VDE-2017-006
Vulnerability from csaf_phoenixcontactgmbhcokg - Published: 2018-01-10 09:36 - Updated: 2025-05-14 13:00Summary
PHOENIX CONTACT: FL SWITCH 3xxx/4xxx/48xx series web-service authentication bypass
Notes
Summary: PHOENIX CONTACT FL SWITCH 3xxx series, FL SWITCH 4xxx series, and FL SWITCH 48xx series products running firmware version 1.0 to 1.32 allow unauthenticated users with network access to gain administrative privileges (CVE-2017-16743) and expose information to unauthenticated users in Monitor Mode (CVE-2017-16741).
Impact: CVE-2017-16743: web-service authentication bypass, improper authorization (CWE-285) By crafting HTTP Set-Cookie and POST requests, an unauthenticated attacker with network access may bypass the web-service authentication and gain administrative privileges on the managed switch devices. CVE-2017-16741: information exposure (CWE-200) Any user with network access to a managed switch device may use Monitor Mode to read diagnostic information from the device's web interface without prior authentication in the web GUI. This includes information about model, subnet mask, uptime, and utilisation.
Remediation: Customers using PHOENIX CONTACT FL SWITCH 3xxx series, FL SWITCH 4xxx series, and FL SWITCH 48xx series devices with firmware versions up to 1.32 are recommended to update to firmware version 1.33 or higher, which fixes these vulnerabilities. The updated firmware may be downloaded from the following managed switch product pages on the vendor's website:
| Article No. | Model | Updated Firmware |
|-------------|-----------------------------|-----------------------------------------------------------------------------------------------------|
| 2891030 | FL SWITCH 3005 | [Firmware Update](http://www.phoenixcontact.net/qr/2891030/firmware_update) |
| 2891032 | FL SWITCH 3005T | [Firmware Update](http://www.phoenixcontact.net/qr/2891032/firmware_update) |
| 2891033 | FL SWITCH 3004T-FX | [Firmware Update](http://www.phoenixcontact.net/qr/2891033/firmware_update) |
| 2891034 | FL SWITCH 3004T-FX ST | [Firmware Update](http://www.phoenixcontact.net/qr/2891034/firmware_update) |
| 2891031 | FL SWITCH 3008 | [Firmware Update](http://www.phoenixcontact.net/qr/2891031/firmware_update) |
| 2891035 | FL SWITCH 3008T | [Firmware Update](http://www.phoenixcontact.net/qr/2891035/firmware_update) |
| 2891036 | FL SWITCH 3006T-2FX | [Firmware Update](http://www.phoenixcontact.net/qr/2891036/firmware_update) |
| 2891037 | FL SWITCH 3006T-2FX ST | [Firmware Update](http://www.phoenixcontact.net/qr/2891037/firmware_update) |
| 2891067 | FL SWITCH 3012E-2SFX | [Firmware Update](http://www.phoenixcontact.net/qr/2891067/firmware_update) |
| 2891066 | FL SWITCH 3016E | [Firmware Update](http://www.phoenixcontact.net/qr/2891066/firmware_update) |
| 2891058 | FL SWITCH 3016 | [Firmware Update](http://www.phoenixcontact.net/qr/2891058/firmware_update) |
| 2891059 | FL SWITCH 3016T | [Firmware Update](http://www.phoenixcontact.net/qr/2891059/firmware_update) |
| 2891060 | FL SWITCH 3006T-2FX SM | [Firmware Update](http://www.phoenixcontact.net/qr/2891060/firmware_update) |
| 2891062 | FL SWITCH 4008T-2SFP | [Firmware Update](http://www.phoenixcontact.net/qr/2891062/firmware_update) |
| 2891061 | FL SWITCH 4008T-2GT-4FX SM | [Firmware Update](http://www.phoenixcontact.net/qr/2891061/firmware_update) |
| 2891160 | FL SWITCH 4008T-2GT-3FX SM | [Firmware Update](http://www.phoenixcontact.net/qr/2891160/firmware_update) |
| 2891073 | FL SWITCH 4808E-16FX LC-4GC | [Firmware Update](http://www.phoenixcontact.net/qr/2891073/firmware_update) |
| 2891080 | FL SWITCH 4808E-16FX SM-4GC | [Firmware Update](http://www.phoenixcontact.net/qr/2891080/firmware_update) |
| 2891086 | FL SWITCH 4808E-16FX SM ST-4GC | [Firmware Update](http://www.phoenixcontact.net/qr/2891086/firmware_update) |
| 2891085 | FL SWITCH 4808E-16FX ST-4GC | [Firmware Update](http://www.phoenixcontact.net/qr/2891085/firmware_update) |
| 2891079 | FL SWITCH 4808E-16FX-4GC | [Firmware Update](http://www.phoenixcontact.net/qr/2891079/firmware_update) |
| 2891074 | FL SWITCH 4808E-16FX SM LC-4GC | [Firmware Update](http://www.phoenixcontact.net/qr/2891074/firmware_update) |
| 2891063 | FL SWITCH 4012T 2GT 2FX | [Firmware Update](http://www.phoenixcontact.net/qr/2891063/firmware_update) |
| 2891161 | FL SWITCH 4012T-2GT-2FX ST | [Firmware Update](http://www.phoenixcontact.net/qr/2891161/firmware_update) |
| 2891072 | FL SWITCH 4824E-4GC | [Firmware Update](http://www.phoenixcontact.net/qr/2891072/firmware_update) |
| 2891102 | FL SWITCH 4800E-24FX-4GC | [Firmware Update](http://www.phoenixcontact.net/qr/2891102/firmware_update) |
| 2891104 | FL SWITCH 4800E-24FX SM-4GC | [Firmware Update](http://www.phoenixcontact.net/qr/2891104/firmware_update) |
| 2891120 | FL SWITCH 3012E-2FX | [Firmware Update](http://www.phoenixcontact.net/qr/2891120/firmware_update) |
| 2891119 | FL SWITCH 3012E-2FX SM | [Firmware Update](http://www.phoenixcontact.net/qr/2891119/firmware_update) |
| 2891162 | FL SWITCH 4000T-8POE-2SFP-R | Please contact your local customer service |
An Improper Authorization issue was discovered in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, and 48xxx Series products running firmware Version 1.0 to 1.32. A remote unauthenticated attacker may be able to craft special HTTP requests allowing an attacker to bypass web-service authentication allowing the attacker to obtain administrative privileges on the device.
9.8 (Critical)
Vendor Fix
Customers using PHOENIX CONTACT FL SWITCH 3xxx series, FL SWITCH 4xxx series, and FL SWITCH 48xx series devices with firmware versions up to 1.32 are recommended to update to firmware version 1.33 or higher, which fixes these vulnerabilities. The updated firmware may be downloaded from the following managed switch product pages on the vendor's website:
| Article No. | Model | Updated Firmware |
|-------------|-----------------------------|-----------------------------------------------------------------------------------------------------|
| 2891030 | FL SWITCH 3005 | [Firmware Update](http://www.phoenixcontact.net/qr/2891030/firmware_update) |
| 2891032 | FL SWITCH 3005T | [Firmware Update](http://www.phoenixcontact.net/qr/2891032/firmware_update) |
| 2891033 | FL SWITCH 3004T-FX | [Firmware Update](http://www.phoenixcontact.net/qr/2891033/firmware_update) |
| 2891034 | FL SWITCH 3004T-FX ST | [Firmware Update](http://www.phoenixcontact.net/qr/2891034/firmware_update) |
| 2891031 | FL SWITCH 3008 | [Firmware Update](http://www.phoenixcontact.net/qr/2891031/firmware_update) |
| 2891035 | FL SWITCH 3008T | [Firmware Update](http://www.phoenixcontact.net/qr/2891035/firmware_update) |
| 2891036 | FL SWITCH 3006T-2FX | [Firmware Update](http://www.phoenixcontact.net/qr/2891036/firmware_update) |
| 2891037 | FL SWITCH 3006T-2FX ST | [Firmware Update](http://www.phoenixcontact.net/qr/2891037/firmware_update) |
| 2891067 | FL SWITCH 3012E-2SFX | [Firmware Update](http://www.phoenixcontact.net/qr/2891067/firmware_update) |
| 2891066 | FL SWITCH 3016E | [Firmware Update](http://www.phoenixcontact.net/qr/2891066/firmware_update) |
| 2891058 | FL SWITCH 3016 | [Firmware Update](http://www.phoenixcontact.net/qr/2891058/firmware_update) |
| 2891059 | FL SWITCH 3016T | [Firmware Update](http://www.phoenixcontact.net/qr/2891059/firmware_update) |
| 2891060 | FL SWITCH 3006T-2FX SM | [Firmware Update](http://www.phoenixcontact.net/qr/2891060/firmware_update) |
| 2891062 | FL SWITCH 4008T-2SFP | [Firmware Update](http://www.phoenixcontact.net/qr/2891062/firmware_update) |
| 2891061 | FL SWITCH 4008T-2GT-4FX SM | [Firmware Update](http://www.phoenixcontact.net/qr/2891061/firmware_update) |
| 2891160 | FL SWITCH 4008T-2GT-3FX SM | [Firmware Update](http://www.phoenixcontact.net/qr/2891160/firmware_update) |
| 2891073 | FL SWITCH 4808E-16FX LC-4GC | [Firmware Update](http://www.phoenixcontact.net/qr/2891073/firmware_update) |
| 2891080 | FL SWITCH 4808E-16FX SM-4GC | [Firmware Update](http://www.phoenixcontact.net/qr/2891080/firmware_update) |
| 2891086 | FL SWITCH 4808E-16FX SM ST-4GC | [Firmware Update](http://www.phoenixcontact.net/qr/2891086/firmware_update) |
| 2891085 | FL SWITCH 4808E-16FX ST-4GC | [Firmware Update](http://www.phoenixcontact.net/qr/2891085/firmware_update) |
| 2891079 | FL SWITCH 4808E-16FX-4GC | [Firmware Update](http://www.phoenixcontact.net/qr/2891079/firmware_update) |
| 2891074 | FL SWITCH 4808E-16FX SM LC-4GC | [Firmware Update](http://www.phoenixcontact.net/qr/2891074/firmware_update) |
| 2891063 | FL SWITCH 4012T 2GT 2FX | [Firmware Update](http://www.phoenixcontact.net/qr/2891063/firmware_update) |
| 2891161 | FL SWITCH 4012T-2GT-2FX ST | [Firmware Update](http://www.phoenixcontact.net/qr/2891161/firmware_update) |
| 2891072 | FL SWITCH 4824E-4GC | [Firmware Update](http://www.phoenixcontact.net/qr/2891072/firmware_update) |
| 2891102 | FL SWITCH 4800E-24FX-4GC | [Firmware Update](http://www.phoenixcontact.net/qr/2891102/firmware_update) |
| 2891104 | FL SWITCH 4800E-24FX SM-4GC | [Firmware Update](http://www.phoenixcontact.net/qr/2891104/firmware_update) |
| 2891120 | FL SWITCH 3012E-2FX | [Firmware Update](http://www.phoenixcontact.net/qr/2891120/firmware_update) |
| 2891119 | FL SWITCH 3012E-2FX SM | [Firmware Update](http://www.phoenixcontact.net/qr/2891119/firmware_update) |
| 2891162 | FL SWITCH 4000T-8POE-2SFP-R | Please contact your local customer service |
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — | ||
| Unresolved product id: CSAFPID-32011 | — | ||
| Unresolved product id: CSAFPID-32012 | — | ||
| Unresolved product id: CSAFPID-32013 | — | ||
| Unresolved product id: CSAFPID-32014 | — | ||
| Unresolved product id: CSAFPID-32015 | — | ||
| Unresolved product id: CSAFPID-32016 | — | ||
| Unresolved product id: CSAFPID-32017 | — | ||
| Unresolved product id: CSAFPID-32018 | — | ||
| Unresolved product id: CSAFPID-32019 | — | ||
| Unresolved product id: CSAFPID-32020 | — | ||
| Unresolved product id: CSAFPID-32021 | — | ||
| Unresolved product id: CSAFPID-32022 | — | ||
| Unresolved product id: CSAFPID-32023 | — | ||
| Unresolved product id: CSAFPID-32024 | — | ||
| Unresolved product id: CSAFPID-32025 | — | ||
| Unresolved product id: CSAFPID-32026 | — | ||
| Unresolved product id: CSAFPID-32027 | — | ||
| Unresolved product id: CSAFPID-32028 | — | ||
| Unresolved product id: CSAFPID-32029 | — | ||
| Unresolved product id: CSAFPID-32030 | — |
Known affected
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — | ||
| Unresolved product id: CSAFPID-31011 | — | ||
| Unresolved product id: CSAFPID-31012 | — | ||
| Unresolved product id: CSAFPID-31013 | — | ||
| Unresolved product id: CSAFPID-31014 | — | ||
| Unresolved product id: CSAFPID-31015 | — | ||
| Unresolved product id: CSAFPID-31016 | — | ||
| Unresolved product id: CSAFPID-31017 | — | ||
| Unresolved product id: CSAFPID-31018 | — | ||
| Unresolved product id: CSAFPID-31019 | — | ||
| Unresolved product id: CSAFPID-31020 | — | ||
| Unresolved product id: CSAFPID-31021 | — | ||
| Unresolved product id: CSAFPID-31022 | — | ||
| Unresolved product id: CSAFPID-31023 | — | ||
| Unresolved product id: CSAFPID-31024 | — | ||
| Unresolved product id: CSAFPID-31025 | — | ||
| Unresolved product id: CSAFPID-31026 | — | ||
| Unresolved product id: CSAFPID-31027 | — | ||
| Unresolved product id: CSAFPID-31028 | — | ||
| Unresolved product id: CSAFPID-31029 | — | ||
| Unresolved product id: CSAFPID-31030 | — |
An Information Exposure issue was discovered in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, and 48xxx Series products running firmware Version 1.0 to 1.32. A remote unauthenticated attacker may be able to use Monitor Mode on the device to read diagnostic information.
5.3 (Medium)
Vendor Fix
Customers using PHOENIX CONTACT FL SWITCH 3xxx series, FL SWITCH 4xxx series, and FL SWITCH 48xx series devices with firmware versions up to 1.32 are recommended to update to firmware version 1.33 or higher, which fixes these vulnerabilities. The updated firmware may be downloaded from the following managed switch product pages on the vendor's website:
| Article No. | Model | Updated Firmware |
|-------------|-----------------------------|-----------------------------------------------------------------------------------------------------|
| 2891030 | FL SWITCH 3005 | [Firmware Update](http://www.phoenixcontact.net/qr/2891030/firmware_update) |
| 2891032 | FL SWITCH 3005T | [Firmware Update](http://www.phoenixcontact.net/qr/2891032/firmware_update) |
| 2891033 | FL SWITCH 3004T-FX | [Firmware Update](http://www.phoenixcontact.net/qr/2891033/firmware_update) |
| 2891034 | FL SWITCH 3004T-FX ST | [Firmware Update](http://www.phoenixcontact.net/qr/2891034/firmware_update) |
| 2891031 | FL SWITCH 3008 | [Firmware Update](http://www.phoenixcontact.net/qr/2891031/firmware_update) |
| 2891035 | FL SWITCH 3008T | [Firmware Update](http://www.phoenixcontact.net/qr/2891035/firmware_update) |
| 2891036 | FL SWITCH 3006T-2FX | [Firmware Update](http://www.phoenixcontact.net/qr/2891036/firmware_update) |
| 2891037 | FL SWITCH 3006T-2FX ST | [Firmware Update](http://www.phoenixcontact.net/qr/2891037/firmware_update) |
| 2891067 | FL SWITCH 3012E-2SFX | [Firmware Update](http://www.phoenixcontact.net/qr/2891067/firmware_update) |
| 2891066 | FL SWITCH 3016E | [Firmware Update](http://www.phoenixcontact.net/qr/2891066/firmware_update) |
| 2891058 | FL SWITCH 3016 | [Firmware Update](http://www.phoenixcontact.net/qr/2891058/firmware_update) |
| 2891059 | FL SWITCH 3016T | [Firmware Update](http://www.phoenixcontact.net/qr/2891059/firmware_update) |
| 2891060 | FL SWITCH 3006T-2FX SM | [Firmware Update](http://www.phoenixcontact.net/qr/2891060/firmware_update) |
| 2891062 | FL SWITCH 4008T-2SFP | [Firmware Update](http://www.phoenixcontact.net/qr/2891062/firmware_update) |
| 2891061 | FL SWITCH 4008T-2GT-4FX SM | [Firmware Update](http://www.phoenixcontact.net/qr/2891061/firmware_update) |
| 2891160 | FL SWITCH 4008T-2GT-3FX SM | [Firmware Update](http://www.phoenixcontact.net/qr/2891160/firmware_update) |
| 2891073 | FL SWITCH 4808E-16FX LC-4GC | [Firmware Update](http://www.phoenixcontact.net/qr/2891073/firmware_update) |
| 2891080 | FL SWITCH 4808E-16FX SM-4GC | [Firmware Update](http://www.phoenixcontact.net/qr/2891080/firmware_update) |
| 2891086 | FL SWITCH 4808E-16FX SM ST-4GC | [Firmware Update](http://www.phoenixcontact.net/qr/2891086/firmware_update) |
| 2891085 | FL SWITCH 4808E-16FX ST-4GC | [Firmware Update](http://www.phoenixcontact.net/qr/2891085/firmware_update) |
| 2891079 | FL SWITCH 4808E-16FX-4GC | [Firmware Update](http://www.phoenixcontact.net/qr/2891079/firmware_update) |
| 2891074 | FL SWITCH 4808E-16FX SM LC-4GC | [Firmware Update](http://www.phoenixcontact.net/qr/2891074/firmware_update) |
| 2891063 | FL SWITCH 4012T 2GT 2FX | [Firmware Update](http://www.phoenixcontact.net/qr/2891063/firmware_update) |
| 2891161 | FL SWITCH 4012T-2GT-2FX ST | [Firmware Update](http://www.phoenixcontact.net/qr/2891161/firmware_update) |
| 2891072 | FL SWITCH 4824E-4GC | [Firmware Update](http://www.phoenixcontact.net/qr/2891072/firmware_update) |
| 2891102 | FL SWITCH 4800E-24FX-4GC | [Firmware Update](http://www.phoenixcontact.net/qr/2891102/firmware_update) |
| 2891104 | FL SWITCH 4800E-24FX SM-4GC | [Firmware Update](http://www.phoenixcontact.net/qr/2891104/firmware_update) |
| 2891120 | FL SWITCH 3012E-2FX | [Firmware Update](http://www.phoenixcontact.net/qr/2891120/firmware_update) |
| 2891119 | FL SWITCH 3012E-2FX SM | [Firmware Update](http://www.phoenixcontact.net/qr/2891119/firmware_update) |
| 2891162 | FL SWITCH 4000T-8POE-2SFP-R | Please contact your local customer service |
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — | ||
| Unresolved product id: CSAFPID-32011 | — | ||
| Unresolved product id: CSAFPID-32012 | — | ||
| Unresolved product id: CSAFPID-32013 | — | ||
| Unresolved product id: CSAFPID-32014 | — | ||
| Unresolved product id: CSAFPID-32015 | — | ||
| Unresolved product id: CSAFPID-32016 | — | ||
| Unresolved product id: CSAFPID-32017 | — | ||
| Unresolved product id: CSAFPID-32018 | — | ||
| Unresolved product id: CSAFPID-32019 | — | ||
| Unresolved product id: CSAFPID-32020 | — | ||
| Unresolved product id: CSAFPID-32021 | — | ||
| Unresolved product id: CSAFPID-32022 | — | ||
| Unresolved product id: CSAFPID-32023 | — | ||
| Unresolved product id: CSAFPID-32024 | — | ||
| Unresolved product id: CSAFPID-32025 | — | ||
| Unresolved product id: CSAFPID-32026 | — | ||
| Unresolved product id: CSAFPID-32027 | — | ||
| Unresolved product id: CSAFPID-32028 | — | ||
| Unresolved product id: CSAFPID-32029 | — | ||
| Unresolved product id: CSAFPID-32030 | — |
Known affected
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — | ||
| Unresolved product id: CSAFPID-31011 | — | ||
| Unresolved product id: CSAFPID-31012 | — | ||
| Unresolved product id: CSAFPID-31013 | — | ||
| Unresolved product id: CSAFPID-31014 | — | ||
| Unresolved product id: CSAFPID-31015 | — | ||
| Unresolved product id: CSAFPID-31016 | — | ||
| Unresolved product id: CSAFPID-31017 | — | ||
| Unresolved product id: CSAFPID-31018 | — | ||
| Unresolved product id: CSAFPID-31019 | — | ||
| Unresolved product id: CSAFPID-31020 | — | ||
| Unresolved product id: CSAFPID-31021 | — | ||
| Unresolved product id: CSAFPID-31022 | — | ||
| Unresolved product id: CSAFPID-31023 | — | ||
| Unresolved product id: CSAFPID-31024 | — | ||
| Unresolved product id: CSAFPID-31025 | — | ||
| Unresolved product id: CSAFPID-31026 | — | ||
| Unresolved product id: CSAFPID-31027 | — | ||
| Unresolved product id: CSAFPID-31028 | — | ||
| Unresolved product id: CSAFPID-31029 | — | ||
| Unresolved product id: CSAFPID-31030 | — |
References
4 references
Acknowledgments
CERT@VDE
certvde.com
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
},
{
"names": [
"Evgeniy Druzhinin",
"Ilya Karpov"
],
"organization": "Positive Technologies",
"summary": "reporting",
"urls": [
"https://www.phoenixcontact.com"
]
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "PHOENIX CONTACT FL SWITCH 3xxx series, FL SWITCH 4xxx series, and FL SWITCH 48xx series products running firmware version 1.0 to 1.32 allow unauthenticated users with network access to gain administrative privileges (CVE-2017-16743) and expose information to unauthenticated users in Monitor Mode (CVE-2017-16741).",
"title": "Summary"
},
{
"category": "description",
"text": "CVE-2017-16743: web-service authentication bypass, improper authorization (CWE-285) By crafting HTTP Set-Cookie and POST requests, an unauthenticated attacker with network access may bypass the web-service authentication and gain administrative privileges on the managed switch devices. CVE-2017-16741: information exposure (CWE-200) Any user with network access to a managed switch device may use Monitor Mode to read diagnostic information from the device\u0027s web interface without prior authentication in the web GUI. This includes information about model, subnet mask, uptime, and utilisation.",
"title": "Impact"
},
{
"category": "description",
"text": "Customers using PHOENIX CONTACT FL SWITCH 3xxx series, FL SWITCH 4xxx series, and FL SWITCH 48xx series devices with firmware versions up to 1.32 are recommended to update to firmware version 1.33 or higher, which fixes these vulnerabilities. The updated firmware may be downloaded from the following managed switch product pages on the vendor\u0027s website:\n\n| Article No. | Model | Updated Firmware |\n|-------------|-----------------------------|-----------------------------------------------------------------------------------------------------|\n| 2891030 | FL SWITCH 3005 | [Firmware Update](http://www.phoenixcontact.net/qr/2891030/firmware_update) |\n| 2891032 | FL SWITCH 3005T | [Firmware Update](http://www.phoenixcontact.net/qr/2891032/firmware_update) |\n| 2891033 | FL SWITCH 3004T-FX | [Firmware Update](http://www.phoenixcontact.net/qr/2891033/firmware_update) |\n| 2891034 | FL SWITCH 3004T-FX ST | [Firmware Update](http://www.phoenixcontact.net/qr/2891034/firmware_update) |\n| 2891031 | FL SWITCH 3008 | [Firmware Update](http://www.phoenixcontact.net/qr/2891031/firmware_update) |\n| 2891035 | FL SWITCH 3008T | [Firmware Update](http://www.phoenixcontact.net/qr/2891035/firmware_update) |\n| 2891036 | FL SWITCH 3006T-2FX | [Firmware Update](http://www.phoenixcontact.net/qr/2891036/firmware_update) |\n| 2891037 | FL SWITCH 3006T-2FX ST | [Firmware Update](http://www.phoenixcontact.net/qr/2891037/firmware_update) |\n| 2891067 | FL SWITCH 3012E-2SFX | [Firmware Update](http://www.phoenixcontact.net/qr/2891067/firmware_update) |\n| 2891066 | FL SWITCH 3016E | [Firmware Update](http://www.phoenixcontact.net/qr/2891066/firmware_update) |\n| 2891058 | FL SWITCH 3016 | [Firmware Update](http://www.phoenixcontact.net/qr/2891058/firmware_update) |\n| 2891059 | FL SWITCH 3016T | [Firmware Update](http://www.phoenixcontact.net/qr/2891059/firmware_update) |\n| 2891060 | FL SWITCH 3006T-2FX SM | [Firmware Update](http://www.phoenixcontact.net/qr/2891060/firmware_update) |\n| 2891062 | FL SWITCH 4008T-2SFP | [Firmware Update](http://www.phoenixcontact.net/qr/2891062/firmware_update) |\n| 2891061 | FL SWITCH 4008T-2GT-4FX SM | [Firmware Update](http://www.phoenixcontact.net/qr/2891061/firmware_update) |\n| 2891160 | FL SWITCH 4008T-2GT-3FX SM | [Firmware Update](http://www.phoenixcontact.net/qr/2891160/firmware_update) |\n| 2891073 | FL SWITCH 4808E-16FX LC-4GC | [Firmware Update](http://www.phoenixcontact.net/qr/2891073/firmware_update) |\n| 2891080 | FL SWITCH 4808E-16FX SM-4GC | [Firmware Update](http://www.phoenixcontact.net/qr/2891080/firmware_update) |\n| 2891086 | FL SWITCH 4808E-16FX SM ST-4GC | [Firmware Update](http://www.phoenixcontact.net/qr/2891086/firmware_update) |\n| 2891085 | FL SWITCH 4808E-16FX ST-4GC | [Firmware Update](http://www.phoenixcontact.net/qr/2891085/firmware_update) |\n| 2891079 | FL SWITCH 4808E-16FX-4GC | [Firmware Update](http://www.phoenixcontact.net/qr/2891079/firmware_update) |\n| 2891074 | FL SWITCH 4808E-16FX SM LC-4GC | [Firmware Update](http://www.phoenixcontact.net/qr/2891074/firmware_update) |\n| 2891063 | FL SWITCH 4012T 2GT 2FX | [Firmware Update](http://www.phoenixcontact.net/qr/2891063/firmware_update) |\n| 2891161 | FL SWITCH 4012T-2GT-2FX ST | [Firmware Update](http://www.phoenixcontact.net/qr/2891161/firmware_update) |\n| 2891072 | FL SWITCH 4824E-4GC | [Firmware Update](http://www.phoenixcontact.net/qr/2891072/firmware_update) |\n| 2891102 | FL SWITCH 4800E-24FX-4GC | [Firmware Update](http://www.phoenixcontact.net/qr/2891102/firmware_update) |\n| 2891104 | FL SWITCH 4800E-24FX SM-4GC | [Firmware Update](http://www.phoenixcontact.net/qr/2891104/firmware_update) |\n| 2891120 | FL SWITCH 3012E-2FX | [Firmware Update](http://www.phoenixcontact.net/qr/2891120/firmware_update) |\n| 2891119 | FL SWITCH 3012E-2FX SM | [Firmware Update](http://www.phoenixcontact.net/qr/2891119/firmware_update) |\n| 2891162 | FL SWITCH 4000T-8POE-2SFP-R | Please contact your local customer service |",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@phoenixcontact.com",
"name": "Phoenix Contact GmbH \u0026 Co. KG",
"namespace": "https://phoenixcontact.com/psirt"
},
"references": [
{
"category": "external",
"summary": "Phoenix Contact PSIRT ",
"url": "https://www.phoenixcontact.com/de-de/service-und-support/psirt"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for Phoenix Contact GmbH \u0026 Co. KG",
"url": "https://certvde.com/en/advisories/vendor/phoenixcontact/"
},
{
"category": "self",
"summary": "VDE-2017-006: PHOENIX CONTACT: FL SWITCH 3xxx/4xxx/48xx series web-service authentication bypass - HTML",
"url": "https://certvde.com/en/advisories/VDE-2017-006/"
},
{
"category": "self",
"summary": "VDE-2017-006: PHOENIX CONTACT: FL SWITCH 3xxx/4xxx/48xx series web-service authentication bypass - CSAF",
"url": "https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2018/vde-2017-006.json"
}
],
"title": "PHOENIX CONTACT: FL SWITCH 3xxx/4xxx/48xx series web-service authentication bypass",
"tracking": {
"aliases": [
"VDE-2017-006"
],
"current_release_date": "2025-05-14T13:00:14.000Z",
"generator": {
"date": "2025-03-19T14:44:07.576Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.21"
}
},
"id": "VDE-2017-006",
"initial_release_date": "2018-01-10T09:36:00.000Z",
"revision_history": [
{
"date": "2018-01-10T09:36:00.000Z",
"number": "1",
"summary": "Initial revision."
},
{
"date": "2025-04-10T13:00:00.000Z",
"number": "2",
"summary": "fixed csaf reference URL"
},
{
"date": "2025-05-14T13:00:14.000Z",
"number": "3",
"summary": "Fix: added distribution"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.33",
"product": {
"name": "Firmware \u003c1.33",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version",
"name": "1.33",
"product": {
"name": "Firmware 1.33",
"product_id": "CSAFPID-22001"
}
}
],
"category": "product_family",
"name": "Firmware"
},
{
"branches": [
{
"category": "product_name",
"name": "FL SWITCH 3004T-FX",
"product": {
"name": "FL SWITCH 3004T-FX",
"product_id": "CSAFPID-11001",
"product_identification_helper": {
"model_numbers": [
"2891033"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 3004T-FX ST",
"product": {
"name": "FL SWITCH 3004T-FX ST",
"product_id": "CSAFPID-11002",
"product_identification_helper": {
"model_numbers": [
"2891034"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 3005",
"product": {
"name": "FL SWITCH 3005",
"product_id": "CSAFPID-11003",
"product_identification_helper": {
"model_numbers": [
"2891030"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 3005T",
"product": {
"name": "FL SWITCH 3005T",
"product_id": "CSAFPID-11004",
"product_identification_helper": {
"model_numbers": [
"2891032"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 3006T-2FX",
"product": {
"name": "FL SWITCH 3006T-2FX",
"product_id": "CSAFPID-11005",
"product_identification_helper": {
"model_numbers": [
"2891036"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 3006T-2FX SM",
"product": {
"name": "FL SWITCH 3006T-2FX SM",
"product_id": "CSAFPID-11006",
"product_identification_helper": {
"model_numbers": [
"2891060"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 3006T-2FX ST",
"product": {
"name": "FL SWITCH 3006T-2FX ST",
"product_id": "CSAFPID-11007",
"product_identification_helper": {
"model_numbers": [
"2891037"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 3008",
"product": {
"name": "FL SWITCH 3008",
"product_id": "CSAFPID-11008",
"product_identification_helper": {
"model_numbers": [
"2891031"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 3008T",
"product": {
"name": "FL SWITCH 3008T",
"product_id": "CSAFPID-11009",
"product_identification_helper": {
"model_numbers": [
"2891035"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 3012E-2FX",
"product": {
"name": "FL SWITCH 3012E-2FX",
"product_id": "CSAFPID-11010",
"product_identification_helper": {
"model_numbers": [
"2891120"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 3012E-2FX SM",
"product": {
"name": "FL SWITCH 3012E-2FX SM",
"product_id": "CSAFPID-11011",
"product_identification_helper": {
"model_numbers": [
"2891119"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 3012E-2SFX",
"product": {
"name": "FL SWITCH 3012E-2SFX",
"product_id": "CSAFPID-11012",
"product_identification_helper": {
"model_numbers": [
"2891067"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 3016",
"product": {
"name": "FL SWITCH 3016",
"product_id": "CSAFPID-11013",
"product_identification_helper": {
"model_numbers": [
"2891058"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 3016E",
"product": {
"name": "FL SWITCH 3016E",
"product_id": "CSAFPID-11014",
"product_identification_helper": {
"model_numbers": [
"2891066"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 3016T",
"product": {
"name": "FL SWITCH 3016T",
"product_id": "CSAFPID-11015",
"product_identification_helper": {
"model_numbers": [
"2891059"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 4000T-8POE-2SFP-R",
"product": {
"name": "FL SWITCH 4000T-8POE-2SFP-R",
"product_id": "CSAFPID-11016",
"product_identification_helper": {
"model_numbers": [
"2891162"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 4008T-2GT-3FX SM",
"product": {
"name": "FL SWITCH 4008T-2GT-3FX SM",
"product_id": "CSAFPID-11017",
"product_identification_helper": {
"model_numbers": [
"2891160"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 4008T-2GT-4FX SM",
"product": {
"name": "FL SWITCH 4008T-2GT-4FX SM",
"product_id": "CSAFPID-11018",
"product_identification_helper": {
"model_numbers": [
"2891061"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 4008T-2SFP",
"product": {
"name": "FL SWITCH 4008T-2SFP",
"product_id": "CSAFPID-11019",
"product_identification_helper": {
"model_numbers": [
"2891062"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 4012T-2GT-2FX",
"product": {
"name": "FL SWITCH 4012T-2GT-2FX",
"product_id": "CSAFPID-11020",
"product_identification_helper": {
"model_numbers": [
"2891063"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 4012T-2GT-2FX ST",
"product": {
"name": "FL SWITCH 4012T-2GT-2FX ST",
"product_id": "CSAFPID-11021",
"product_identification_helper": {
"model_numbers": [
"2891161"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 4800E-24FX-4GC",
"product": {
"name": "FL SWITCH 4800E-24FX-4GC",
"product_id": "CSAFPID-11022",
"product_identification_helper": {
"model_numbers": [
"2891102"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 4800E-24FX SM-4GC",
"product": {
"name": "FL SWITCH 4800E-24FX SM-4GC",
"product_id": "CSAFPID-11023",
"product_identification_helper": {
"model_numbers": [
"2891104"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 4808E-16FX-4GC",
"product": {
"name": "FL SWITCH 4808E-16FX-4GC",
"product_id": "CSAFPID-11024",
"product_identification_helper": {
"model_numbers": [
"2891079"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 4808E-16FX LC-4GC",
"product": {
"name": "FL SWITCH 4808E-16FX LC-4GC",
"product_id": "CSAFPID-11025",
"product_identification_helper": {
"model_numbers": [
"2891073"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 4808E-16FX SM-4GC",
"product": {
"name": "FL SWITCH 4808E-16FX SM-4GC",
"product_id": "CSAFPID-11026",
"product_identification_helper": {
"model_numbers": [
"2891080"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 4808E-16FX SM LC-4GC",
"product": {
"name": "FL SWITCH 4808E-16FX SM LC-4GC",
"product_id": "CSAFPID-11027",
"product_identification_helper": {
"model_numbers": [
"2891074"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 4808E-16FX SM ST-4GC",
"product": {
"name": "FL SWITCH 4808E-16FX SM ST-4GC",
"product_id": "CSAFPID-11028",
"product_identification_helper": {
"model_numbers": [
"2891086"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 4808E-16FX ST-4GC",
"product": {
"name": "FL SWITCH 4808E-16FX ST-4GC",
"product_id": "CSAFPID-11029",
"product_identification_helper": {
"model_numbers": [
"2891085"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 4824E-4GC",
"product": {
"name": "FL SWITCH 4824E-4GC",
"product_id": "CSAFPID-11030",
"product_identification_helper": {
"model_numbers": [
"2891072"
]
}
}
}
],
"category": "product_family",
"name": "Hardware"
}
],
"category": "vendor",
"name": "Phoenix Contact"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030"
],
"summary": "Affected products."
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014",
"CSAFPID-32015",
"CSAFPID-32016",
"CSAFPID-32017",
"CSAFPID-32018",
"CSAFPID-32019",
"CSAFPID-32020",
"CSAFPID-32021",
"CSAFPID-32022",
"CSAFPID-32023",
"CSAFPID-32024",
"CSAFPID-32025",
"CSAFPID-32026",
"CSAFPID-32027",
"CSAFPID-32028",
"CSAFPID-32029",
"CSAFPID-32030"
],
"summary": "Fixed products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.33 installed on FL SWITCH 3004T-FX",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.33 installed on FL SWITCH 3004T-FX ST",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.33 installed on FL SWITCH 3005",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.33 installed on FL SWITCH 3005T",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.33 installed on FL SWITCH 3006T-2FX",
"product_id": "CSAFPID-31005"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.33 installed on FL SWITCH 3006T-2FX SM",
"product_id": "CSAFPID-31006"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.33 installed on FL SWITCH 3006T-2FX ST",
"product_id": "CSAFPID-31007"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.33 installed on FL SWITCH 3008",
"product_id": "CSAFPID-31008"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.33 installed on FL SWITCH 3008T",
"product_id": "CSAFPID-31009"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.33 installed on FL SWITCH 3012E-2FX",
"product_id": "CSAFPID-31010"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.33 installed on FL SWITCH 3012E-2FX SM",
"product_id": "CSAFPID-31011"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.33 installed on FL SWITCH 3012E-2SFX",
"product_id": "CSAFPID-31012"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11012"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.33 installed on FL SWITCH 3016",
"product_id": "CSAFPID-31013"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11013"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.33 installed on FL SWITCH 3016E",
"product_id": "CSAFPID-31014"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11014"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.33 installed on FL SWITCH 3016T",
"product_id": "CSAFPID-31015"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11015"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.33 installed on FL SWITCH 4000T-8POE-2SFP-R",
"product_id": "CSAFPID-31016"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11016"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.33 installed on FL SWITCH 4008T-2GT-3FX SM",
"product_id": "CSAFPID-31017"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11017"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.33 installed on FL SWITCH 4008T-2GT-4FX SM",
"product_id": "CSAFPID-31018"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11018"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.33 installed on FL SWITCH 4008T-2SFP",
"product_id": "CSAFPID-31019"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11019"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.33 installed on FL SWITCH 4012T-2GT-2FX",
"product_id": "CSAFPID-31020"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11020"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.33 installed on FL SWITCH 4012T-2GT-2FX ST",
"product_id": "CSAFPID-31021"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11021"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.33 installed on FL SWITCH 4800E-24FX-4GC",
"product_id": "CSAFPID-31022"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11022"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.33 installed on FL SWITCH 4800E-24FX SM-4GC",
"product_id": "CSAFPID-31023"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11023"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.33 installed on FL SWITCH 4808E-16FX-4GC",
"product_id": "CSAFPID-31024"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11024"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.33 installed on FL SWITCH 4808E-16FX LC-4GC",
"product_id": "CSAFPID-31025"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11025"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.33 installed on FL SWITCH 4808E-16FX SM-4GC",
"product_id": "CSAFPID-31026"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11026"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.33 installed on FL SWITCH 4808E-16FX SM LC-4GC",
"product_id": "CSAFPID-31027"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11027"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.33 installed on FL SWITCH 4808E-16FX SM ST-4GC",
"product_id": "CSAFPID-31028"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11028"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.33 installed on FL SWITCH 4808E-16FX ST-4GC",
"product_id": "CSAFPID-31029"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11029"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.33 installed on FL SWITCH 4824E-4GC",
"product_id": "CSAFPID-31030"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11030"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.33 installed on FL SWITCH 3004T-FX",
"product_id": "CSAFPID-32001"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.33 installed on FL SWITCH 3004T-FX ST",
"product_id": "CSAFPID-32002"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.33 installed on FL SWITCH 3005",
"product_id": "CSAFPID-32003"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.33 installed on FL SWITCH 3005T",
"product_id": "CSAFPID-32004"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.33 installed on FL SWITCH 3006T-2FX",
"product_id": "CSAFPID-32005"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.33 installed on FL SWITCH 3006T-2FX SM",
"product_id": "CSAFPID-32006"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.33 installed on FL SWITCH 3006T-2FX ST",
"product_id": "CSAFPID-32007"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.33 installed on FL SWITCH 3008",
"product_id": "CSAFPID-32008"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.33 installed on FL SWITCH 3008T",
"product_id": "CSAFPID-32009"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.33 installed on FL SWITCH 3012E-2FX",
"product_id": "CSAFPID-32010"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.33 installed on FL SWITCH 3012E-2FX SM",
"product_id": "CSAFPID-32011"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.33 installed on FL SWITCH 3012E-2SFX",
"product_id": "CSAFPID-32012"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11012"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.33 installed on FL SWITCH 3016",
"product_id": "CSAFPID-32013"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11013"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.33 installed on FL SWITCH 3016E",
"product_id": "CSAFPID-32014"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11014"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.33 installed on FL SWITCH 3016T",
"product_id": "CSAFPID-32015"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11015"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.33 installed on FL SWITCH 4000T-8POE-2SFP-R",
"product_id": "CSAFPID-32016"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11016"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.33 installed on FL SWITCH 4008T-2GT-3FX SM",
"product_id": "CSAFPID-32017"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11017"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.33 installed on FL SWITCH 4008T-2GT-4FX SM",
"product_id": "CSAFPID-32018"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11018"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.33 installed on FL SWITCH 4008T-2SFP",
"product_id": "CSAFPID-32019"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11019"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.33 installed on FL SWITCH 4012T-2GT-2FX",
"product_id": "CSAFPID-32020"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11020"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.33 installed on FL SWITCH 4012T-2GT-2FX ST",
"product_id": "CSAFPID-32021"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11021"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.33 installed on FL SWITCH 4800E-24FX-4GC",
"product_id": "CSAFPID-32022"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11022"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.33 installed on FL SWITCH 4800E-24FX SM-4GC",
"product_id": "CSAFPID-32023"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11023"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.33 installed on FL SWITCH 4808E-16FX-4GC",
"product_id": "CSAFPID-32024"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11024"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.33 installed on FL SWITCH 4808E-16FX LC-4GC",
"product_id": "CSAFPID-32025"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11025"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.33 installed on FL SWITCH 4808E-16FX SM-4GC",
"product_id": "CSAFPID-32026"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11026"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.33 installed on FL SWITCH 4808E-16FX SM LC-4GC",
"product_id": "CSAFPID-32027"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11027"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.33 installed on FL SWITCH 4808E-16FX SM ST-4GC",
"product_id": "CSAFPID-32028"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11028"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.33 installed on FL SWITCH 4808E-16FX ST-4GC",
"product_id": "CSAFPID-32029"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11029"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.33 installed on FL SWITCH 4824E-4GC",
"product_id": "CSAFPID-32030"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11030"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-16743",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "An Improper Authorization issue was discovered in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, and 48xxx Series products running firmware Version 1.0 to 1.32. A remote unauthenticated attacker may be able to craft special HTTP requests allowing an attacker to bypass web-service authentication allowing the attacker to obtain administrative privileges on the device.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014",
"CSAFPID-32015",
"CSAFPID-32016",
"CSAFPID-32017",
"CSAFPID-32018",
"CSAFPID-32019",
"CSAFPID-32020",
"CSAFPID-32021",
"CSAFPID-32022",
"CSAFPID-32023",
"CSAFPID-32024",
"CSAFPID-32025",
"CSAFPID-32026",
"CSAFPID-32027",
"CSAFPID-32028",
"CSAFPID-32029",
"CSAFPID-32030"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Customers using PHOENIX CONTACT FL SWITCH 3xxx series, FL SWITCH 4xxx series, and FL SWITCH 48xx series devices with firmware versions up to 1.32 are recommended to update to firmware version 1.33 or higher, which fixes these vulnerabilities. The updated firmware may be downloaded from the following managed switch product pages on the vendor\u0027s website:\n\n| Article No. | Model | Updated Firmware |\n|-------------|-----------------------------|-----------------------------------------------------------------------------------------------------|\n| 2891030 | FL SWITCH 3005 | [Firmware Update](http://www.phoenixcontact.net/qr/2891030/firmware_update) |\n| 2891032 | FL SWITCH 3005T | [Firmware Update](http://www.phoenixcontact.net/qr/2891032/firmware_update) |\n| 2891033 | FL SWITCH 3004T-FX | [Firmware Update](http://www.phoenixcontact.net/qr/2891033/firmware_update) |\n| 2891034 | FL SWITCH 3004T-FX ST | [Firmware Update](http://www.phoenixcontact.net/qr/2891034/firmware_update) |\n| 2891031 | FL SWITCH 3008 | [Firmware Update](http://www.phoenixcontact.net/qr/2891031/firmware_update) |\n| 2891035 | FL SWITCH 3008T | [Firmware Update](http://www.phoenixcontact.net/qr/2891035/firmware_update) |\n| 2891036 | FL SWITCH 3006T-2FX | [Firmware Update](http://www.phoenixcontact.net/qr/2891036/firmware_update) |\n| 2891037 | FL SWITCH 3006T-2FX ST | [Firmware Update](http://www.phoenixcontact.net/qr/2891037/firmware_update) |\n| 2891067 | FL SWITCH 3012E-2SFX | [Firmware Update](http://www.phoenixcontact.net/qr/2891067/firmware_update) |\n| 2891066 | FL SWITCH 3016E | [Firmware Update](http://www.phoenixcontact.net/qr/2891066/firmware_update) |\n| 2891058 | FL SWITCH 3016 | [Firmware Update](http://www.phoenixcontact.net/qr/2891058/firmware_update) |\n| 2891059 | FL SWITCH 3016T | [Firmware Update](http://www.phoenixcontact.net/qr/2891059/firmware_update) |\n| 2891060 | FL SWITCH 3006T-2FX SM | [Firmware Update](http://www.phoenixcontact.net/qr/2891060/firmware_update) |\n| 2891062 | FL SWITCH 4008T-2SFP | [Firmware Update](http://www.phoenixcontact.net/qr/2891062/firmware_update) |\n| 2891061 | FL SWITCH 4008T-2GT-4FX SM | [Firmware Update](http://www.phoenixcontact.net/qr/2891061/firmware_update) |\n| 2891160 | FL SWITCH 4008T-2GT-3FX SM | [Firmware Update](http://www.phoenixcontact.net/qr/2891160/firmware_update) |\n| 2891073 | FL SWITCH 4808E-16FX LC-4GC | [Firmware Update](http://www.phoenixcontact.net/qr/2891073/firmware_update) |\n| 2891080 | FL SWITCH 4808E-16FX SM-4GC | [Firmware Update](http://www.phoenixcontact.net/qr/2891080/firmware_update) |\n| 2891086 | FL SWITCH 4808E-16FX SM ST-4GC | [Firmware Update](http://www.phoenixcontact.net/qr/2891086/firmware_update) |\n| 2891085 | FL SWITCH 4808E-16FX ST-4GC | [Firmware Update](http://www.phoenixcontact.net/qr/2891085/firmware_update) |\n| 2891079 | FL SWITCH 4808E-16FX-4GC | [Firmware Update](http://www.phoenixcontact.net/qr/2891079/firmware_update) |\n| 2891074 | FL SWITCH 4808E-16FX SM LC-4GC | [Firmware Update](http://www.phoenixcontact.net/qr/2891074/firmware_update) |\n| 2891063 | FL SWITCH 4012T 2GT 2FX | [Firmware Update](http://www.phoenixcontact.net/qr/2891063/firmware_update) |\n| 2891161 | FL SWITCH 4012T-2GT-2FX ST | [Firmware Update](http://www.phoenixcontact.net/qr/2891161/firmware_update) |\n| 2891072 | FL SWITCH 4824E-4GC | [Firmware Update](http://www.phoenixcontact.net/qr/2891072/firmware_update) |\n| 2891102 | FL SWITCH 4800E-24FX-4GC | [Firmware Update](http://www.phoenixcontact.net/qr/2891102/firmware_update) |\n| 2891104 | FL SWITCH 4800E-24FX SM-4GC | [Firmware Update](http://www.phoenixcontact.net/qr/2891104/firmware_update) |\n| 2891120 | FL SWITCH 3012E-2FX | [Firmware Update](http://www.phoenixcontact.net/qr/2891120/firmware_update) |\n| 2891119 | FL SWITCH 3012E-2FX SM | [Firmware Update](http://www.phoenixcontact.net/qr/2891119/firmware_update) |\n| 2891162 | FL SWITCH 4000T-8POE-2SFP-R | Please contact your local customer service |",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030"
]
}
],
"title": "CVE-2017-16743"
},
{
"cve": "CVE-2017-16741",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "An Information Exposure issue was discovered in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, and 48xxx Series products running firmware Version 1.0 to 1.32. A remote unauthenticated attacker may be able to use Monitor Mode on the device to read diagnostic information.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014",
"CSAFPID-32015",
"CSAFPID-32016",
"CSAFPID-32017",
"CSAFPID-32018",
"CSAFPID-32019",
"CSAFPID-32020",
"CSAFPID-32021",
"CSAFPID-32022",
"CSAFPID-32023",
"CSAFPID-32024",
"CSAFPID-32025",
"CSAFPID-32026",
"CSAFPID-32027",
"CSAFPID-32028",
"CSAFPID-32029",
"CSAFPID-32030"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Customers using PHOENIX CONTACT FL SWITCH 3xxx series, FL SWITCH 4xxx series, and FL SWITCH 48xx series devices with firmware versions up to 1.32 are recommended to update to firmware version 1.33 or higher, which fixes these vulnerabilities. The updated firmware may be downloaded from the following managed switch product pages on the vendor\u0027s website:\n\n| Article No. | Model | Updated Firmware |\n|-------------|-----------------------------|-----------------------------------------------------------------------------------------------------|\n| 2891030 | FL SWITCH 3005 | [Firmware Update](http://www.phoenixcontact.net/qr/2891030/firmware_update) |\n| 2891032 | FL SWITCH 3005T | [Firmware Update](http://www.phoenixcontact.net/qr/2891032/firmware_update) |\n| 2891033 | FL SWITCH 3004T-FX | [Firmware Update](http://www.phoenixcontact.net/qr/2891033/firmware_update) |\n| 2891034 | FL SWITCH 3004T-FX ST | [Firmware Update](http://www.phoenixcontact.net/qr/2891034/firmware_update) |\n| 2891031 | FL SWITCH 3008 | [Firmware Update](http://www.phoenixcontact.net/qr/2891031/firmware_update) |\n| 2891035 | FL SWITCH 3008T | [Firmware Update](http://www.phoenixcontact.net/qr/2891035/firmware_update) |\n| 2891036 | FL SWITCH 3006T-2FX | [Firmware Update](http://www.phoenixcontact.net/qr/2891036/firmware_update) |\n| 2891037 | FL SWITCH 3006T-2FX ST | [Firmware Update](http://www.phoenixcontact.net/qr/2891037/firmware_update) |\n| 2891067 | FL SWITCH 3012E-2SFX | [Firmware Update](http://www.phoenixcontact.net/qr/2891067/firmware_update) |\n| 2891066 | FL SWITCH 3016E | [Firmware Update](http://www.phoenixcontact.net/qr/2891066/firmware_update) |\n| 2891058 | FL SWITCH 3016 | [Firmware Update](http://www.phoenixcontact.net/qr/2891058/firmware_update) |\n| 2891059 | FL SWITCH 3016T | [Firmware Update](http://www.phoenixcontact.net/qr/2891059/firmware_update) |\n| 2891060 | FL SWITCH 3006T-2FX SM | [Firmware Update](http://www.phoenixcontact.net/qr/2891060/firmware_update) |\n| 2891062 | FL SWITCH 4008T-2SFP | [Firmware Update](http://www.phoenixcontact.net/qr/2891062/firmware_update) |\n| 2891061 | FL SWITCH 4008T-2GT-4FX SM | [Firmware Update](http://www.phoenixcontact.net/qr/2891061/firmware_update) |\n| 2891160 | FL SWITCH 4008T-2GT-3FX SM | [Firmware Update](http://www.phoenixcontact.net/qr/2891160/firmware_update) |\n| 2891073 | FL SWITCH 4808E-16FX LC-4GC | [Firmware Update](http://www.phoenixcontact.net/qr/2891073/firmware_update) |\n| 2891080 | FL SWITCH 4808E-16FX SM-4GC | [Firmware Update](http://www.phoenixcontact.net/qr/2891080/firmware_update) |\n| 2891086 | FL SWITCH 4808E-16FX SM ST-4GC | [Firmware Update](http://www.phoenixcontact.net/qr/2891086/firmware_update) |\n| 2891085 | FL SWITCH 4808E-16FX ST-4GC | [Firmware Update](http://www.phoenixcontact.net/qr/2891085/firmware_update) |\n| 2891079 | FL SWITCH 4808E-16FX-4GC | [Firmware Update](http://www.phoenixcontact.net/qr/2891079/firmware_update) |\n| 2891074 | FL SWITCH 4808E-16FX SM LC-4GC | [Firmware Update](http://www.phoenixcontact.net/qr/2891074/firmware_update) |\n| 2891063 | FL SWITCH 4012T 2GT 2FX | [Firmware Update](http://www.phoenixcontact.net/qr/2891063/firmware_update) |\n| 2891161 | FL SWITCH 4012T-2GT-2FX ST | [Firmware Update](http://www.phoenixcontact.net/qr/2891161/firmware_update) |\n| 2891072 | FL SWITCH 4824E-4GC | [Firmware Update](http://www.phoenixcontact.net/qr/2891072/firmware_update) |\n| 2891102 | FL SWITCH 4800E-24FX-4GC | [Firmware Update](http://www.phoenixcontact.net/qr/2891102/firmware_update) |\n| 2891104 | FL SWITCH 4800E-24FX SM-4GC | [Firmware Update](http://www.phoenixcontact.net/qr/2891104/firmware_update) |\n| 2891120 | FL SWITCH 3012E-2FX | [Firmware Update](http://www.phoenixcontact.net/qr/2891120/firmware_update) |\n| 2891119 | FL SWITCH 3012E-2FX SM | [Firmware Update](http://www.phoenixcontact.net/qr/2891119/firmware_update) |\n| 2891162 | FL SWITCH 4000T-8POE-2SFP-R | Please contact your local customer service |",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030"
]
}
],
"title": "CVE-2017-16741"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…