VDE-2019-001 | CERT@VDE

2019-01-23 13:02 (CET) VDE-2019-001

PHOENIX CONTACT: Multiple Vulnerabilities in FL SWITCH 3xxx, 4xxx and 48xx

Share: Email | Twitter

ID

VDE-2019-001

Published

2019-01-23 13:02 (CET)

Last update

2019-01-23 13:02 (CET)

Vendor(s)

PHOENIX CONTACT GmbH & Co. KG

Product(s)

Article No°	Product Name	Affected Version(s)
2891033	FL SWITCH 3004T-FX	1.0 <= 1.34
2891034	FL SWITCH 3004T-FX ST	1.0 <= 1.34
2891030	FL SWITCH 3005	1.0 <= 1.34
2891032	FL SWITCH 3005T	1.0 <= 1.34
2891036	FL SWITCH 3006T-2FX	1.0 <= 1.34
2891060	FL SWITCH 3006T-2FX SM	1.0 <= 1.34
2891037	FL SWITCH 3006T-2FX ST	1.0 <= 1.34
2891031	FL SWITCH 3008	1.0 <= 1.34
2891035	FL SWITCH 3008T	1.0 <= 1.34
2891120	FL SWITCH 3012E-2FX	1.0 <= 1.34
2891119	FL SWITCH 3012E-2FX SM	1.0 <= 1.34
2891067	FL SWITCH 3012E-2SFX	1.0 <= 1.34
2891058	FL SWITCH 3016	1.0 <= 1.34
2891066	FL SWITCH 3016E	1.0 <= 1.34
2891059	FL SWITCH 3016T	1.0 <= 1.34
1026924	FL SWITCH 4000T-4POE-1SFP	1.0 <= 1.34
1026923	FL SWITCH 4000T-8POE-2SFP	1.0 <= 1.34
1026922	FL SWITCH 4004T-8POE-4SFP	1.0 <= 1.34
2891160	FL SWITCH 4008T-2GT-3FX SM	1.0 <= 1.34
2891061	FL SWITCH 4008T-2GT-4FX SM	1.0 <= 1.34
2891062	FL SWITCH 4008T-2SFP	1.0 <= 1.34
2891063	FL SWITCH 4012T-2GT-2FX	1.0 <= 1.34
2891161	FL SWITCH 4012T-2GT-2FX ST	1.0 <= 1.34
2891102	FL SWITCH 4800E-24FX-4GC	1.0 <= 1.34
2891104	FL SWITCH 4800E-24FX SM-4GC	1.0 <= 1.34
2891079	FL SWITCH 4808E-16FX-4GC	1.0 <= 1.34
2891073	FL SWITCH 4808E-16FX LC-4GC	1.0 <= 1.34
2891080	FL SWITCH 4808E-16FX SM-4GC	1.0 <= 1.34
2891074	FL SWITCH 4808E-16FX SM LC-4GC	1.0 <= 1.34
2891086	FL SWITCH 4808E-16FX SM ST-4GC	1.0 <= 1.34
2891085	FL SWITCH 4808E-16FX ST-4GC	1.0 <= 1.34
2891072	FL SWITCH 4824E-4GC	1.0 <= 1.34

Summary

Multiple vulnerabilities for FL SWITCH have been identified in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx version 1.0 to 1.34.

Vulnerabilities

CVE-2018-13993

8.8

Last Update

Jan. 31, 2020, 3:22 p.m.

Severity

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

Weakness

Cross-Site Request Forgery (CSRF) (CWE-352)

Summary

The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is prone to CSRF.

Details

nvd.nist.gov

CVE-2018-13990

8.6

Last Update

Jan. 31, 2020, 3:27 p.m.

Severity

8.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L)

Weakness

Improper Authentication (CWE-287)

Summary

The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions prior to 1.35 is vulnerable to brute-force attacks, because of Improper Restriction of Excessive Authentication Attempts.

Details

nvd.nist.gov

CVE-2018-13992

8.2

Last Update

Jan. 31, 2020, 3:28 p.m.

Severity

8.2 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N)

Weakness

Credentials Management (CWE-255)

Summary

The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 allows for plaintext transmission (HTTP) of user credentials by default.

Details

nvd.nist.gov

CVE-2018-13994

7.5

Last Update

Jan. 31, 2020, 3:28 p.m.

Severity

7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Weakness

Uncontrolled Resource Consumption (CWE-400)

Summary

The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is vulnerable to a denial-of-service attack by making more than 120 connections.

Details

nvd.nist.gov

CVE-2018-13991

5.3

Last Update

Jan. 31, 2020, 3:28 p.m.

Severity

5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Weakness

Information Exposure (CWE-200)

Summary

The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 leaks private information in firmware images.

Details

nvd.nist.gov

CVE-2017-3735

5.3

Last Update

Jan. 31, 2020, 3:29 p.m.

Severity

5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Weakness

Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119)

Summary

While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.

Details

nvd.nist.gov

Solution

Remediation for CWE-319 (CVE-2018-13992):

Customers using Phoenix Contact managed FL SWITCH devices are recommended to enable HTTP security.

Remediation for CWE-352 (CVE-2018-13993), CWE-307 (CVE-2018-13990), CWE-400 (CVE-2018-13994), CWE-922 (CVE-2018-13991), CWE-119 (CVE-2017-3735)

Customers using Phoenix Contact managed FL SWITCH devices with affected firmware versions are recommended to update the firmware to version 1.35 or higher which fixes these vulnerabilities. The updated firmware may be downloaded from the managed switch product page on the Phoenix Contact website:

Article No.	Model	Updated Firmware
2891033	FL SWITCH 3004T-FX	download
2891034	FL SWITCH 3004T-FX ST	download
2891030	FL SWITCH 3005	download
2891032	FL SWITCH 3005T	download
2891036	FL SWITCH 3006T-2FX	download
2891060	FL SWITCH 3006T-2FX SM	download
2891037	FL SWITCH 3006T-2FX ST	download
2891031	FL SWITCH 3008	download
2891035	FL SWITCH 3008T	download
2891120	FL SWITCH 3012E-2FX	download
2891119	FL SWITCH 3012E-2FX SM	download
2891067	FL SWITCH 3012E-2SFX	download
2891058	FL SWITCH 3016	download
2891066	FL SWITCH 3016E	download
2891059	FL SWITCH 3016T	download
1026924	FL SWITCH 4000T-4POE-1SFP	download
1026923	FL SWITCH 4000T-8POE-2SFP	download
1026922	FL SWITCH 4004T-8POE-4SFP	download
2891160	FL SWITCH 4008T-2GT-3FX SM	download
2891061	FL SWITCH 4008T-2GT-4FX SM	download
2891062	FL SWITCH 4008T-2SFP	download
2891063	FL SWITCH 4012T-2GT-2FX	download
2891161	FL SWITCH 4012T-2GT-2FX ST	download
2891104	FL SWITCH 4800E-24FX SM-4GC	download
2891102	FL SWITCH 4800E-24FX-4GC	download
2891073	FL SWITCH 4808E-16FX LC-4GC	download
2891074	FL SWITCH 4808E-16FX SM LC-4GC	download
2891086	FL SWITCH 4808E-16FX SM ST-4GC	download
2891080	FL SWITCH 4808E-16FX SM-4GC	download
2891085	FL SWITCH 4808E-16FX ST-4GC	download
2891079	FL SWITCH 4808E-16FX-4GC	download
2891072	FL SWITCH 4824E-4GC	download

Reported by

Theses vulnerabilities have been discovered by Evgeniy Druzhinin, Ilya Karpov and Georgy Zaytsev (Positive Technologies).

PHOENIX CONTACT reported these vulnerabilities to CERT@VDE.