Phoenix Contact Clears FL SWITCH Holes

Friday, May 18, 2018 @ 02:05 PM gHale

Phoenix Contact has firmware upgrades to mitigate command injection, information exposure and stack-based buffer overflow vulnerabilities in its FL SWITCH 3xxx/4xxx/48xx Series, according to a report with NCCIC.

Successful exploitation of these remotely exploitable vulnerabilities could allow for remote code execution and information disclosure.

RELATED STORIES
GE Releases PACSystems Firmware
Hole in Medtronic Clinician Programmer
Advantech Clears Multiple WebAccess Holes
MatrikonOPC Patches Hole in Explorer

CERT@VDE working with Vyacheslav Moskvin, Semen Sokolov, Evgeniy Druzhinin, Georgy Zaytsev and Ilya Karpov of Positive Technologies and Phoenix Contact reported the vulnerabilities.

All FL SWITCH 3xxx, 4xxx, and 48xxx Series products running firmware Version 1.0 to 1.32 are affected.

In one vulnerability, an attacker with permission to transfer configuration files to or from the switch or permission to upgrade firmware is able to execute arbitrary OS shell commands.
CVE-2018-10730 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 9.1.

In addition, web interface CGI applications may copy the contents of the running configuration file to a commonly accessed file. Manipulation of a web login request can expose the contents of this file through to the web browser. A successful web interface login attempt is not required to read the configuration file contents.

CVE-2018-10729 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 5.3.

Also, an attacker may insert a carefully crafted cookie into a GET request to cause a buffer overflow that can initiate a denial of service attack and execute arbitrary code.

CVE-2018-10728 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 8.1.

In addition, a remote attacker may exploit a “long cookie” related vulnerability to cause a buffer overflow that allows unauthorized access to the switches operating system files and the insertion of executable code into the OS.

CVE-2018-10731 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 9.0.

The product sees use in the communications, critical manufacturing and information technology sectors. It also sees action on a global basis.

No known public exploits specifically target these vulnerabilities. However, an attacker with low skill level could leverage the vulnerabilities.

Phoenix Contact recommends affected users upgrade to firmware Version 1.34 or Phoenix Contact website:
FL SWITCH 3005

FL SWITCH 3005T

FL SWITCH 3004T-FX

FL SWITCH 3004T-FX ST

FL SWITCH 3008

FL SWITCH 3008T

FL SWITCH 3006T-2FX

FL SWITCH 3006T-2FX ST

FL SWITCH 3012E-2SFX

FL SWITCH 3016E

FL SWITCH 3016

FL SWITCH 3016T

FL SWITCH 3006T-2FX SM

FL SWITCH 4008T-2SFP

FL SWITCH 4008T-2GT-4FX SM

FL SWITCH 4008T-2GT-3FX SM

FL SWITCH 4808E-16FX LC-4GC

FL SWITCH 4808E-16FX SM-4GC

FL SWITCH 4808E-16FX SM ST-4GC

FL SWITCH 4808E-16FX ST-4GC

FL SWITCH 4808E-16FX-4GC

FL SWITCH 4808E-16FX SM LC-4GC

FL SWITCH 4012T 2GT 2FX

FL SWITCH 4012T-2GT-2FX ST

FL SWITCH 4824E-4GC

FL SWITCH 4800E-24FX-4GC

FL SWITCH 4800E-24FX SM-4GC

FL SWITCH 4800E-24FX SM-4GC

FL SWITCH 3012E-2FX SM

FL SWITCH 4000T-8POE-2SFP-R



Leave a Reply

You must be logged in to post a comment.