Share: Email | Twitter

ID

VDE-2019-001

Published

2019-01-23 13:02 (CET)

Last update

2020-02-18 08:00 (CET)

Vendor(s)

PHOENIX CONTACT

Product(s)

FL SWITCH 3xxx, 4xxx and 48xx

Summary

Multiple vulnerabilities for FL SWITCH have been identified in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx version 1.0 to 1.34. 

Vulnerabilities



Weakness
Cross-Site Request Forgery (CSRF) (CWE-352)
Summary
The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is prone to CSRF.
Weakness
Improper Authentication (CWE-287)
Summary
The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions prior to 1.35 is vulnerable to brute-force attacks, because of Improper Restriction of Excessive Authentication Attempts.
Weakness
Credentials Management (CWE-255)
Summary
The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 allows for plaintext transmission (HTTP) of user credentials by default.
Weakness
Uncontrolled Resource Consumption (CWE-400)
Summary
The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is vulnerable to a denial-of-service attack by making more than 120 connections.
Weakness
Information Exposure (CWE-200)
Summary
The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 leaks private information in firmware images.
Weakness
Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119)
Summary
While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug ...

Solution

Remediation for CWE-319 (CVE-2018-13992):

Customers using Phoenix Contact managed FL SWITCH devices are recommended to enable HTTP security.


Remediation for CWE-352 (CVE-2018-13993), CWE-307 (CVE-2018-13990), CWE-400 (CVE-2018-13994), CWE-922 (CVE-2018-13991), CWE-119 (CVE-2017-3735)

Customers using Phoenix Contact managed FL SWITCH devices with affected firmware versions are recommended to update the firmware to version 1.35 or higher which fixes these vulnerabilities. The updated firmware may be downloaded from the managed switch product page on the Phoenix Contact website:

Article No.

Model

Updated Firmware

2891033

FL SWITCH 3004T-FX            

download

2891034

FL SWITCH 3004T-FX ST         

download

2891030

FL SWITCH 3005                

download

2891032

FL SWITCH 3005T               

download

2891036

FL SWITCH 3006T-2FX           

download

2891060

FL SWITCH 3006T-2FX SM        

download

2891037

FL SWITCH 3006T-2FX ST        

download

2891031

FL SWITCH 3008                

download

2891035

FL SWITCH 3008T               

download

2891120

FL SWITCH 3012E-2FX           

download

2891119

FL SWITCH 3012E-2FX SM        

download

2891067

FL SWITCH 3012E-2SFX          

download

2891058

FL SWITCH 3016                

download

2891066

FL SWITCH 3016E               

download

2891059

FL SWITCH 3016T               

download

1026924

FL SWITCH 4000T-4POE-1SFP

download

1026923

FL SWITCH 4000T-8POE-2SFP

download

1026922

FL SWITCH 4004T-8POE-4SFP

download

2891160

FL SWITCH 4008T-2GT-3FX SM    

download

2891061

FL SWITCH 4008T-2GT-4FX SM    

download

2891062

FL SWITCH 4008T-2SFP          

download

2891063

FL SWITCH 4012T-2GT-2FX       

download

2891161

FL SWITCH 4012T-2GT-2FX ST    

download

2891104

FL SWITCH 4800E-24FX SM-4GC   

download

2891102

FL SWITCH 4800E-24FX-4GC      

download

2891073

FL SWITCH 4808E-16FX LC-4GC   

download

2891074

FL SWITCH 4808E-16FX SM LC-4GC

download

2891086

FL SWITCH 4808E-16FX SM ST-4GC

download

2891080

FL SWITCH 4808E-16FX SM-4GC   

download

2891085

FL SWITCH 4808E-16FX ST-4GC   

download

2891079

FL SWITCH 4808E-16FX-4GC      

download

2891072

FL SWITCH 4824E-4GC           

download

Reported by

Theses vulnerabilities have been discovered by Evgeniy Druzhinin, Ilya Karpov and Georgy Zaytsev (Positive Technologies).

PHOENIX CONTACT reported these vulnerabilities to CERT@VDE.