PHOENIX CONTACT FL SWITCH 3xxx/4xxx/48xx series - Stack-based Buffer Overflow in shared object file

The attacker can insert executable code into the OS with a very large cookie. This Advisory handles a different vulnerability than VDE-2018-006 with CVE-2018-10728.

VDE-2018-007 (2018-05-16 08:55 UTC+0200)

CVE Identifier


Affected Vendors


Affected Products

All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33.


An attacker may exploit a “long cookie” related vulnerability to cause a buffer overflow that allows unauthorized access to the switches operating system files. The attacker can then insert executable code into the OS.


If vulnerability is exploited, the attacker may create their own executable files that could further exploit the integrity of the managed FL SWITCH. For example, the attacker may deny switch network access.


Temporary Fix / Mitigation

Customers using Phoenix Contact managed FL SWITCH devices with affected firmware versions are recommended to disable the switch Web Agent.


Customers using Phoenix Contact managed FL SWITCH devices with affected firmware versions are recommended to update the firmware to version 1.34 or higher which fixes this vulnerability. The updated firmware may be downloaded from the managed switch product page on the Phoenix Contact website:

Article No. Model Updated Firmware
2891030 FL SWITCH 3005
2891032 FL SWITCH 3005T
2891033 FL SWITCH 3004T-FX
2891034 FL SWITCH 3004T-FX ST
2891031 FL SWITCH 3008
2891035 FL SWITCH 3008T
2891036 FL SWITCH 3006T-2FX
2891037 FL SWITCH 3006T-2FX ST
2891067 FL SWITCH 3012E-2SFX
2891066 FL SWITCH 3016E
2891058 FL SWITCH 3016
2891059 FL SWITCH 3016T
2891060 FL SWITCH 3006T-2FX SM
2891062 FL SWITCH 4008T-2SFP
2891061 FL SWITCH 4008T-2GT-4FX SM
2891160 FL SWITCH 4008T-2GT-3FX SM
2891073 FL SWITCH 4808E-16FX LC-4GC
2891080 FL SWITCH 4808E-16FX SM-4GC
2891086 FL SWITCH 4808E-16FX SM ST-4GC
2891085 FL SWITCH 4808E-16FX ST-4GC
2891079 FL SWITCH 4808E-16FX-4GC
2891074 FL SWITCH 4808E-16FX SM LC-4GC
2891063 FL SWITCH 4012T 2GT 2FX
2891161 FL SWITCH 4012T-2GT-2FX ST
2891072 FL SWITCH 4824E-4GC
2891102 FL SWITCH 4800E-24FX-4GC
2891104 FL SWITCH 4800E-24FX SM-4GC
2891120 FL SWITCH 3012E-2FX
2891119 FL SWITCH 3012E-2FX SM
2891162 FL SWITCH 4000T-8POE-2SFP-R please contact your local customer service

Reported by

Vyacheslav Moskvin and Semen Sokolov (Positive Technologies) reported these vulnerabilities to PHOENIX CONTACT