PHOENIX CONTACT FL SWITCH 3xxx/4xxx/48xx series through 1.33 has a Stack-based Buffer Overflow (Update A)
VDE-2018-006A (2018-05-16 08:40 UTC+0200)
CVE Identifier
CVE-2018-10728Affected Vendors
PHOENIX CONTACT
Affected Products
All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33.
Vulnerability Type
Stack-based Buffer Overflow (CWE - 121)Summary
An attacker may insert a carefully crafted cookie into a GET menu_pxc.cgi or GET index.cgi request to cause a buffer overflow that can initiate a Denial of Service attack and execute arbitrary code.
Impact
If vulnerability is exploited, the attacker may disable Web and Telnet services and execute arbitrary code.
Update 2018-05-28
Due to the way this vulnerability was discovered, the Attack Complexity has been changed from HIGH to LOW. This results in a new CVSS Vector with a severity of 9.8.
Solution
Temporary Fix / Mitigation
Customers using Phoenix Contact managed FL SWITCH devices with affected firmware versions are recommended to disable the switch Web Agent.
Remediation
Customers using Phoenix Contact managed FL SWITCH devices with affected firmware versions are recommended to update the firmware to version 1.34 or higher which fixes this vulnerability. The updated firmware may be downloaded from the managed switch product page on the Phoenix Contact website:
Reported by
Evgeniy Druzhinin, Georgy Zaytsev and Ilya Karpov (Positive Technologies) reported these vulnerabilities to PHOENIX CONTACT