An attacker may exploit a “long cookie” related vulnerability to cause a buffer overflow that allows unauthorized access to the switches operating system files. The attacker can then insert executable code into the OS.
An attacker may insert a carefully crafted cookie into a GET menu_pxc.cgi or GET index.cgi request to cause a buffer overflow that can initiate a Denial of Service attack and execute arbitrary code.
Web interface CGI applications may copy the contents of the running configuration file to a commonly accessed file. Clever manipulation of a web login request can expose the contents of this file through to the web browser. A successful web interface login attempt is not required to read the configuration file contents.
FL SWITCH Configuration File can be read by unauthenticated user.
An attacker with permission to transfer configuration files to/from the switch or permission to upgrade firmware, is able to execute arbitrary OS shell commands. CGI applications config_transfer.cgi and software_update.cgi are prone to OS command injection through targeted manipulation of their web-request headers.
Several CPUs manufactured by Intel, AMD or based on ARM technology may leak information due to their internal operation if attacked by specifically written software executed on the affected systems.
The information in this advisory is based on the statements of respective manufacturers.
Critical vulnerabilities within several CPUs have been identified by security researchers. These hardware vulnerabilities allow programs to learn about the contents of a system's memory, using side-channel attacks. Potential attack vectors against these vulnerabilities have been published and dubbed Meltdown and Spectre. While programs are typically not permitted to read data from the OS kernel or from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in kernel memory or the memory of other programs executed on the same CPU. As a consequence, an exploit could allow attackers to get access to any sensitive data, including passwords or cryptographic keys.
The integrity of the mGuard firmware atomic update process cannot be guaranteed under all circumstances.
The mGuard atomic update mechanism relies on internal checksums for the integrity verification of some portions of the update packages. The verification of these internal checksums may not always be performed correctly.
PHOENIX CONTACT FL SWITCH 3xxx series, FL SWITCH 4xxx series, and FL SWITCH 48xx series products running firmware version 1.0 to 1.32 allow unauthenticated users with network access to gain administrative privileges (CVE-2017-16743) and expose information to unauthenticated users in Monitor Mode (CVE-2017-16741).