An attacker with permission to transfer configuration files to/from the switch or permission to upgrade firmware, is able to execute arbitrary OS shell commands. CGI applications config_transfer.cgi and software_update.cgi are prone to OS command injection through targeted manipulation of their web-request headers.
Several CPUs manufactured by Intel, AMD or based on ARM technology may leak information due to their internal operation if attacked by specifically written software executed on the affected systems.
The information in this advisory is based on the statements of respective manufacturers.
The integrity of the mGuard firmware atomic update process cannot be guaranteed under all circumstances.
The mGuard atomic update mechanism relies on internal checksums for the integrity verification of some portions of the update packages. The verification of these internal checksums may not always be performed correctly.
PHOENIX CONTACT FL SWITCH 3xxx series, FL SWITCH 4xxx series, and FL SWITCH 48xx series products running firmware version 1.0 to 1.32 allow unauthenticated users with network access to gain administrative privileges (CVE-2017-16743) and expose information to unauthenticated users in Monitor Mode (CVE-2017-16741).
A cross-site scripting (XSS) vulnerability affects PHOENIX CONTACT FL COMSERVER products running firmware versions prior to 1.99, 2.20, or 2.40.
Multiple security issues and vulnerabilities within the WPA2 standard have been identified and publicized by Mr. Mathy Vanhoef of KU Leuven. These vulnerabilities may allow the reinstallation of a pairwise transient key, a group key, or an integrity key on either a wireless client or a wireless access point (AP). In consequence, an attacker could establish a man-in-the-middle position between AP and client facilitating packet decryption and injection.
Update A - 2017-11-09
* Added a detailed list of affected products
Update B - 2018-09-24
* Added firmware update information, see section "Solution"
Multiple security issues and vulnerabilities in Oracle Java SE possibly affecting mGuard device manager (mdm / FL MGUARD DM) 1.8.0 and older.
Openswan 2.6.39 and earlier, which is used in the mGuard firmware version 8.0.0 to 8.5.1, allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads.