Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-10731

All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to buffer overflows when handling very large cookies (a different vulnerability than CVE-2018-10728).

Published

2018-05-17T19:29:00.447

Last Modified

2024-11-21T03:41:56.613

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 9.0 (CRITICAL)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

8.6

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-119
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System phoenixcontact fl_switch_3005_firmware ≤ 1.33 Yes
Hardware phoenixcontact fl_switch_3005 - No
Operating System phoenixcontact fl_switch_3005t_firmware ≤ 1.33 Yes
Hardware phoenixcontact fl_switch_3005t - No
Operating System phoenixcontact fl_switch_3004t-fx_firmware ≤ 1.33 Yes
Hardware phoenixcontact fl_switch_3004t-fx - No
Operating System phoenixcontact fl_switch_3004t-fx_st_firmware ≤ 1.33 Yes
Hardware phoenixcontact fl_switch_3004t-fx_st - No
Operating System phoenixcontact fl_switch_3008_firmware ≤ 1.33 Yes
Hardware phoenixcontact fl_switch_3008 - No
Operating System phoenixcontact fl_switch_3008t_firmware ≤ 1.33 Yes
Hardware phoenixcontact fl_switch_3008t - No
Operating System phoenixcontact fl_switch_3006t-2fx_firmware ≤ 1.33 Yes
Hardware phoenixcontact fl_switch_3006t-2fx - No
Operating System phoenixcontact fl_switch_3006t-2fx_st_firmware ≤ 1.33 Yes
Hardware phoenixcontact fl_switch_3006t-2fx_st - No
Operating System phoenixcontact fl_switch_3012e-2sfx_firmware ≤ 1.33 Yes
Hardware phoenixcontact fl_switch_3012e-2sfx - No
Operating System phoenixcontact fl_switch_3016e_firmware ≤ 1.33 Yes
Hardware phoenixcontact fl_switch_3016e - No
Operating System phoenixcontact fl_switch_3016_firmware ≤ 1.33 Yes
Hardware phoenixcontact fl_switch_3016 - No
Operating System phoenixcontact fl_switch_3016t_firmware ≤ 1.33 Yes
Hardware phoenixcontact fl_switch_3016t - No
Operating System phoenixcontact fl_switch_3006t-2fx_sm_firmware ≤ 1.33 Yes
Hardware phoenixcontact fl_switch_3006t-2fx_sm - No
Operating System phoenixcontact fl_switch_4008t-2sfp_firmware ≤ 1.33 Yes
Hardware phoenixcontact fl_switch_4008t-2sfp - No
Operating System phoenixcontact fl_switch_4008t-2gt-4fx_sm_firmware ≤ 1.33 Yes
Hardware phoenixcontact fl_switch_4008t-2gt-4fx_sm - No
Operating System phoenixcontact fl_switch_4008t-2gt-3fx_sm_firmware ≤ 1.33 Yes
Hardware phoenixcontact fl_switch_4008t-2gt-3fx_sm - No
Operating System phoenixcontact fl_switch_4808e-16fx_lc-4gc_firmware ≤ 1.33 Yes
Hardware phoenixcontact fl_switch_4808e-16fx_lc-4gc - No
Operating System phoenixcontact fl_switch_4808e-16fx_sm-4gc_firmware ≤ 1.33 Yes
Hardware phoenixcontact fl_switch_4808e-16fx_sm-4gc - No
Operating System phoenixcontact fl_switch_4808e-16fx_sm_st-4gc_firmware ≤ 1.33 Yes
Hardware phoenixcontact fl_switch_4808e-16fx_sm_st-4gc - No
Operating System phoenixcontact fl_switch_4808e-16fx_st-4gc_firmware ≤ 1.33 Yes
Hardware phoenixcontact fl_switch_4808e-16fx_st-4gc - No
Operating System phoenixcontact fl_switch_4808e-16fx-4gc_firmware ≤ 1.33 Yes
Hardware phoenixcontact fl_switch_4808e-16fx-4gc - No
Operating System phoenixcontact fl_switch_4808e-16fx_sm_lc-4gc_firmware ≤ 1.33 Yes
Hardware phoenixcontact fl_switch_4808e-16fx_sm_lc-4gc - No
Operating System phoenixcontact fl_switch_4012t_2gt_2fx_firmware ≤ 1.33 Yes
Hardware phoenixcontact fl_switch_4012t_2gt_2fx - No
Operating System phoenixcontact fl_switch_4012t-2gt-2fx_st_firmware ≤ 1.33 Yes
Hardware phoenixcontact fl_switch_4012t-2gt-2fx_st - No
Operating System phoenixcontact fl_switch_4824e-4gc_firmware ≤ 1.33 Yes
Hardware phoenixcontact fl_switch_4824e-4gc - No
Operating System phoenixcontact fl_switch_4800e-24fx-4gc_firmware ≤ 1.33 Yes
Hardware phoenixcontact fl_switch_4800e-24fx-4gc - No
Operating System phoenixcontact fl_switch_4800e-24fx_sm-4gc_firmware ≤ 1.33 Yes
Hardware phoenixcontact fl_switch_4800e-24fx_sm-4gc - No
Operating System phoenixcontact fl_switch_3012e-2fx_sm_firmware ≤ 1.33 Yes
Hardware phoenixcontact fl_switch_3012e-2fx_sm - No
Operating System phoenixcontact fl_switch_4000t-8poe-2sfp-r_firmware ≤ 1.33 Yes
Hardware phoenixcontact fl_switch_4000t-8poe-2sfp-r - No
References