAFPID-32015",
"CSAFPID-32016",
"CSAFPID-32017",
"CSAFPID-32018",
"CSAFPID-32019",
"CSAFPID-32020",
"CSAFPID-32021",
"CSAFPID-32022",
"CSAFPID-32023",
"CSAFPID-32024",
"CSAFPID-32025",
"CSAFPID-32026",
"CSAFPID-32027",
"CSAFPID-32028",
"CSAFPID-32029",
"CSAFPID-32030"
],
"summary": "Fixed products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.0\u003c=1.33 installed on FL SWITCH 3004T-FX",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.0\u003c=1.33 installed on FL SWITCH 3004T-FX ST",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.0\u003c=1.33 installed on FL SWITCH 3005",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.0\u003c=1.33 installed on FL SWITCH 3005T",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.0\u003c=1.33 installed on FL SWITCH 3006T-2FX",
"product_id": "CSAFPID-31005"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.0\u003c=1.33 installed on FL SWITCH 3006T-2FX SM",
"product_id": "CSAFPID-31006"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.0\u003c=1.33 installed on FL SWITCH 3006T-2FX ST",
"product_id": "CSAFPID-31007"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.0\u003c=1.33 installed on FL SWITCH 3008",
"product_id": "CSAFPID-31008"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.0\u003c=1.33 installed on FL SWITCH 3008T",
"product_id": "CSAFPID-31009"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.0\u003c=1.33 installed on FL SWITCH 3012E-2FX",
"product_id": "CSAFPID-31010"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.0\u003c=1.33 installed on FL SWITCH 3012E-2FX SM",
"product_id": "CSAFPID-31011"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.0\u003c=1.33 installed on FL SWITCH 3012E-2SFX",
"product_id": "CSAFPID-31012"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11012"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.0\u003c=1.33 installed on FL SWITCH 3016",
"product_id": "CSAFPID-31013"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11013"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.0\u003c=1.33 installed on FL SWITCH 3016E",
"product_id": "CSAFPID-31014"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11014"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.0\u003c=1.33 installed on FL SWITCH 3016T",
"product_id": "CSAFPID-31015"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11015"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.0\u003c=1.33 installed on FL SWITCH 4000T-8POE-2SFP-R",
"product_id": "CSAFPID-31016"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11016"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.0\u003c=1.33 installed on FL SWITCH 4008T-2GT-3FX SM",
"product_id": "CSAFPID-31017"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11017"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.0\u003c=1.33 installed on FL SWITCH 4008T-2GT-4FX SM",
"product_id": "CSAFPID-31018"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11018"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.0\u003c=1.33 installed on FL SWITCH 4008T-2SFP",
"product_id": "CSAFPID-31019"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11019"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.0\u003c=1.33 installed on FL SWITCH 4012T 2GT 2FX",
"product_id": "CSAFPID-31020"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11020"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.0\u003c=1.33 installed on FL SWITCH 4012T-2GT-2FX ST",
"product_id": "CSAFPID-31021"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11021"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.0\u003c=1.33 installed on FL SWITCH 4800E-24FX-4GC",
"product_id": "CSAFPID-31022"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11022"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.0\u003c=1.33 installed on FL SWITCH 4800E-24FX SM-4GC",
"product_id": "CSAFPID-31023"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11023"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.0\u003c=1.33 installed on FL SWITCH 4808E-16FX-4GC",
"product_id": "CSAFPID-31024"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11024"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.0\u003c=1.33 installed on FL SWITCH 4808E-16FX LC-4GC",
"product_id": "CSAFPID-31025"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11025"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.0\u003c=1.33 installed on FL SWITCH 4808E-16FX SM-4GC",
"product_id": "CSAFPID-31026"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11026"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.0\u003c=1.33 installed on FL SWITCH 4808E-16FX SM LC-4GC",
"product_id": "CSAFPID-31027"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11027"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.0\u003c=1.33 installed on FL SWITCH 4808E-16FX SM ST-4GC",
"product_id": "CSAFPID-31028"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11028"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.0\u003c=1.33 installed on FL SWITCH 4808E-16FX ST-4GC",
"product_id": "CSAFPID-31029"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11029"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.0\u003c=1.33 installed on FL SWITCH 4824E-4GC",
"product_id": "CSAFPID-31030"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11030"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.34 installed on FL SWITCH 3004T-FX",
"product_id": "CSAFPID-32001"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.34 installed on FL SWITCH 3004T-FX ST",
"product_id": "CSAFPID-32002"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.34 installed on FL SWITCH 3005",
"product_id": "CSAFPID-32003"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.34 installed on FL SWITCH 3005T",
"product_id": "CSAFPID-32004"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.34 installed on FL SWITCH 3006T-2FX",
"product_id": "CSAFPID-32005"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.34 installed on FL SWITCH 3006T-2FX SM",
"product_id": "CSAFPID-32006"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.34 installed on FL SWITCH 3006T-2FX ST",
"product_id": "CSAFPID-32007"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.34 installed on FL SWITCH 3008",
"product_id": "CSAFPID-32008"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.34 installed on FL SWITCH 3008T",
"product_id": "CSAFPID-32009"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.34 installed on FL SWITCH 3012E-2FX",
"product_id": "CSAFPID-32010"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.34 installed on FL SWITCH 3012E-2FX SM",
"product_id": "CSAFPID-32011"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.34 installed on FL SWITCH 3012E-2SFX",
"product_id": "CSAFPID-32012"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11012"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.34 installed on FL SWITCH 3016",
"product_id": "CSAFPID-32013"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11013"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.34 installed on FL SWITCH 3016E",
"product_id": "CSAFPID-32014"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11014"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.34 installed on FL SWITCH 3016T",
"product_id": "CSAFPID-32015"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11015"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.34 installed on FL SWITCH 4000T-8POE-2SFP-R",
"product_id": "CSAFPID-32016"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11016"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.34 installed on FL SWITCH 4008T-2GT-3FX SM",
"product_id": "CSAFPID-32017"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11017"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.34 installed on FL SWITCH 4008T-2GT-4FX SM",
"product_id": "CSAFPID-32018"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11018"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.34 installed on FL SWITCH 4008T-2SFP",
"product_id": "CSAFPID-32019"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11019"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.34 installed on FL SWITCH 4012T 2GT 2FX",
"product_id": "CSAFPID-32020"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11020"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.34 installed on FL SWITCH 4012T-2GT-2FX ST",
"product_id": "CSAFPID-32021"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11021"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.34 installed on FL SWITCH 4800E-24FX-4GC",
"product_id": "CSAFPID-32022"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11022"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.34 installed on FL SWITCH 4800E-24FX SM-4GC",
"product_id": "CSAFPID-32023"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11023"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.34 installed on FL SWITCH 4808E-16FX-4GC",
"product_id": "CSAFPID-32024"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11024"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.34 installed on FL SWITCH 4808E-16FX LC-4GC",
"product_id": "CSAFPID-32025"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11025"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.34 installed on FL SWITCH 4808E-16FX SM-4GC",
"product_id": "CSAFPID-32026"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11026"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.34 installed on FL SWITCH 4808E-16FX SM LC-4GC",
"product_id": "CSAFPID-32027"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11027"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.34 installed on FL SWITCH 4808E-16FX SM ST-4GC",
"product_id": "CSAFPID-32028"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11028"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.34 installed on FL SWITCH 4808E-16FX ST-4GC",
"product_id": "CSAFPID-32029"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11029"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.34 installed on FL SWITCH 4824E-4GC",
"product_id": "CSAFPID-32030"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11030"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-10730",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to OS command injection.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014",
"CSAFPID-32015",
"CSAFPID-32016",
"CSAFPID-32017",
"CSAFPID-32018",
"CSAFPID-32019",
"CSAFPID-32020",
"CSAFPID-32021",
"CSAFPID-32022",
"CSAFPID-32023",
"CSAFPID-32024",
"CSAFPID-32025",
"CSAFPID-32026",
"CSAFPID-32027",
"CSAFPID-32028",
"CSAFPID-32029",
"CSAFPID-32030"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Customers using Phoenix Contact managed FL SWITCH devices with affected firmware versions are recommended to update the firmware to version 1.34 or higher which fixes this vulnerability. The updated firmware may be downloaded from the managed switch product page on the Phoenix Contact website.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.1,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"temporalScore": 9.1,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030"
]
}
],
"title": "CVE-2018-10730"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…