VDE-2019-001
Vulnerability from csaf_phoenixcontactgmbhcokg - Published: 2019-01-23 12:02 - Updated: 2025-05-14 13:00Summary
PHOENIX CONTACT: Multiple Vulnerabilities in FL SWITCH 3xxx, 4xxx and 48xx
Notes
Summary: Multiple vulnerabilities for FL SWITCH have been identified in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx version 1.0 to 1.34.
Impact: [TODO]
Remediation: ## Remediation for CWE-319 (CVE-2018-13992)
Customers using Phoenix Contact managed FL SWITCH devices are recommended to enable HTTP security.
## Remediation for Multiple CWEs:
(CWE-352 (CVE-2018-13993), CWE-307 (CVE-2018-13990), CWE-400 (CVE-2018-13994), CWE-922 (CVE-2018-13991), CWE-119 (CVE-2017-3735))
Customers using Phoenix Contact managed FL SWITCH devices with affected firmware versions are recommended to update the firmware to version **1.35 or higher**, which fixes these vulnerabilities.
The updated firmware may be downloaded from the managed switch product page on the Phoenix Contact website:
| Article No. | Model | Updated Firmware |
|-------------|--------------------------------|------------------|
| 2891033 | FL SWITCH 3004T-FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-2891033?type=firmware_update) |
| 2891034 | FL SWITCH 3004T-FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-st-2891034?type=firmware_update) |
| 2891030 | FL SWITCH 3005 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005-2891030?type=firmware_update) |
| 2891032 | FL SWITCH 3005T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005t-2891032?type=firmware_update) |
| 2891036 | FL SWITCH 3006T-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-2891036?type=firmware_update) |
| 2891060 | FL SWITCH 3006T-2FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-sm-2891060?type=firmware_update) |
| 2891037 | FL SWITCH 3006T-2FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-st-2891037?type=firmware_update) |
| 2891031 | FL SWITCH 3008 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008-2891031?type=firmware_update) |
| 2891035 | FL SWITCH 3008T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008t-2891035?type=firmware_update) |
| 2891120 | FL SWITCH 3012E-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-2891120?type=firmware_update) |
| 2891119 | FL SWITCH 3012E-2FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-sm-2891119?type=firmware_update) |
| 2891067 | FL SWITCH 3012E-2SFX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2sfx-2891067?type=firmware_update) |
| 2891058 | FL SWITCH 3016 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016-2891058?type=firmware_update) |
| 2891066 | FL SWITCH 3016E | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016e-2891066?type=firmware_update) |
| 2891059 | FL SWITCH 3016T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016t-2891059?type=firmware_update) |
| 1026924 | FL SWITCH 4000T-4POE-1SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-4poe-1sfp-1026924?type=firmware_update) |
| 1026923 | FL SWITCH 4000T-8POE-2SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-8poe-2sfp-1026923?type=firmware_update) |
| 1026922 | FL SWITCH 4004T-8POE-4SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4004t-8poe-4sfp-1026922?type=firmware_update) |
| 2891160 | FL SWITCH 4008T-2GT-3FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-3fx-sm-2891160?type=firmware_update) |
| 2891061 | FL SWITCH 4008T-2GT-4FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-4fx-sm-2891061?type=firmware_update) |
| 2891062 | FL SWITCH 4008T-2SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2sfp-2891062?type=firmware_update) |
| 2891063 | FL SWITCH 4012T-2GT-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-2891063?type=firmware_update) |
| 2891161 | FL SWITCH 4012T-2GT-2FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-st-2891161?type=firmware_update) |
| 2891104 | FL SWITCH 4800E-24FX SM-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-sm-4gc-2891104?type=firmware_update) |
| 2891102 | FL SWITCH 4800E-24FX-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-4gc-2891102?type=firmware_update) |
| 2891073 | FL SWITCH 4808E-16FX LC-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-lc-4gc-2891073?type=firmware_update) |
| 2891074 | FL SWITCH 4808E-16FX SM LC-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-lc-4gc-2891074?type=firmware_update) |
| 2891086 | FL SWITCH 4808E-16FX SM ST-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-st-4gc-2891086?type=firmware_update) |
The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is vulnerable to a denial-of-service attack by making more than 120 connections.
7.5 (High)
Vendor Fix
## Remediation for CWE-319 (CVE-2018-13992)
Customers using Phoenix Contact managed FL SWITCH devices are recommended to enable HTTP security.
## Remediation for Multiple CWEs:
(CWE-352 (CVE-2018-13993), CWE-307 (CVE-2018-13990), CWE-400 (CVE-2018-13994), CWE-922 (CVE-2018-13991), CWE-119 (CVE-2017-3735))
Customers using Phoenix Contact managed FL SWITCH devices with affected firmware versions are recommended to update the firmware to version **1.35 or higher**, which fixes these vulnerabilities.
The updated firmware may be downloaded from the managed switch product page on the Phoenix Contact website:
| Article No. | Model | Updated Firmware |
|-------------|--------------------------------|------------------|
| 2891033 | FL SWITCH 3004T-FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-2891033?type=firmware_update) |
| 2891034 | FL SWITCH 3004T-FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-st-2891034?type=firmware_update) |
| 2891030 | FL SWITCH 3005 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005-2891030?type=firmware_update) |
| 2891032 | FL SWITCH 3005T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005t-2891032?type=firmware_update) |
| 2891036 | FL SWITCH 3006T-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-2891036?type=firmware_update) |
| 2891060 | FL SWITCH 3006T-2FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-sm-2891060?type=firmware_update) |
| 2891037 | FL SWITCH 3006T-2FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-st-2891037?type=firmware_update) |
| 2891031 | FL SWITCH 3008 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008-2891031?type=firmware_update) |
| 2891035 | FL SWITCH 3008T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008t-2891035?type=firmware_update) |
| 2891120 | FL SWITCH 3012E-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-2891120?type=firmware_update) |
| 2891119 | FL SWITCH 3012E-2FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-sm-2891119?type=firmware_update) |
| 2891067 | FL SWITCH 3012E-2SFX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2sfx-2891067?type=firmware_update) |
| 2891058 | FL SWITCH 3016 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016-2891058?type=firmware_update) |
| 2891066 | FL SWITCH 3016E | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016e-2891066?type=firmware_update) |
| 2891059 | FL SWITCH 3016T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016t-2891059?type=firmware_update) |
| 1026924 | FL SWITCH 4000T-4POE-1SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-4poe-1sfp-1026924?type=firmware_update) |
| 1026923 | FL SWITCH 4000T-8POE-2SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-8poe-2sfp-1026923?type=firmware_update) |
| 1026922 | FL SWITCH 4004T-8POE-4SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4004t-8poe-4sfp-1026922?type=firmware_update) |
| 2891160 | FL SWITCH 4008T-2GT-3FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-3fx-sm-2891160?type=firmware_update) |
| 2891061 | FL SWITCH 4008T-2GT-4FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-4fx-sm-2891061?type=firmware_update) |
| 2891062 | FL SWITCH 4008T-2SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2sfp-2891062?type=firmware_update) |
| 2891063 | FL SWITCH 4012T-2GT-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-2891063?type=firmware_update) |
| 2891161 | FL SWITCH 4012T-2GT-2FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-st-2891161?type=firmware_update) |
| 2891104 | FL SWITCH 4800E-24FX SM-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-sm-4gc-2891104?type=firmware_update) |
| 2891102 | FL SWITCH 4800E-24FX-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-4gc-2891102?type=firmware_update) |
| 2891073 | FL SWITCH 4808E-16FX LC-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-lc-4gc-2891073?type=firmware_update) |
| 2891074 | FL SWITCH 4808E-16FX SM LC-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-lc-4gc-2891074?type=firmware_update) |
| 2891086 | FL SWITCH 4808E-16FX SM ST-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-st-4gc-2891086?type=firmware_update) |
Affected products
Fixed
32 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — | ||
| Unresolved product id: CSAFPID-32011 | — | ||
| Unresolved product id: CSAFPID-32012 | — | ||
| Unresolved product id: CSAFPID-32013 | — | ||
| Unresolved product id: CSAFPID-32014 | — | ||
| Unresolved product id: CSAFPID-32015 | — | ||
| Unresolved product id: CSAFPID-32016 | — | ||
| Unresolved product id: CSAFPID-32017 | — | ||
| Unresolved product id: CSAFPID-32018 | — | ||
| Unresolved product id: CSAFPID-32019 | — | ||
| Unresolved product id: CSAFPID-32020 | — | ||
| Unresolved product id: CSAFPID-32021 | — | ||
| Unresolved product id: CSAFPID-32022 | — | ||
| Unresolved product id: CSAFPID-32023 | — | ||
| Unresolved product id: CSAFPID-32024 | — | ||
| Unresolved product id: CSAFPID-32025 | — | ||
| Unresolved product id: CSAFPID-32026 | — | ||
| Unresolved product id: CSAFPID-32027 | — | ||
| Unresolved product id: CSAFPID-32028 | — | ||
| Unresolved product id: CSAFPID-32029 | — | ||
| Unresolved product id: CSAFPID-32030 | — | ||
| Unresolved product id: CSAFPID-32031 | — | ||
| Unresolved product id: CSAFPID-32032 | — |
Known affected
32 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — | ||
| Unresolved product id: CSAFPID-31011 | — | ||
| Unresolved product id: CSAFPID-31012 | — | ||
| Unresolved product id: CSAFPID-31013 | — | ||
| Unresolved product id: CSAFPID-31014 | — | ||
| Unresolved product id: CSAFPID-31015 | — | ||
| Unresolved product id: CSAFPID-31016 | — | ||
| Unresolved product id: CSAFPID-31017 | — | ||
| Unresolved product id: CSAFPID-31018 | — | ||
| Unresolved product id: CSAFPID-31019 | — | ||
| Unresolved product id: CSAFPID-31020 | — | ||
| Unresolved product id: CSAFPID-31021 | — | ||
| Unresolved product id: CSAFPID-31022 | — | ||
| Unresolved product id: CSAFPID-31023 | — | ||
| Unresolved product id: CSAFPID-31024 | — | ||
| Unresolved product id: CSAFPID-31025 | — | ||
| Unresolved product id: CSAFPID-31026 | — | ||
| Unresolved product id: CSAFPID-31027 | — | ||
| Unresolved product id: CSAFPID-31028 | — | ||
| Unresolved product id: CSAFPID-31029 | — | ||
| Unresolved product id: CSAFPID-31030 | — | ||
| Unresolved product id: CSAFPID-31031 | — | ||
| Unresolved product id: CSAFPID-31032 | — |
Known not affected
32 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32033 | — | ||
| Unresolved product id: CSAFPID-32034 | — | ||
| Unresolved product id: CSAFPID-32035 | — | ||
| Unresolved product id: CSAFPID-32036 | — | ||
| Unresolved product id: CSAFPID-32037 | — | ||
| Unresolved product id: CSAFPID-32038 | — | ||
| Unresolved product id: CSAFPID-32039 | — | ||
| Unresolved product id: CSAFPID-32040 | — | ||
| Unresolved product id: CSAFPID-32041 | — | ||
| Unresolved product id: CSAFPID-32042 | — | ||
| Unresolved product id: CSAFPID-32043 | — | ||
| Unresolved product id: CSAFPID-32044 | — | ||
| Unresolved product id: CSAFPID-32045 | — | ||
| Unresolved product id: CSAFPID-32046 | — | ||
| Unresolved product id: CSAFPID-32047 | — | ||
| Unresolved product id: CSAFPID-32048 | — | ||
| Unresolved product id: CSAFPID-32049 | — | ||
| Unresolved product id: CSAFPID-32050 | — | ||
| Unresolved product id: CSAFPID-32051 | — | ||
| Unresolved product id: CSAFPID-32052 | — | ||
| Unresolved product id: CSAFPID-32053 | — | ||
| Unresolved product id: CSAFPID-32054 | — | ||
| Unresolved product id: CSAFPID-32055 | — | ||
| Unresolved product id: CSAFPID-32056 | — | ||
| Unresolved product id: CSAFPID-32057 | — | ||
| Unresolved product id: CSAFPID-32058 | — | ||
| Unresolved product id: CSAFPID-32059 | — | ||
| Unresolved product id: CSAFPID-32060 | — | ||
| Unresolved product id: CSAFPID-32061 | — | ||
| Unresolved product id: CSAFPID-32062 | — | ||
| Unresolved product id: CSAFPID-32063 | — | ||
| Unresolved product id: CSAFPID-32064 | — |
The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 leaks private information in firmware images.
5.3 (Medium)
Vendor Fix
## Remediation for CWE-319 (CVE-2018-13992)
Customers using Phoenix Contact managed FL SWITCH devices are recommended to enable HTTP security.
## Remediation for Multiple CWEs:
(CWE-352 (CVE-2018-13993), CWE-307 (CVE-2018-13990), CWE-400 (CVE-2018-13994), CWE-922 (CVE-2018-13991), CWE-119 (CVE-2017-3735))
Customers using Phoenix Contact managed FL SWITCH devices with affected firmware versions are recommended to update the firmware to version **1.35 or higher**, which fixes these vulnerabilities.
The updated firmware may be downloaded from the managed switch product page on the Phoenix Contact website:
| Article No. | Model | Updated Firmware |
|-------------|--------------------------------|------------------|
| 2891033 | FL SWITCH 3004T-FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-2891033?type=firmware_update) |
| 2891034 | FL SWITCH 3004T-FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-st-2891034?type=firmware_update) |
| 2891030 | FL SWITCH 3005 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005-2891030?type=firmware_update) |
| 2891032 | FL SWITCH 3005T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005t-2891032?type=firmware_update) |
| 2891036 | FL SWITCH 3006T-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-2891036?type=firmware_update) |
| 2891060 | FL SWITCH 3006T-2FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-sm-2891060?type=firmware_update) |
| 2891037 | FL SWITCH 3006T-2FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-st-2891037?type=firmware_update) |
| 2891031 | FL SWITCH 3008 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008-2891031?type=firmware_update) |
| 2891035 | FL SWITCH 3008T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008t-2891035?type=firmware_update) |
| 2891120 | FL SWITCH 3012E-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-2891120?type=firmware_update) |
| 2891119 | FL SWITCH 3012E-2FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-sm-2891119?type=firmware_update) |
| 2891067 | FL SWITCH 3012E-2SFX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2sfx-2891067?type=firmware_update) |
| 2891058 | FL SWITCH 3016 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016-2891058?type=firmware_update) |
| 2891066 | FL SWITCH 3016E | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016e-2891066?type=firmware_update) |
| 2891059 | FL SWITCH 3016T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016t-2891059?type=firmware_update) |
| 1026924 | FL SWITCH 4000T-4POE-1SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-4poe-1sfp-1026924?type=firmware_update) |
| 1026923 | FL SWITCH 4000T-8POE-2SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-8poe-2sfp-1026923?type=firmware_update) |
| 1026922 | FL SWITCH 4004T-8POE-4SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4004t-8poe-4sfp-1026922?type=firmware_update) |
| 2891160 | FL SWITCH 4008T-2GT-3FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-3fx-sm-2891160?type=firmware_update) |
| 2891061 | FL SWITCH 4008T-2GT-4FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-4fx-sm-2891061?type=firmware_update) |
| 2891062 | FL SWITCH 4008T-2SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2sfp-2891062?type=firmware_update) |
| 2891063 | FL SWITCH 4012T-2GT-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-2891063?type=firmware_update) |
| 2891161 | FL SWITCH 4012T-2GT-2FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-st-2891161?type=firmware_update) |
| 2891104 | FL SWITCH 4800E-24FX SM-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-sm-4gc-2891104?type=firmware_update) |
| 2891102 | FL SWITCH 4800E-24FX-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-4gc-2891102?type=firmware_update) |
| 2891073 | FL SWITCH 4808E-16FX LC-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-lc-4gc-2891073?type=firmware_update) |
| 2891074 | FL SWITCH 4808E-16FX SM LC-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-lc-4gc-2891074?type=firmware_update) |
| 2891086 | FL SWITCH 4808E-16FX SM ST-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-st-4gc-2891086?type=firmware_update) |
Affected products
Fixed
32 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — | ||
| Unresolved product id: CSAFPID-32011 | — | ||
| Unresolved product id: CSAFPID-32012 | — | ||
| Unresolved product id: CSAFPID-32013 | — | ||
| Unresolved product id: CSAFPID-32014 | — | ||
| Unresolved product id: CSAFPID-32015 | — | ||
| Unresolved product id: CSAFPID-32016 | — | ||
| Unresolved product id: CSAFPID-32017 | — | ||
| Unresolved product id: CSAFPID-32018 | — | ||
| Unresolved product id: CSAFPID-32019 | — | ||
| Unresolved product id: CSAFPID-32020 | — | ||
| Unresolved product id: CSAFPID-32021 | — | ||
| Unresolved product id: CSAFPID-32022 | — | ||
| Unresolved product id: CSAFPID-32023 | — | ||
| Unresolved product id: CSAFPID-32024 | — | ||
| Unresolved product id: CSAFPID-32025 | — | ||
| Unresolved product id: CSAFPID-32026 | — | ||
| Unresolved product id: CSAFPID-32027 | — | ||
| Unresolved product id: CSAFPID-32028 | — | ||
| Unresolved product id: CSAFPID-32029 | — | ||
| Unresolved product id: CSAFPID-32030 | — | ||
| Unresolved product id: CSAFPID-32031 | — | ||
| Unresolved product id: CSAFPID-32032 | — |
Known affected
32 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — | ||
| Unresolved product id: CSAFPID-31011 | — | ||
| Unresolved product id: CSAFPID-31012 | — | ||
| Unresolved product id: CSAFPID-31013 | — | ||
| Unresolved product id: CSAFPID-31014 | — | ||
| Unresolved product id: CSAFPID-31015 | — | ||
| Unresolved product id: CSAFPID-31016 | — | ||
| Unresolved product id: CSAFPID-31017 | — | ||
| Unresolved product id: CSAFPID-31018 | — | ||
| Unresolved product id: CSAFPID-31019 | — | ||
| Unresolved product id: CSAFPID-31020 | — | ||
| Unresolved product id: CSAFPID-31021 | — | ||
| Unresolved product id: CSAFPID-31022 | — | ||
| Unresolved product id: CSAFPID-31023 | — | ||
| Unresolved product id: CSAFPID-31024 | — | ||
| Unresolved product id: CSAFPID-31025 | — | ||
| Unresolved product id: CSAFPID-31026 | — | ||
| Unresolved product id: CSAFPID-31027 | — | ||
| Unresolved product id: CSAFPID-31028 | — | ||
| Unresolved product id: CSAFPID-31029 | — | ||
| Unresolved product id: CSAFPID-31030 | — | ||
| Unresolved product id: CSAFPID-31031 | — | ||
| Unresolved product id: CSAFPID-31032 | — |
Known not affected
32 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32033 | — | ||
| Unresolved product id: CSAFPID-32034 | — | ||
| Unresolved product id: CSAFPID-32035 | — | ||
| Unresolved product id: CSAFPID-32036 | — | ||
| Unresolved product id: CSAFPID-32037 | — | ||
| Unresolved product id: CSAFPID-32038 | — | ||
| Unresolved product id: CSAFPID-32039 | — | ||
| Unresolved product id: CSAFPID-32040 | — | ||
| Unresolved product id: CSAFPID-32041 | — | ||
| Unresolved product id: CSAFPID-32042 | — | ||
| Unresolved product id: CSAFPID-32043 | — | ||
| Unresolved product id: CSAFPID-32044 | — | ||
| Unresolved product id: CSAFPID-32045 | — | ||
| Unresolved product id: CSAFPID-32046 | — | ||
| Unresolved product id: CSAFPID-32047 | — | ||
| Unresolved product id: CSAFPID-32048 | — | ||
| Unresolved product id: CSAFPID-32049 | — | ||
| Unresolved product id: CSAFPID-32050 | — | ||
| Unresolved product id: CSAFPID-32051 | — | ||
| Unresolved product id: CSAFPID-32052 | — | ||
| Unresolved product id: CSAFPID-32053 | — | ||
| Unresolved product id: CSAFPID-32054 | — | ||
| Unresolved product id: CSAFPID-32055 | — | ||
| Unresolved product id: CSAFPID-32056 | — | ||
| Unresolved product id: CSAFPID-32057 | — | ||
| Unresolved product id: CSAFPID-32058 | — | ||
| Unresolved product id: CSAFPID-32059 | — | ||
| Unresolved product id: CSAFPID-32060 | — | ||
| Unresolved product id: CSAFPID-32061 | — | ||
| Unresolved product id: CSAFPID-32062 | — | ||
| Unresolved product id: CSAFPID-32063 | — | ||
| Unresolved product id: CSAFPID-32064 | — |
While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.
5.3 (Medium)
Vendor Fix
## Remediation for CWE-319 (CVE-2018-13992)
Customers using Phoenix Contact managed FL SWITCH devices are recommended to enable HTTP security.
## Remediation for Multiple CWEs:
(CWE-352 (CVE-2018-13993), CWE-307 (CVE-2018-13990), CWE-400 (CVE-2018-13994), CWE-922 (CVE-2018-13991), CWE-119 (CVE-2017-3735))
Customers using Phoenix Contact managed FL SWITCH devices with affected firmware versions are recommended to update the firmware to version **1.35 or higher**, which fixes these vulnerabilities.
The updated firmware may be downloaded from the managed switch product page on the Phoenix Contact website:
| Article No. | Model | Updated Firmware |
|-------------|--------------------------------|------------------|
| 2891033 | FL SWITCH 3004T-FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-2891033?type=firmware_update) |
| 2891034 | FL SWITCH 3004T-FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-st-2891034?type=firmware_update) |
| 2891030 | FL SWITCH 3005 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005-2891030?type=firmware_update) |
| 2891032 | FL SWITCH 3005T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005t-2891032?type=firmware_update) |
| 2891036 | FL SWITCH 3006T-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-2891036?type=firmware_update) |
| 2891060 | FL SWITCH 3006T-2FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-sm-2891060?type=firmware_update) |
| 2891037 | FL SWITCH 3006T-2FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-st-2891037?type=firmware_update) |
| 2891031 | FL SWITCH 3008 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008-2891031?type=firmware_update) |
| 2891035 | FL SWITCH 3008T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008t-2891035?type=firmware_update) |
| 2891120 | FL SWITCH 3012E-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-2891120?type=firmware_update) |
| 2891119 | FL SWITCH 3012E-2FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-sm-2891119?type=firmware_update) |
| 2891067 | FL SWITCH 3012E-2SFX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2sfx-2891067?type=firmware_update) |
| 2891058 | FL SWITCH 3016 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016-2891058?type=firmware_update) |
| 2891066 | FL SWITCH 3016E | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016e-2891066?type=firmware_update) |
| 2891059 | FL SWITCH 3016T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016t-2891059?type=firmware_update) |
| 1026924 | FL SWITCH 4000T-4POE-1SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-4poe-1sfp-1026924?type=firmware_update) |
| 1026923 | FL SWITCH 4000T-8POE-2SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-8poe-2sfp-1026923?type=firmware_update) |
| 1026922 | FL SWITCH 4004T-8POE-4SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4004t-8poe-4sfp-1026922?type=firmware_update) |
| 2891160 | FL SWITCH 4008T-2GT-3FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-3fx-sm-2891160?type=firmware_update) |
| 2891061 | FL SWITCH 4008T-2GT-4FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-4fx-sm-2891061?type=firmware_update) |
| 2891062 | FL SWITCH 4008T-2SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2sfp-2891062?type=firmware_update) |
| 2891063 | FL SWITCH 4012T-2GT-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-2891063?type=firmware_update) |
| 2891161 | FL SWITCH 4012T-2GT-2FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-st-2891161?type=firmware_update) |
| 2891104 | FL SWITCH 4800E-24FX SM-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-sm-4gc-2891104?type=firmware_update) |
| 2891102 | FL SWITCH 4800E-24FX-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-4gc-2891102?type=firmware_update) |
| 2891073 | FL SWITCH 4808E-16FX LC-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-lc-4gc-2891073?type=firmware_update) |
| 2891074 | FL SWITCH 4808E-16FX SM LC-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-lc-4gc-2891074?type=firmware_update) |
| 2891086 | FL SWITCH 4808E-16FX SM ST-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-st-4gc-2891086?type=firmware_update) |
Affected products
Fixed
32 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — | ||
| Unresolved product id: CSAFPID-32011 | — | ||
| Unresolved product id: CSAFPID-32012 | — | ||
| Unresolved product id: CSAFPID-32013 | — | ||
| Unresolved product id: CSAFPID-32014 | — | ||
| Unresolved product id: CSAFPID-32015 | — | ||
| Unresolved product id: CSAFPID-32016 | — | ||
| Unresolved product id: CSAFPID-32017 | — | ||
| Unresolved product id: CSAFPID-32018 | — | ||
| Unresolved product id: CSAFPID-32019 | — | ||
| Unresolved product id: CSAFPID-32020 | — | ||
| Unresolved product id: CSAFPID-32021 | — | ||
| Unresolved product id: CSAFPID-32022 | — | ||
| Unresolved product id: CSAFPID-32023 | — | ||
| Unresolved product id: CSAFPID-32024 | — | ||
| Unresolved product id: CSAFPID-32025 | — | ||
| Unresolved product id: CSAFPID-32026 | — | ||
| Unresolved product id: CSAFPID-32027 | — | ||
| Unresolved product id: CSAFPID-32028 | — | ||
| Unresolved product id: CSAFPID-32029 | — | ||
| Unresolved product id: CSAFPID-32030 | — | ||
| Unresolved product id: CSAFPID-32031 | — | ||
| Unresolved product id: CSAFPID-32032 | — |
Known affected
32 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — | ||
| Unresolved product id: CSAFPID-31011 | — | ||
| Unresolved product id: CSAFPID-31012 | — | ||
| Unresolved product id: CSAFPID-31013 | — | ||
| Unresolved product id: CSAFPID-31014 | — | ||
| Unresolved product id: CSAFPID-31015 | — | ||
| Unresolved product id: CSAFPID-31016 | — | ||
| Unresolved product id: CSAFPID-31017 | — | ||
| Unresolved product id: CSAFPID-31018 | — | ||
| Unresolved product id: CSAFPID-31019 | — | ||
| Unresolved product id: CSAFPID-31020 | — | ||
| Unresolved product id: CSAFPID-31021 | — | ||
| Unresolved product id: CSAFPID-31022 | — | ||
| Unresolved product id: CSAFPID-31023 | — | ||
| Unresolved product id: CSAFPID-31024 | — | ||
| Unresolved product id: CSAFPID-31025 | — | ||
| Unresolved product id: CSAFPID-31026 | — | ||
| Unresolved product id: CSAFPID-31027 | — | ||
| Unresolved product id: CSAFPID-31028 | — | ||
| Unresolved product id: CSAFPID-31029 | — | ||
| Unresolved product id: CSAFPID-31030 | — | ||
| Unresolved product id: CSAFPID-31031 | — | ||
| Unresolved product id: CSAFPID-31032 | — |
Known not affected
32 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32033 | — | ||
| Unresolved product id: CSAFPID-32034 | — | ||
| Unresolved product id: CSAFPID-32035 | — | ||
| Unresolved product id: CSAFPID-32036 | — | ||
| Unresolved product id: CSAFPID-32037 | — | ||
| Unresolved product id: CSAFPID-32038 | — | ||
| Unresolved product id: CSAFPID-32039 | — | ||
| Unresolved product id: CSAFPID-32040 | — | ||
| Unresolved product id: CSAFPID-32041 | — | ||
| Unresolved product id: CSAFPID-32042 | — | ||
| Unresolved product id: CSAFPID-32043 | — | ||
| Unresolved product id: CSAFPID-32044 | — | ||
| Unresolved product id: CSAFPID-32045 | — | ||
| Unresolved product id: CSAFPID-32046 | — | ||
| Unresolved product id: CSAFPID-32047 | — | ||
| Unresolved product id: CSAFPID-32048 | — | ||
| Unresolved product id: CSAFPID-32049 | — | ||
| Unresolved product id: CSAFPID-32050 | — | ||
| Unresolved product id: CSAFPID-32051 | — | ||
| Unresolved product id: CSAFPID-32052 | — | ||
| Unresolved product id: CSAFPID-32053 | — | ||
| Unresolved product id: CSAFPID-32054 | — | ||
| Unresolved product id: CSAFPID-32055 | — | ||
| Unresolved product id: CSAFPID-32056 | — | ||
| Unresolved product id: CSAFPID-32057 | — | ||
| Unresolved product id: CSAFPID-32058 | — | ||
| Unresolved product id: CSAFPID-32059 | — | ||
| Unresolved product id: CSAFPID-32060 | — | ||
| Unresolved product id: CSAFPID-32061 | — | ||
| Unresolved product id: CSAFPID-32062 | — | ||
| Unresolved product id: CSAFPID-32063 | — | ||
| Unresolved product id: CSAFPID-32064 | — |
The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is prone to CSRF.
8.8 (High)
Vendor Fix
## Remediation for CWE-319 (CVE-2018-13992)
Customers using Phoenix Contact managed FL SWITCH devices are recommended to enable HTTP security.
## Remediation for Multiple CWEs:
(CWE-352 (CVE-2018-13993), CWE-307 (CVE-2018-13990), CWE-400 (CVE-2018-13994), CWE-922 (CVE-2018-13991), CWE-119 (CVE-2017-3735))
Customers using Phoenix Contact managed FL SWITCH devices with affected firmware versions are recommended to update the firmware to version **1.35 or higher**, which fixes these vulnerabilities.
The updated firmware may be downloaded from the managed switch product page on the Phoenix Contact website:
| Article No. | Model | Updated Firmware |
|-------------|--------------------------------|------------------|
| 2891033 | FL SWITCH 3004T-FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-2891033?type=firmware_update) |
| 2891034 | FL SWITCH 3004T-FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-st-2891034?type=firmware_update) |
| 2891030 | FL SWITCH 3005 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005-2891030?type=firmware_update) |
| 2891032 | FL SWITCH 3005T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005t-2891032?type=firmware_update) |
| 2891036 | FL SWITCH 3006T-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-2891036?type=firmware_update) |
| 2891060 | FL SWITCH 3006T-2FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-sm-2891060?type=firmware_update) |
| 2891037 | FL SWITCH 3006T-2FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-st-2891037?type=firmware_update) |
| 2891031 | FL SWITCH 3008 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008-2891031?type=firmware_update) |
| 2891035 | FL SWITCH 3008T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008t-2891035?type=firmware_update) |
| 2891120 | FL SWITCH 3012E-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-2891120?type=firmware_update) |
| 2891119 | FL SWITCH 3012E-2FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-sm-2891119?type=firmware_update) |
| 2891067 | FL SWITCH 3012E-2SFX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2sfx-2891067?type=firmware_update) |
| 2891058 | FL SWITCH 3016 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016-2891058?type=firmware_update) |
| 2891066 | FL SWITCH 3016E | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016e-2891066?type=firmware_update) |
| 2891059 | FL SWITCH 3016T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016t-2891059?type=firmware_update) |
| 1026924 | FL SWITCH 4000T-4POE-1SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-4poe-1sfp-1026924?type=firmware_update) |
| 1026923 | FL SWITCH 4000T-8POE-2SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-8poe-2sfp-1026923?type=firmware_update) |
| 1026922 | FL SWITCH 4004T-8POE-4SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4004t-8poe-4sfp-1026922?type=firmware_update) |
| 2891160 | FL SWITCH 4008T-2GT-3FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-3fx-sm-2891160?type=firmware_update) |
| 2891061 | FL SWITCH 4008T-2GT-4FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-4fx-sm-2891061?type=firmware_update) |
| 2891062 | FL SWITCH 4008T-2SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2sfp-2891062?type=firmware_update) |
| 2891063 | FL SWITCH 4012T-2GT-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-2891063?type=firmware_update) |
| 2891161 | FL SWITCH 4012T-2GT-2FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-st-2891161?type=firmware_update) |
| 2891104 | FL SWITCH 4800E-24FX SM-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-sm-4gc-2891104?type=firmware_update) |
| 2891102 | FL SWITCH 4800E-24FX-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-4gc-2891102?type=firmware_update) |
| 2891073 | FL SWITCH 4808E-16FX LC-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-lc-4gc-2891073?type=firmware_update) |
| 2891074 | FL SWITCH 4808E-16FX SM LC-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-lc-4gc-2891074?type=firmware_update) |
| 2891086 | FL SWITCH 4808E-16FX SM ST-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-st-4gc-2891086?type=firmware_update) |
Affected products
Fixed
32 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — | ||
| Unresolved product id: CSAFPID-32011 | — | ||
| Unresolved product id: CSAFPID-32012 | — | ||
| Unresolved product id: CSAFPID-32013 | — | ||
| Unresolved product id: CSAFPID-32014 | — | ||
| Unresolved product id: CSAFPID-32015 | — | ||
| Unresolved product id: CSAFPID-32016 | — | ||
| Unresolved product id: CSAFPID-32017 | — | ||
| Unresolved product id: CSAFPID-32018 | — | ||
| Unresolved product id: CSAFPID-32019 | — | ||
| Unresolved product id: CSAFPID-32020 | — | ||
| Unresolved product id: CSAFPID-32021 | — | ||
| Unresolved product id: CSAFPID-32022 | — | ||
| Unresolved product id: CSAFPID-32023 | — | ||
| Unresolved product id: CSAFPID-32024 | — | ||
| Unresolved product id: CSAFPID-32025 | — | ||
| Unresolved product id: CSAFPID-32026 | — | ||
| Unresolved product id: CSAFPID-32027 | — | ||
| Unresolved product id: CSAFPID-32028 | — | ||
| Unresolved product id: CSAFPID-32029 | — | ||
| Unresolved product id: CSAFPID-32030 | — | ||
| Unresolved product id: CSAFPID-32031 | — | ||
| Unresolved product id: CSAFPID-32032 | — |
Known affected
32 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — | ||
| Unresolved product id: CSAFPID-31011 | — | ||
| Unresolved product id: CSAFPID-31012 | — | ||
| Unresolved product id: CSAFPID-31013 | — | ||
| Unresolved product id: CSAFPID-31014 | — | ||
| Unresolved product id: CSAFPID-31015 | — | ||
| Unresolved product id: CSAFPID-31016 | — | ||
| Unresolved product id: CSAFPID-31017 | — | ||
| Unresolved product id: CSAFPID-31018 | — | ||
| Unresolved product id: CSAFPID-31019 | — | ||
| Unresolved product id: CSAFPID-31020 | — | ||
| Unresolved product id: CSAFPID-31021 | — | ||
| Unresolved product id: CSAFPID-31022 | — | ||
| Unresolved product id: CSAFPID-31023 | — | ||
| Unresolved product id: CSAFPID-31024 | — | ||
| Unresolved product id: CSAFPID-31025 | — | ||
| Unresolved product id: CSAFPID-31026 | — | ||
| Unresolved product id: CSAFPID-31027 | — | ||
| Unresolved product id: CSAFPID-31028 | — | ||
| Unresolved product id: CSAFPID-31029 | — | ||
| Unresolved product id: CSAFPID-31030 | — | ||
| Unresolved product id: CSAFPID-31031 | — | ||
| Unresolved product id: CSAFPID-31032 | — |
Known not affected
32 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32033 | — | ||
| Unresolved product id: CSAFPID-32034 | — | ||
| Unresolved product id: CSAFPID-32035 | — | ||
| Unresolved product id: CSAFPID-32036 | — | ||
| Unresolved product id: CSAFPID-32037 | — | ||
| Unresolved product id: CSAFPID-32038 | — | ||
| Unresolved product id: CSAFPID-32039 | — | ||
| Unresolved product id: CSAFPID-32040 | — | ||
| Unresolved product id: CSAFPID-32041 | — | ||
| Unresolved product id: CSAFPID-32042 | — | ||
| Unresolved product id: CSAFPID-32043 | — | ||
| Unresolved product id: CSAFPID-32044 | — | ||
| Unresolved product id: CSAFPID-32045 | — | ||
| Unresolved product id: CSAFPID-32046 | — | ||
| Unresolved product id: CSAFPID-32047 | — | ||
| Unresolved product id: CSAFPID-32048 | — | ||
| Unresolved product id: CSAFPID-32049 | — | ||
| Unresolved product id: CSAFPID-32050 | — | ||
| Unresolved product id: CSAFPID-32051 | — | ||
| Unresolved product id: CSAFPID-32052 | — | ||
| Unresolved product id: CSAFPID-32053 | — | ||
| Unresolved product id: CSAFPID-32054 | — | ||
| Unresolved product id: CSAFPID-32055 | — | ||
| Unresolved product id: CSAFPID-32056 | — | ||
| Unresolved product id: CSAFPID-32057 | — | ||
| Unresolved product id: CSAFPID-32058 | — | ||
| Unresolved product id: CSAFPID-32059 | — | ||
| Unresolved product id: CSAFPID-32060 | — | ||
| Unresolved product id: CSAFPID-32061 | — | ||
| Unresolved product id: CSAFPID-32062 | — | ||
| Unresolved product id: CSAFPID-32063 | — | ||
| Unresolved product id: CSAFPID-32064 | — |
The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions prior to 1.35 is vulnerable to brute-force attacks, because of Improper Restriction of Excessive Authentication Attempts.
9.8 (Critical)
Vendor Fix
## Remediation for CWE-319 (CVE-2018-13992)
Customers using Phoenix Contact managed FL SWITCH devices are recommended to enable HTTP security.
## Remediation for Multiple CWEs:
(CWE-352 (CVE-2018-13993), CWE-307 (CVE-2018-13990), CWE-400 (CVE-2018-13994), CWE-922 (CVE-2018-13991), CWE-119 (CVE-2017-3735))
Customers using Phoenix Contact managed FL SWITCH devices with affected firmware versions are recommended to update the firmware to version **1.35 or higher**, which fixes these vulnerabilities.
The updated firmware may be downloaded from the managed switch product page on the Phoenix Contact website:
| Article No. | Model | Updated Firmware |
|-------------|--------------------------------|------------------|
| 2891033 | FL SWITCH 3004T-FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-2891033?type=firmware_update) |
| 2891034 | FL SWITCH 3004T-FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-st-2891034?type=firmware_update) |
| 2891030 | FL SWITCH 3005 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005-2891030?type=firmware_update) |
| 2891032 | FL SWITCH 3005T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005t-2891032?type=firmware_update) |
| 2891036 | FL SWITCH 3006T-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-2891036?type=firmware_update) |
| 2891060 | FL SWITCH 3006T-2FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-sm-2891060?type=firmware_update) |
| 2891037 | FL SWITCH 3006T-2FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-st-2891037?type=firmware_update) |
| 2891031 | FL SWITCH 3008 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008-2891031?type=firmware_update) |
| 2891035 | FL SWITCH 3008T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008t-2891035?type=firmware_update) |
| 2891120 | FL SWITCH 3012E-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-2891120?type=firmware_update) |
| 2891119 | FL SWITCH 3012E-2FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-sm-2891119?type=firmware_update) |
| 2891067 | FL SWITCH 3012E-2SFX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2sfx-2891067?type=firmware_update) |
| 2891058 | FL SWITCH 3016 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016-2891058?type=firmware_update) |
| 2891066 | FL SWITCH 3016E | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016e-2891066?type=firmware_update) |
| 2891059 | FL SWITCH 3016T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016t-2891059?type=firmware_update) |
| 1026924 | FL SWITCH 4000T-4POE-1SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-4poe-1sfp-1026924?type=firmware_update) |
| 1026923 | FL SWITCH 4000T-8POE-2SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-8poe-2sfp-1026923?type=firmware_update) |
| 1026922 | FL SWITCH 4004T-8POE-4SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4004t-8poe-4sfp-1026922?type=firmware_update) |
| 2891160 | FL SWITCH 4008T-2GT-3FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-3fx-sm-2891160?type=firmware_update) |
| 2891061 | FL SWITCH 4008T-2GT-4FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-4fx-sm-2891061?type=firmware_update) |
| 2891062 | FL SWITCH 4008T-2SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2sfp-2891062?type=firmware_update) |
| 2891063 | FL SWITCH 4012T-2GT-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-2891063?type=firmware_update) |
| 2891161 | FL SWITCH 4012T-2GT-2FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-st-2891161?type=firmware_update) |
| 2891104 | FL SWITCH 4800E-24FX SM-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-sm-4gc-2891104?type=firmware_update) |
| 2891102 | FL SWITCH 4800E-24FX-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-4gc-2891102?type=firmware_update) |
| 2891073 | FL SWITCH 4808E-16FX LC-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-lc-4gc-2891073?type=firmware_update) |
| 2891074 | FL SWITCH 4808E-16FX SM LC-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-lc-4gc-2891074?type=firmware_update) |
| 2891086 | FL SWITCH 4808E-16FX SM ST-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-st-4gc-2891086?type=firmware_update) |
Affected products
Fixed
32 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — | ||
| Unresolved product id: CSAFPID-32011 | — | ||
| Unresolved product id: CSAFPID-32012 | — | ||
| Unresolved product id: CSAFPID-32013 | — | ||
| Unresolved product id: CSAFPID-32014 | — | ||
| Unresolved product id: CSAFPID-32015 | — | ||
| Unresolved product id: CSAFPID-32016 | — | ||
| Unresolved product id: CSAFPID-32017 | — | ||
| Unresolved product id: CSAFPID-32018 | — | ||
| Unresolved product id: CSAFPID-32019 | — | ||
| Unresolved product id: CSAFPID-32020 | — | ||
| Unresolved product id: CSAFPID-32021 | — | ||
| Unresolved product id: CSAFPID-32022 | — | ||
| Unresolved product id: CSAFPID-32023 | — | ||
| Unresolved product id: CSAFPID-32024 | — | ||
| Unresolved product id: CSAFPID-32025 | — | ||
| Unresolved product id: CSAFPID-32026 | — | ||
| Unresolved product id: CSAFPID-32027 | — | ||
| Unresolved product id: CSAFPID-32028 | — | ||
| Unresolved product id: CSAFPID-32029 | — | ||
| Unresolved product id: CSAFPID-32030 | — | ||
| Unresolved product id: CSAFPID-32031 | — | ||
| Unresolved product id: CSAFPID-32032 | — |
Known affected
32 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — | ||
| Unresolved product id: CSAFPID-31011 | — | ||
| Unresolved product id: CSAFPID-31012 | — | ||
| Unresolved product id: CSAFPID-31013 | — | ||
| Unresolved product id: CSAFPID-31014 | — | ||
| Unresolved product id: CSAFPID-31015 | — | ||
| Unresolved product id: CSAFPID-31016 | — | ||
| Unresolved product id: CSAFPID-31017 | — | ||
| Unresolved product id: CSAFPID-31018 | — | ||
| Unresolved product id: CSAFPID-31019 | — | ||
| Unresolved product id: CSAFPID-31020 | — | ||
| Unresolved product id: CSAFPID-31021 | — | ||
| Unresolved product id: CSAFPID-31022 | — | ||
| Unresolved product id: CSAFPID-31023 | — | ||
| Unresolved product id: CSAFPID-31024 | — | ||
| Unresolved product id: CSAFPID-31025 | — | ||
| Unresolved product id: CSAFPID-31026 | — | ||
| Unresolved product id: CSAFPID-31027 | — | ||
| Unresolved product id: CSAFPID-31028 | — | ||
| Unresolved product id: CSAFPID-31029 | — | ||
| Unresolved product id: CSAFPID-31030 | — | ||
| Unresolved product id: CSAFPID-31031 | — | ||
| Unresolved product id: CSAFPID-31032 | — |
Known not affected
32 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32033 | — | ||
| Unresolved product id: CSAFPID-32034 | — | ||
| Unresolved product id: CSAFPID-32035 | — | ||
| Unresolved product id: CSAFPID-32036 | — | ||
| Unresolved product id: CSAFPID-32037 | — | ||
| Unresolved product id: CSAFPID-32038 | — | ||
| Unresolved product id: CSAFPID-32039 | — | ||
| Unresolved product id: CSAFPID-32040 | — | ||
| Unresolved product id: CSAFPID-32041 | — | ||
| Unresolved product id: CSAFPID-32042 | — | ||
| Unresolved product id: CSAFPID-32043 | — | ||
| Unresolved product id: CSAFPID-32044 | — | ||
| Unresolved product id: CSAFPID-32045 | — | ||
| Unresolved product id: CSAFPID-32046 | — | ||
| Unresolved product id: CSAFPID-32047 | — | ||
| Unresolved product id: CSAFPID-32048 | — | ||
| Unresolved product id: CSAFPID-32049 | — | ||
| Unresolved product id: CSAFPID-32050 | — | ||
| Unresolved product id: CSAFPID-32051 | — | ||
| Unresolved product id: CSAFPID-32052 | — | ||
| Unresolved product id: CSAFPID-32053 | — | ||
| Unresolved product id: CSAFPID-32054 | — | ||
| Unresolved product id: CSAFPID-32055 | — | ||
| Unresolved product id: CSAFPID-32056 | — | ||
| Unresolved product id: CSAFPID-32057 | — | ||
| Unresolved product id: CSAFPID-32058 | — | ||
| Unresolved product id: CSAFPID-32059 | — | ||
| Unresolved product id: CSAFPID-32060 | — | ||
| Unresolved product id: CSAFPID-32061 | — | ||
| Unresolved product id: CSAFPID-32062 | — | ||
| Unresolved product id: CSAFPID-32063 | — | ||
| Unresolved product id: CSAFPID-32064 | — |
The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 allows for plaintext transmission (HTTP) of user credentials by default.
9.8 (Critical)
Vendor Fix
## Remediation for CWE-319 (CVE-2018-13992)
Customers using Phoenix Contact managed FL SWITCH devices are recommended to enable HTTP security.
## Remediation for Multiple CWEs:
(CWE-352 (CVE-2018-13993), CWE-307 (CVE-2018-13990), CWE-400 (CVE-2018-13994), CWE-922 (CVE-2018-13991), CWE-119 (CVE-2017-3735))
Customers using Phoenix Contact managed FL SWITCH devices with affected firmware versions are recommended to update the firmware to version **1.35 or higher**, which fixes these vulnerabilities.
The updated firmware may be downloaded from the managed switch product page on the Phoenix Contact website:
| Article No. | Model | Updated Firmware |
|-------------|--------------------------------|------------------|
| 2891033 | FL SWITCH 3004T-FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-2891033?type=firmware_update) |
| 2891034 | FL SWITCH 3004T-FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-st-2891034?type=firmware_update) |
| 2891030 | FL SWITCH 3005 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005-2891030?type=firmware_update) |
| 2891032 | FL SWITCH 3005T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005t-2891032?type=firmware_update) |
| 2891036 | FL SWITCH 3006T-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-2891036?type=firmware_update) |
| 2891060 | FL SWITCH 3006T-2FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-sm-2891060?type=firmware_update) |
| 2891037 | FL SWITCH 3006T-2FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-st-2891037?type=firmware_update) |
| 2891031 | FL SWITCH 3008 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008-2891031?type=firmware_update) |
| 2891035 | FL SWITCH 3008T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008t-2891035?type=firmware_update) |
| 2891120 | FL SWITCH 3012E-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-2891120?type=firmware_update) |
| 2891119 | FL SWITCH 3012E-2FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-sm-2891119?type=firmware_update) |
| 2891067 | FL SWITCH 3012E-2SFX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2sfx-2891067?type=firmware_update) |
| 2891058 | FL SWITCH 3016 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016-2891058?type=firmware_update) |
| 2891066 | FL SWITCH 3016E | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016e-2891066?type=firmware_update) |
| 2891059 | FL SWITCH 3016T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016t-2891059?type=firmware_update) |
| 1026924 | FL SWITCH 4000T-4POE-1SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-4poe-1sfp-1026924?type=firmware_update) |
| 1026923 | FL SWITCH 4000T-8POE-2SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-8poe-2sfp-1026923?type=firmware_update) |
| 1026922 | FL SWITCH 4004T-8POE-4SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4004t-8poe-4sfp-1026922?type=firmware_update) |
| 2891160 | FL SWITCH 4008T-2GT-3FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-3fx-sm-2891160?type=firmware_update) |
| 2891061 | FL SWITCH 4008T-2GT-4FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-4fx-sm-2891061?type=firmware_update) |
| 2891062 | FL SWITCH 4008T-2SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2sfp-2891062?type=firmware_update) |
| 2891063 | FL SWITCH 4012T-2GT-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-2891063?type=firmware_update) |
| 2891161 | FL SWITCH 4012T-2GT-2FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-st-2891161?type=firmware_update) |
| 2891104 | FL SWITCH 4800E-24FX SM-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-sm-4gc-2891104?type=firmware_update) |
| 2891102 | FL SWITCH 4800E-24FX-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-4gc-2891102?type=firmware_update) |
| 2891073 | FL SWITCH 4808E-16FX LC-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-lc-4gc-2891073?type=firmware_update) |
| 2891074 | FL SWITCH 4808E-16FX SM LC-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-lc-4gc-2891074?type=firmware_update) |
| 2891086 | FL SWITCH 4808E-16FX SM ST-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-st-4gc-2891086?type=firmware_update) |
Affected products
Fixed
32 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — | ||
| Unresolved product id: CSAFPID-32011 | — | ||
| Unresolved product id: CSAFPID-32012 | — | ||
| Unresolved product id: CSAFPID-32013 | — | ||
| Unresolved product id: CSAFPID-32014 | — | ||
| Unresolved product id: CSAFPID-32015 | — | ||
| Unresolved product id: CSAFPID-32016 | — | ||
| Unresolved product id: CSAFPID-32017 | — | ||
| Unresolved product id: CSAFPID-32018 | — | ||
| Unresolved product id: CSAFPID-32019 | — | ||
| Unresolved product id: CSAFPID-32020 | — | ||
| Unresolved product id: CSAFPID-32021 | — | ||
| Unresolved product id: CSAFPID-32022 | — | ||
| Unresolved product id: CSAFPID-32023 | — | ||
| Unresolved product id: CSAFPID-32024 | — | ||
| Unresolved product id: CSAFPID-32025 | — | ||
| Unresolved product id: CSAFPID-32026 | — | ||
| Unresolved product id: CSAFPID-32027 | — | ||
| Unresolved product id: CSAFPID-32028 | — | ||
| Unresolved product id: CSAFPID-32029 | — | ||
| Unresolved product id: CSAFPID-32030 | — | ||
| Unresolved product id: CSAFPID-32031 | — | ||
| Unresolved product id: CSAFPID-32032 | — |
Known affected
32 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — | ||
| Unresolved product id: CSAFPID-31011 | — | ||
| Unresolved product id: CSAFPID-31012 | — | ||
| Unresolved product id: CSAFPID-31013 | — | ||
| Unresolved product id: CSAFPID-31014 | — | ||
| Unresolved product id: CSAFPID-31015 | — | ||
| Unresolved product id: CSAFPID-31016 | — | ||
| Unresolved product id: CSAFPID-31017 | — | ||
| Unresolved product id: CSAFPID-31018 | — | ||
| Unresolved product id: CSAFPID-31019 | — | ||
| Unresolved product id: CSAFPID-31020 | — | ||
| Unresolved product id: CSAFPID-31021 | — | ||
| Unresolved product id: CSAFPID-31022 | — | ||
| Unresolved product id: CSAFPID-31023 | — | ||
| Unresolved product id: CSAFPID-31024 | — | ||
| Unresolved product id: CSAFPID-31025 | — | ||
| Unresolved product id: CSAFPID-31026 | — | ||
| Unresolved product id: CSAFPID-31027 | — | ||
| Unresolved product id: CSAFPID-31028 | — | ||
| Unresolved product id: CSAFPID-31029 | — | ||
| Unresolved product id: CSAFPID-31030 | — | ||
| Unresolved product id: CSAFPID-31031 | — | ||
| Unresolved product id: CSAFPID-31032 | — |
Known not affected
32 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32033 | — | ||
| Unresolved product id: CSAFPID-32034 | — | ||
| Unresolved product id: CSAFPID-32035 | — | ||
| Unresolved product id: CSAFPID-32036 | — | ||
| Unresolved product id: CSAFPID-32037 | — | ||
| Unresolved product id: CSAFPID-32038 | — | ||
| Unresolved product id: CSAFPID-32039 | — | ||
| Unresolved product id: CSAFPID-32040 | — | ||
| Unresolved product id: CSAFPID-32041 | — | ||
| Unresolved product id: CSAFPID-32042 | — | ||
| Unresolved product id: CSAFPID-32043 | — | ||
| Unresolved product id: CSAFPID-32044 | — | ||
| Unresolved product id: CSAFPID-32045 | — | ||
| Unresolved product id: CSAFPID-32046 | — | ||
| Unresolved product id: CSAFPID-32047 | — | ||
| Unresolved product id: CSAFPID-32048 | — | ||
| Unresolved product id: CSAFPID-32049 | — | ||
| Unresolved product id: CSAFPID-32050 | — | ||
| Unresolved product id: CSAFPID-32051 | — | ||
| Unresolved product id: CSAFPID-32052 | — | ||
| Unresolved product id: CSAFPID-32053 | — | ||
| Unresolved product id: CSAFPID-32054 | — | ||
| Unresolved product id: CSAFPID-32055 | — | ||
| Unresolved product id: CSAFPID-32056 | — | ||
| Unresolved product id: CSAFPID-32057 | — | ||
| Unresolved product id: CSAFPID-32058 | — | ||
| Unresolved product id: CSAFPID-32059 | — | ||
| Unresolved product id: CSAFPID-32060 | — | ||
| Unresolved product id: CSAFPID-32061 | — | ||
| Unresolved product id: CSAFPID-32062 | — | ||
| Unresolved product id: CSAFPID-32063 | — | ||
| Unresolved product id: CSAFPID-32064 | — |
References
4 references
Acknowledgments
CERT@VDE
certvde.com
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
},
{
"names": [
"Evgeniy Druzhinin",
"Ilya Karpov",
"Georgy Zaytsev"
],
"organization": "Positive Technologies",
"summary": "reporting",
"urls": [
"https://www.phoenixcontact.com"
]
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "Multiple vulnerabilities for FL SWITCH have been identified in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx version 1.0 to 1.34.",
"title": "Summary"
},
{
"category": "description",
"text": "[TODO]",
"title": "Impact"
},
{
"category": "description",
"text": "## Remediation for CWE-319 (CVE-2018-13992)\n\nCustomers using Phoenix Contact managed FL SWITCH devices are recommended to enable HTTP security.\n\n## Remediation for Multiple CWEs:\n(CWE-352 (CVE-2018-13993), CWE-307 (CVE-2018-13990), CWE-400 (CVE-2018-13994), CWE-922 (CVE-2018-13991), CWE-119 (CVE-2017-3735))\n\nCustomers using Phoenix Contact managed FL SWITCH devices with affected firmware versions are recommended to update the firmware to version **1.35 or higher**, which fixes these vulnerabilities. \nThe updated firmware may be downloaded from the managed switch product page on the Phoenix Contact website:\n\n| Article No. | Model | Updated Firmware |\n|-------------|--------------------------------|------------------|\n| 2891033 | FL SWITCH 3004T-FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-2891033?type=firmware_update) |\n| 2891034 | FL SWITCH 3004T-FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-st-2891034?type=firmware_update) |\n| 2891030 | FL SWITCH 3005 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005-2891030?type=firmware_update) |\n| 2891032 | FL SWITCH 3005T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005t-2891032?type=firmware_update) |\n| 2891036 | FL SWITCH 3006T-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-2891036?type=firmware_update) |\n| 2891060 | FL SWITCH 3006T-2FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-sm-2891060?type=firmware_update) |\n| 2891037 | FL SWITCH 3006T-2FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-st-2891037?type=firmware_update) |\n| 2891031 | FL SWITCH 3008 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008-2891031?type=firmware_update) |\n| 2891035 | FL SWITCH 3008T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008t-2891035?type=firmware_update) |\n| 2891120 | FL SWITCH 3012E-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-2891120?type=firmware_update) |\n| 2891119 | FL SWITCH 3012E-2FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-sm-2891119?type=firmware_update) |\n| 2891067 | FL SWITCH 3012E-2SFX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2sfx-2891067?type=firmware_update) |\n| 2891058 | FL SWITCH 3016 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016-2891058?type=firmware_update) |\n| 2891066 | FL SWITCH 3016E | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016e-2891066?type=firmware_update) |\n| 2891059 | FL SWITCH 3016T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016t-2891059?type=firmware_update) |\n| 1026924 | FL SWITCH 4000T-4POE-1SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-4poe-1sfp-1026924?type=firmware_update) |\n| 1026923 | FL SWITCH 4000T-8POE-2SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-8poe-2sfp-1026923?type=firmware_update) |\n| 1026922 | FL SWITCH 4004T-8POE-4SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4004t-8poe-4sfp-1026922?type=firmware_update) |\n| 2891160 | FL SWITCH 4008T-2GT-3FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-3fx-sm-2891160?type=firmware_update) |\n| 2891061 | FL SWITCH 4008T-2GT-4FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-4fx-sm-2891061?type=firmware_update) |\n| 2891062 | FL SWITCH 4008T-2SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2sfp-2891062?type=firmware_update) |\n| 2891063 | FL SWITCH 4012T-2GT-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-2891063?type=firmware_update) |\n| 2891161 | FL SWITCH 4012T-2GT-2FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-st-2891161?type=firmware_update) |\n| 2891104 | FL SWITCH 4800E-24FX SM-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-sm-4gc-2891104?type=firmware_update) |\n| 2891102 | FL SWITCH 4800E-24FX-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-4gc-2891102?type=firmware_update) |\n| 2891073 | FL SWITCH 4808E-16FX LC-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-lc-4gc-2891073?type=firmware_update) |\n| 2891074 | FL SWITCH 4808E-16FX SM LC-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-lc-4gc-2891074?type=firmware_update) |\n| 2891086 | FL SWITCH 4808E-16FX SM ST-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-st-4gc-2891086?type=firmware_update) |",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@phoenixcontact.com",
"name": "Phoenix Contact GmbH \u0026 Co. KG",
"namespace": "https://phoenixcontact.com/psirt"
},
"references": [
{
"category": "external",
"summary": "Phoenix Contact PSIRT ",
"url": "https://www.phoenixcontact.com/de-de/service-und-support/psirt"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for Phoenix Contact GmbH \u0026 Co. KG",
"url": "https://certvde.com/de/advisories/vendor/phoenixcontact/"
},
{
"category": "self",
"summary": "VDE-2019-001: PHOENIX CONTACT: Multiple Vulnerabilities in FL SWITCH 3xxx, 4xxx and 48xx - HTML",
"url": "https://certvde.com/en/advisories/VDE-2019-001/"
},
{
"category": "self",
"summary": "VDE-2019-001: PHOENIX CONTACT: Multiple Vulnerabilities in FL SWITCH 3xxx, 4xxx and 48xx - CSAF",
"url": "https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2019/vde-2019-001.json"
}
],
"title": "PHOENIX CONTACT: Multiple Vulnerabilities in FL SWITCH 3xxx, 4xxx and 48xx",
"tracking": {
"aliases": [
"VDE-2019-001"
],
"current_release_date": "2025-05-14T13:00:15.000Z",
"generator": {
"date": "2025-03-14T10:59:27.750Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.21"
}
},
"id": "VDE-2019-001",
"initial_release_date": "2019-01-23T12:02:00.000Z",
"revision_history": [
{
"date": "2019-01-23T12:02:00.000Z",
"number": "1",
"summary": "Initial revision."
},
{
"date": "2025-05-14T13:00:15.000Z",
"number": "2",
"summary": "Fix: added distribution, status to final"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.34",
"product": {
"name": "Firmware \u003c=1.34",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version",
"name": "1.35",
"product": {
"name": "Firmware 1.35",
"product_id": "CSAFPID-22001"
}
},
{
"category": "product_version_range",
"name": "\u003c1.0",
"product": {
"name": "Firmware \u003c1.0",
"product_id": "CSAFPID-22002"
}
}
],
"category": "product_family",
"name": "Firmware"
},
{
"branches": [
{
"category": "product_name",
"name": "FL SWITCH 3004T-FX",
"product": {
"name": "FL SWITCH 3004T-FX",
"product_id": "CSAFPID-11001",
"product_identification_helper": {
"model_numbers": [
"2891033"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 3004T-FX ST",
"product": {
"name": "FL SWITCH 3004T-FX ST",
"product_id": "CSAFPID-11002",
"product_identification_helper": {
"model_numbers": [
"2891034"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 3005",
"product": {
"name": "FL SWITCH 3005",
"product_id": "CSAFPID-11003",
"product_identification_helper": {
"model_numbers": [
"2891030"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 3005T",
"product": {
"name": "FL SWITCH 3005T",
"product_id": "CSAFPID-11004",
"product_identification_helper": {
"model_numbers": [
"2891032"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 3006T-2FX",
"product": {
"name": "FL SWITCH 3006T-2FX",
"product_id": "CSAFPID-11005",
"product_identification_helper": {
"model_numbers": [
"2891036"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 3006T-2FX SM",
"product": {
"name": "FL SWITCH 3006T-2FX SM",
"product_id": "CSAFPID-11006",
"product_identification_helper": {
"model_numbers": [
"2891060"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 3006T-2FX ST",
"product": {
"name": "FL SWITCH 3006T-2FX ST",
"product_id": "CSAFPID-11007",
"product_identification_helper": {
"model_numbers": [
"2891037"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 3008",
"product": {
"name": "FL SWITCH 3008",
"product_id": "CSAFPID-11008",
"product_identification_helper": {
"model_numbers": [
"2891031"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 3008T",
"product": {
"name": "FL SWITCH 3008T",
"product_id": "CSAFPID-11009",
"product_identification_helper": {
"model_numbers": [
"2891035"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 3012E-2FX",
"product": {
"name": "FL SWITCH 3012E-2FX",
"product_id": "CSAFPID-11010",
"product_identification_helper": {
"model_numbers": [
"2891120"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 3012E-2FX SM",
"product": {
"name": "FL SWITCH 3012E-2FX SM",
"product_id": "CSAFPID-11011",
"product_identification_helper": {
"model_numbers": [
"2891119"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 3012E-2SFX",
"product": {
"name": "FL SWITCH 3012E-2SFX",
"product_id": "CSAFPID-11012",
"product_identification_helper": {
"model_numbers": [
"2891067"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 3016",
"product": {
"name": "FL SWITCH 3016",
"product_id": "CSAFPID-11013",
"product_identification_helper": {
"model_numbers": [
"2891058"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 3016E",
"product": {
"name": "FL SWITCH 3016E",
"product_id": "CSAFPID-11014",
"product_identification_helper": {
"model_numbers": [
"2891066"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 3016T",
"product": {
"name": "FL SWITCH 3016T",
"product_id": "CSAFPID-11015",
"product_identification_helper": {
"model_numbers": [
"2891059"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 4000T-4POE-1SFP",
"product": {
"name": "FL SWITCH 4000T-4POE-1SFP",
"product_id": "CSAFPID-11016",
"product_identification_helper": {
"model_numbers": [
"1026924"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 4000T-8POE-2SFP",
"product": {
"name": "FL SWITCH 4000T-8POE-2SFP",
"product_id": "CSAFPID-11017",
"product_identification_helper": {
"model_numbers": [
"1026923"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 4004T-8POE-4SFP",
"product": {
"name": "FL SWITCH 4004T-8POE-4SFP",
"product_id": "CSAFPID-11018",
"product_identification_helper": {
"model_numbers": [
"1026922"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 4008T-2GT-3FX SM",
"product": {
"name": "FL SWITCH 4008T-2GT-3FX SM",
"product_id": "CSAFPID-11019",
"product_identification_helper": {
"model_numbers": [
"2891160"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 4008T-2GT-4FX SM",
"product": {
"name": "FL SWITCH 4008T-2GT-4FX SM",
"product_id": "CSAFPID-11020",
"product_identification_helper": {
"model_numbers": [
"2891061"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 4008T-2SFP",
"product": {
"name": "FL SWITCH 4008T-2SFP",
"product_id": "CSAFPID-11021",
"product_identification_helper": {
"model_numbers": [
"2891062"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 4012T-2GT-2FX",
"product": {
"name": "FL SWITCH 4012T-2GT-2FX",
"product_id": "CSAFPID-11022",
"product_identification_helper": {
"model_numbers": [
"2891063"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 4012T-2GT-2FX ST",
"product": {
"name": "FL SWITCH 4012T-2GT-2FX ST",
"product_id": "CSAFPID-11023",
"product_identification_helper": {
"model_numbers": [
"2891161"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 4800E-24FX-4GC",
"product": {
"name": "FL SWITCH 4800E-24FX-4GC",
"product_id": "CSAFPID-11024",
"product_identification_helper": {
"model_numbers": [
"2891102"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 4800E-24FX SM-4GC",
"product": {
"name": "FL SWITCH 4800E-24FX SM-4GC",
"product_id": "CSAFPID-11025",
"product_identification_helper": {
"model_numbers": [
"2891104"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 4808E-16FX-4GC",
"product": {
"name": "FL SWITCH 4808E-16FX-4GC",
"product_id": "CSAFPID-11026",
"product_identification_helper": {
"model_numbers": [
"2891079"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 4808E-16FX LC-4GC",
"product": {
"name": "FL SWITCH 4808E-16FX LC-4GC",
"product_id": "CSAFPID-11027",
"product_identification_helper": {
"model_numbers": [
"2891073"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 4808E-16FX SM-4GC",
"product": {
"name": "FL SWITCH 4808E-16FX SM-4GC",
"product_id": "CSAFPID-11028",
"product_identification_helper": {
"model_numbers": [
"2891080"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 4808E-16FX SM LC-4GC",
"product": {
"name": "FL SWITCH 4808E-16FX SM LC-4GC",
"product_id": "CSAFPID-11029",
"product_identification_helper": {
"model_numbers": [
"2891074"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 4808E-16FX SM ST-4GC",
"product": {
"name": "FL SWITCH 4808E-16FX SM ST-4GC",
"product_id": "CSAFPID-11030",
"product_identification_helper": {
"model_numbers": [
"2891086"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 4808E-16FX ST-4GC",
"product": {
"name": "FL SWITCH 4808E-16FX ST-4GC",
"product_id": "CSAFPID-11031",
"product_identification_helper": {
"model_numbers": [
"2891085"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 4824E-4GC",
"product": {
"name": "FL SWITCH 4824E-4GC",
"product_id": "CSAFPID-11032",
"product_identification_helper": {
"model_numbers": [
"2891072"
]
}
}
}
],
"category": "product_family",
"name": "Hardware"
}
],
"category": "vendor",
"name": "Phoenix Contact"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030",
"CSAFPID-31031",
"CSAFPID-31032"
],
"summary": "Affected Products."
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014",
"CSAFPID-32015",
"CSAFPID-32016",
"CSAFPID-32017",
"CSAFPID-32018",
"CSAFPID-32019",
"CSAFPID-32020",
"CSAFPID-32021",
"CSAFPID-32022",
"CSAFPID-32023",
"CSAFPID-32024",
"CSAFPID-32025",
"CSAFPID-32026",
"CSAFPID-32027",
"CSAFPID-32028",
"CSAFPID-32029",
"CSAFPID-32030",
"CSAFPID-32031",
"CSAFPID-32032"
],
"summary": "Fixed Products."
},
{
"group_id": "CSAFGID-0003",
"product_ids": [
"CSAFPID-32033",
"CSAFPID-32034",
"CSAFPID-32035",
"CSAFPID-32036",
"CSAFPID-32037",
"CSAFPID-32038",
"CSAFPID-32039",
"CSAFPID-32040",
"CSAFPID-32041",
"CSAFPID-32042",
"CSAFPID-32043",
"CSAFPID-32044",
"CSAFPID-32045",
"CSAFPID-32046",
"CSAFPID-32047",
"CSAFPID-32048",
"CSAFPID-32049",
"CSAFPID-32050",
"CSAFPID-32051",
"CSAFPID-32052",
"CSAFPID-32053",
"CSAFPID-32054",
"CSAFPID-32055",
"CSAFPID-32056",
"CSAFPID-32057",
"CSAFPID-32058",
"CSAFPID-32059",
"CSAFPID-32060",
"CSAFPID-32061",
"CSAFPID-32062",
"CSAFPID-32063",
"CSAFPID-32064"
],
"summary": "Not Affected Products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.0 \u003c= 1.34 installed on FL SWITCH 3004T-FX",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.34 installed on FL SWITCH 3004T-FX ST",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.34 installed on FL SWITCH 3005",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.34 installed on FL SWITCH 3005T",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.34 installed on FL SWITCH 3006T-2FX",
"product_id": "CSAFPID-31005"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.34 installed on FL SWITCH 3006T-2FX SM",
"product_id": "CSAFPID-31006"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.34 installed on FL SWITCH 3006T-2FX ST",
"product_id": "CSAFPID-31007"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.34 installed on FL SWITCH 3008",
"product_id": "CSAFPID-31008"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.34 installed on FL SWITCH 3008T",
"product_id": "CSAFPID-31009"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.34 installed on FL SWITCH 3012E-2FX",
"product_id": "CSAFPID-31010"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.34 installed on FL SWITCH 3012E-2FX SM",
"product_id": "CSAFPID-31011"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.34 installed on FL SWITCH 3012E-2SFX",
"product_id": "CSAFPID-31012"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11012"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.34 installed on FL SWITCH 3016",
"product_id": "CSAFPID-31013"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11013"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.34 installed on FL SWITCH 3016E",
"product_id": "CSAFPID-31014"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11014"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.34 installed on FL SWITCH 3016T",
"product_id": "CSAFPID-31015"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11015"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.34 installed on FL SWITCH 4000T-4POE-1SFP",
"product_id": "CSAFPID-31016"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11016"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.34 installed on FL SWITCH 4000T-8POE-2SFP",
"product_id": "CSAFPID-31017"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11017"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.34 installed on FL SWITCH 4004T-8POE-4SFP",
"product_id": "CSAFPID-31018"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11018"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.34 installed on FL SWITCH 4008T-2GT-3FX SM",
"product_id": "CSAFPID-31019"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11019"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.34 installed on FL SWITCH 4008T-2GT-4FX SM",
"product_id": "CSAFPID-31020"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11020"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.34 installed on FL SWITCH 4008T-2SFP",
"product_id": "CSAFPID-31021"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11021"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.34 installed on FL SWITCH 4012T-2GT-2FX",
"product_id": "CSAFPID-31022"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11022"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.34 installed on FL SWITCH 4012T-2GT-2FX ST",
"product_id": "CSAFPID-31023"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11023"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.34 installed on FL SWITCH 4800E-24FX-4GC",
"product_id": "CSAFPID-31024"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11024"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.34 installed on FL SWITCH 4800E-24FX SM-4GC",
"product_id": "CSAFPID-31025"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11025"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.34 installed on FL SWITCH 4808E-16FX-4GC",
"product_id": "CSAFPID-31026"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11026"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.34 installed on FL SWITCH 4808E-16FX LC-4GC",
"product_id": "CSAFPID-31027"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11027"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.34 installed on FL SWITCH 4808E-16FX SM-4GC",
"product_id": "CSAFPID-31028"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11028"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.34 installed on FL SWITCH 4808E-16FX SM LC-4GC",
"product_id": "CSAFPID-31029"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11029"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.34 installed on FL SWITCH 4808E-16FX SM ST-4GC",
"product_id": "CSAFPID-31030"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11030"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.34 installed on FL SWITCH 4808E-16FX ST-4GC",
"product_id": "CSAFPID-31031"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11031"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.34 installed on FL SWITCH 4824E-4GC",
"product_id": "CSAFPID-31032"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11032"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.35 installed on FL SWITCH 3004T-FX",
"product_id": "CSAFPID-32001"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.35 installed on FL SWITCH 3004T-FX ST",
"product_id": "CSAFPID-32002"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.35 installed on FL SWITCH 3005",
"product_id": "CSAFPID-32003"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.35 installed on FL SWITCH 3005T",
"product_id": "CSAFPID-32004"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.35 installed on FL SWITCH 3006T-2FX",
"product_id": "CSAFPID-32005"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.35 installed on FL SWITCH 3006T-2FX SM",
"product_id": "CSAFPID-32006"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.35 installed on FL SWITCH 3006T-2FX ST",
"product_id": "CSAFPID-32007"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.35 installed on FL SWITCH 3008",
"product_id": "CSAFPID-32008"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.35 installed on FL SWITCH 3008T",
"product_id": "CSAFPID-32009"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.35 installed on FL SWITCH 3012E-2FX",
"product_id": "CSAFPID-32010"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.35 installed on FL SWITCH 3012E-2FX SM",
"product_id": "CSAFPID-32011"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.35 installed on FL SWITCH 3012E-2SFX",
"product_id": "CSAFPID-32012"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11012"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.35 installed on FL SWITCH 3016",
"product_id": "CSAFPID-32013"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11013"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.35 installed on FL SWITCH 3016E",
"product_id": "CSAFPID-32014"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11014"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.35 installed on FL SWITCH 3016T",
"product_id": "CSAFPID-32015"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11015"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.35 installed on FL SWITCH 4000T-4POE-1SFP",
"product_id": "CSAFPID-32016"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11016"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.35 installed on FL SWITCH 4000T-8POE-2SFP",
"product_id": "CSAFPID-32017"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11017"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.35 installed on FL SWITCH 4004T-8POE-4SFP",
"product_id": "CSAFPID-32018"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11018"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.35 installed on FL SWITCH 4008T-2GT-3FX SM",
"product_id": "CSAFPID-32019"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11019"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.35 installed on FL SWITCH 4008T-2GT-4FX SM",
"product_id": "CSAFPID-32020"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11020"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.35 installed on FL SWITCH 4008T-2SFP",
"product_id": "CSAFPID-32021"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11021"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.35 installed on FL SWITCH 4012T-2GT-2FX",
"product_id": "CSAFPID-32022"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11022"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.35 installed on FL SWITCH 4012T-2GT-2FX ST",
"product_id": "CSAFPID-32023"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11023"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.35 installed on FL SWITCH 4800E-24FX-4GC",
"product_id": "CSAFPID-32024"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11024"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.35 installed on FL SWITCH 4800E-24FX SM-4GC",
"product_id": "CSAFPID-32025"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11025"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.35 installed on FL SWITCH 4808E-16FX-4GC",
"product_id": "CSAFPID-32026"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11026"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.35 installed on FL SWITCH 4808E-16FX LC-4GC",
"product_id": "CSAFPID-32027"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11027"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.35 installed on FL SWITCH 4808E-16FX SM-4GC",
"product_id": "CSAFPID-32028"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11028"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.35 installed on FL SWITCH 4808E-16FX SM LC-4GC",
"product_id": "CSAFPID-32029"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11029"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.35 installed on FL SWITCH 4808E-16FX SM ST-4GC",
"product_id": "CSAFPID-32030"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11030"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.35 installed on FL SWITCH 4808E-16FX ST-4GC",
"product_id": "CSAFPID-32031"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11031"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.35 installed on FL SWITCH 4824E-4GC",
"product_id": "CSAFPID-32032"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11032"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.0 installed on FL SWITCH 3004T-FX",
"product_id": "CSAFPID-32033"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.0 installed on FL SWITCH 3004T-FX ST",
"product_id": "CSAFPID-32034"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.0 installed on FL SWITCH 3005",
"product_id": "CSAFPID-32035"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.0 installed on FL SWITCH 3005T",
"product_id": "CSAFPID-32036"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.0 installed on FL SWITCH 3006T-2FX",
"product_id": "CSAFPID-32037"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.0 installed on FL SWITCH 3006T-2FX SM",
"product_id": "CSAFPID-32038"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.0 installed on FL SWITCH 3006T-2FX ST",
"product_id": "CSAFPID-32039"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.0 installed on FL SWITCH 3008",
"product_id": "CSAFPID-32040"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.0 installed on FL SWITCH 3008T",
"product_id": "CSAFPID-32041"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.0 installed on FL SWITCH 3012E-2FX",
"product_id": "CSAFPID-32042"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.0 installed on FL SWITCH 3012E-2FX SM",
"product_id": "CSAFPID-32043"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.0 installed on FL SWITCH 3012E-2SFX",
"product_id": "CSAFPID-32044"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11012"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.0 installed on FL SWITCH 3016",
"product_id": "CSAFPID-32045"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11013"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.0 installed on FL SWITCH 3016E",
"product_id": "CSAFPID-32046"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11014"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.0 installed on FL SWITCH 3016T",
"product_id": "CSAFPID-32047"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11015"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.0 installed on FL SWITCH 4000T-4POE-1SFP",
"product_id": "CSAFPID-32048"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11016"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.0 installed on FL SWITCH 4000T-8POE-2SFP",
"product_id": "CSAFPID-32049"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11017"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.0 installed on FL SWITCH 4004T-8POE-4SFP",
"product_id": "CSAFPID-32050"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11018"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.0 installed on FL SWITCH 4008T-2GT-3FX SM",
"product_id": "CSAFPID-32051"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11019"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.0 installed on FL SWITCH 4008T-2GT-4FX SM",
"product_id": "CSAFPID-32052"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11020"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.0 installed on FL SWITCH 4008T-2SFP",
"product_id": "CSAFPID-32053"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11021"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.0 installed on FL SWITCH 4012T-2GT-2FX",
"product_id": "CSAFPID-32054"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11022"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.0 installed on FL SWITCH 4012T-2GT-2FX ST",
"product_id": "CSAFPID-32055"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11023"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.0 installed on FL SWITCH 4800E-24FX-4GC",
"product_id": "CSAFPID-32056"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11024"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.0 installed on FL SWITCH 4800E-24FX SM-4GC",
"product_id": "CSAFPID-32057"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11025"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.0 installed on FL SWITCH 4808E-16FX-4GC",
"product_id": "CSAFPID-32058"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11026"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.0 installed on FL SWITCH 4808E-16FX LC-4GC",
"product_id": "CSAFPID-32059"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11027"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.0 installed on FL SWITCH 4808E-16FX SM-4GC",
"product_id": "CSAFPID-32060"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11028"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.0 installed on FL SWITCH 4808E-16FX SM LC-4GC",
"product_id": "CSAFPID-32061"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11029"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.0 installed on FL SWITCH 4808E-16FX SM ST-4GC",
"product_id": "CSAFPID-32062"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11030"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.0 installed on FL SWITCH 4808E-16FX ST-4GC",
"product_id": "CSAFPID-32063"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11031"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.0 installed on FL SWITCH 4824E-4GC",
"product_id": "CSAFPID-32064"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11032"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-13994",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is vulnerable to a denial-of-service attack by making more than 120 connections.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014",
"CSAFPID-32015",
"CSAFPID-32016",
"CSAFPID-32017",
"CSAFPID-32018",
"CSAFPID-32019",
"CSAFPID-32020",
"CSAFPID-32021",
"CSAFPID-32022",
"CSAFPID-32023",
"CSAFPID-32024",
"CSAFPID-32025",
"CSAFPID-32026",
"CSAFPID-32027",
"CSAFPID-32028",
"CSAFPID-32029",
"CSAFPID-32030",
"CSAFPID-32031",
"CSAFPID-32032"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030",
"CSAFPID-31031",
"CSAFPID-31032"
],
"known_not_affected": [
"CSAFPID-32033",
"CSAFPID-32034",
"CSAFPID-32035",
"CSAFPID-32036",
"CSAFPID-32037",
"CSAFPID-32038",
"CSAFPID-32039",
"CSAFPID-32040",
"CSAFPID-32041",
"CSAFPID-32042",
"CSAFPID-32043",
"CSAFPID-32044",
"CSAFPID-32045",
"CSAFPID-32046",
"CSAFPID-32047",
"CSAFPID-32048",
"CSAFPID-32049",
"CSAFPID-32050",
"CSAFPID-32051",
"CSAFPID-32052",
"CSAFPID-32053",
"CSAFPID-32054",
"CSAFPID-32055",
"CSAFPID-32056",
"CSAFPID-32057",
"CSAFPID-32058",
"CSAFPID-32059",
"CSAFPID-32060",
"CSAFPID-32061",
"CSAFPID-32062",
"CSAFPID-32063",
"CSAFPID-32064"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "## Remediation for CWE-319 (CVE-2018-13992)\n\nCustomers using Phoenix Contact managed FL SWITCH devices are recommended to enable HTTP security.\n\n## Remediation for Multiple CWEs:\n(CWE-352 (CVE-2018-13993), CWE-307 (CVE-2018-13990), CWE-400 (CVE-2018-13994), CWE-922 (CVE-2018-13991), CWE-119 (CVE-2017-3735))\n\nCustomers using Phoenix Contact managed FL SWITCH devices with affected firmware versions are recommended to update the firmware to version **1.35 or higher**, which fixes these vulnerabilities. \nThe updated firmware may be downloaded from the managed switch product page on the Phoenix Contact website:\n\n| Article No. | Model | Updated Firmware |\n|-------------|--------------------------------|------------------|\n| 2891033 | FL SWITCH 3004T-FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-2891033?type=firmware_update) |\n| 2891034 | FL SWITCH 3004T-FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-st-2891034?type=firmware_update) |\n| 2891030 | FL SWITCH 3005 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005-2891030?type=firmware_update) |\n| 2891032 | FL SWITCH 3005T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005t-2891032?type=firmware_update) |\n| 2891036 | FL SWITCH 3006T-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-2891036?type=firmware_update) |\n| 2891060 | FL SWITCH 3006T-2FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-sm-2891060?type=firmware_update) |\n| 2891037 | FL SWITCH 3006T-2FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-st-2891037?type=firmware_update) |\n| 2891031 | FL SWITCH 3008 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008-2891031?type=firmware_update) |\n| 2891035 | FL SWITCH 3008T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008t-2891035?type=firmware_update) |\n| 2891120 | FL SWITCH 3012E-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-2891120?type=firmware_update) |\n| 2891119 | FL SWITCH 3012E-2FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-sm-2891119?type=firmware_update) |\n| 2891067 | FL SWITCH 3012E-2SFX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2sfx-2891067?type=firmware_update) |\n| 2891058 | FL SWITCH 3016 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016-2891058?type=firmware_update) |\n| 2891066 | FL SWITCH 3016E | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016e-2891066?type=firmware_update) |\n| 2891059 | FL SWITCH 3016T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016t-2891059?type=firmware_update) |\n| 1026924 | FL SWITCH 4000T-4POE-1SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-4poe-1sfp-1026924?type=firmware_update) |\n| 1026923 | FL SWITCH 4000T-8POE-2SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-8poe-2sfp-1026923?type=firmware_update) |\n| 1026922 | FL SWITCH 4004T-8POE-4SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4004t-8poe-4sfp-1026922?type=firmware_update) |\n| 2891160 | FL SWITCH 4008T-2GT-3FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-3fx-sm-2891160?type=firmware_update) |\n| 2891061 | FL SWITCH 4008T-2GT-4FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-4fx-sm-2891061?type=firmware_update) |\n| 2891062 | FL SWITCH 4008T-2SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2sfp-2891062?type=firmware_update) |\n| 2891063 | FL SWITCH 4012T-2GT-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-2891063?type=firmware_update) |\n| 2891161 | FL SWITCH 4012T-2GT-2FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-st-2891161?type=firmware_update) |\n| 2891104 | FL SWITCH 4800E-24FX SM-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-sm-4gc-2891104?type=firmware_update) |\n| 2891102 | FL SWITCH 4800E-24FX-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-4gc-2891102?type=firmware_update) |\n| 2891073 | FL SWITCH 4808E-16FX LC-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-lc-4gc-2891073?type=firmware_update) |\n| 2891074 | FL SWITCH 4808E-16FX SM LC-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-lc-4gc-2891074?type=firmware_update) |\n| 2891086 | FL SWITCH 4808E-16FX SM ST-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-st-4gc-2891086?type=firmware_update) |",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030",
"CSAFPID-31031",
"CSAFPID-31032"
]
}
],
"title": "CVE-2018-13994"
},
{
"cve": "CVE-2018-13991",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 leaks private information in firmware images.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014",
"CSAFPID-32015",
"CSAFPID-32016",
"CSAFPID-32017",
"CSAFPID-32018",
"CSAFPID-32019",
"CSAFPID-32020",
"CSAFPID-32021",
"CSAFPID-32022",
"CSAFPID-32023",
"CSAFPID-32024",
"CSAFPID-32025",
"CSAFPID-32026",
"CSAFPID-32027",
"CSAFPID-32028",
"CSAFPID-32029",
"CSAFPID-32030",
"CSAFPID-32031",
"CSAFPID-32032"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030",
"CSAFPID-31031",
"CSAFPID-31032"
],
"known_not_affected": [
"CSAFPID-32033",
"CSAFPID-32034",
"CSAFPID-32035",
"CSAFPID-32036",
"CSAFPID-32037",
"CSAFPID-32038",
"CSAFPID-32039",
"CSAFPID-32040",
"CSAFPID-32041",
"CSAFPID-32042",
"CSAFPID-32043",
"CSAFPID-32044",
"CSAFPID-32045",
"CSAFPID-32046",
"CSAFPID-32047",
"CSAFPID-32048",
"CSAFPID-32049",
"CSAFPID-32050",
"CSAFPID-32051",
"CSAFPID-32052",
"CSAFPID-32053",
"CSAFPID-32054",
"CSAFPID-32055",
"CSAFPID-32056",
"CSAFPID-32057",
"CSAFPID-32058",
"CSAFPID-32059",
"CSAFPID-32060",
"CSAFPID-32061",
"CSAFPID-32062",
"CSAFPID-32063",
"CSAFPID-32064"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "## Remediation for CWE-319 (CVE-2018-13992)\n\nCustomers using Phoenix Contact managed FL SWITCH devices are recommended to enable HTTP security.\n\n## Remediation for Multiple CWEs:\n(CWE-352 (CVE-2018-13993), CWE-307 (CVE-2018-13990), CWE-400 (CVE-2018-13994), CWE-922 (CVE-2018-13991), CWE-119 (CVE-2017-3735))\n\nCustomers using Phoenix Contact managed FL SWITCH devices with affected firmware versions are recommended to update the firmware to version **1.35 or higher**, which fixes these vulnerabilities. \nThe updated firmware may be downloaded from the managed switch product page on the Phoenix Contact website:\n\n| Article No. | Model | Updated Firmware |\n|-------------|--------------------------------|------------------|\n| 2891033 | FL SWITCH 3004T-FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-2891033?type=firmware_update) |\n| 2891034 | FL SWITCH 3004T-FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-st-2891034?type=firmware_update) |\n| 2891030 | FL SWITCH 3005 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005-2891030?type=firmware_update) |\n| 2891032 | FL SWITCH 3005T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005t-2891032?type=firmware_update) |\n| 2891036 | FL SWITCH 3006T-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-2891036?type=firmware_update) |\n| 2891060 | FL SWITCH 3006T-2FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-sm-2891060?type=firmware_update) |\n| 2891037 | FL SWITCH 3006T-2FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-st-2891037?type=firmware_update) |\n| 2891031 | FL SWITCH 3008 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008-2891031?type=firmware_update) |\n| 2891035 | FL SWITCH 3008T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008t-2891035?type=firmware_update) |\n| 2891120 | FL SWITCH 3012E-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-2891120?type=firmware_update) |\n| 2891119 | FL SWITCH 3012E-2FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-sm-2891119?type=firmware_update) |\n| 2891067 | FL SWITCH 3012E-2SFX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2sfx-2891067?type=firmware_update) |\n| 2891058 | FL SWITCH 3016 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016-2891058?type=firmware_update) |\n| 2891066 | FL SWITCH 3016E | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016e-2891066?type=firmware_update) |\n| 2891059 | FL SWITCH 3016T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016t-2891059?type=firmware_update) |\n| 1026924 | FL SWITCH 4000T-4POE-1SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-4poe-1sfp-1026924?type=firmware_update) |\n| 1026923 | FL SWITCH 4000T-8POE-2SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-8poe-2sfp-1026923?type=firmware_update) |\n| 1026922 | FL SWITCH 4004T-8POE-4SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4004t-8poe-4sfp-1026922?type=firmware_update) |\n| 2891160 | FL SWITCH 4008T-2GT-3FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-3fx-sm-2891160?type=firmware_update) |\n| 2891061 | FL SWITCH 4008T-2GT-4FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-4fx-sm-2891061?type=firmware_update) |\n| 2891062 | FL SWITCH 4008T-2SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2sfp-2891062?type=firmware_update) |\n| 2891063 | FL SWITCH 4012T-2GT-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-2891063?type=firmware_update) |\n| 2891161 | FL SWITCH 4012T-2GT-2FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-st-2891161?type=firmware_update) |\n| 2891104 | FL SWITCH 4800E-24FX SM-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-sm-4gc-2891104?type=firmware_update) |\n| 2891102 | FL SWITCH 4800E-24FX-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-4gc-2891102?type=firmware_update) |\n| 2891073 | FL SWITCH 4808E-16FX LC-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-lc-4gc-2891073?type=firmware_update) |\n| 2891074 | FL SWITCH 4808E-16FX SM LC-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-lc-4gc-2891074?type=firmware_update) |\n| 2891086 | FL SWITCH 4808E-16FX SM ST-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-st-4gc-2891086?type=firmware_update) |",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030",
"CSAFPID-31031",
"CSAFPID-31032"
]
}
],
"title": "CVE-2018-13991"
},
{
"cve": "CVE-2017-3735",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014",
"CSAFPID-32015",
"CSAFPID-32016",
"CSAFPID-32017",
"CSAFPID-32018",
"CSAFPID-32019",
"CSAFPID-32020",
"CSAFPID-32021",
"CSAFPID-32022",
"CSAFPID-32023",
"CSAFPID-32024",
"CSAFPID-32025",
"CSAFPID-32026",
"CSAFPID-32027",
"CSAFPID-32028",
"CSAFPID-32029",
"CSAFPID-32030",
"CSAFPID-32031",
"CSAFPID-32032"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030",
"CSAFPID-31031",
"CSAFPID-31032"
],
"known_not_affected": [
"CSAFPID-32033",
"CSAFPID-32034",
"CSAFPID-32035",
"CSAFPID-32036",
"CSAFPID-32037",
"CSAFPID-32038",
"CSAFPID-32039",
"CSAFPID-32040",
"CSAFPID-32041",
"CSAFPID-32042",
"CSAFPID-32043",
"CSAFPID-32044",
"CSAFPID-32045",
"CSAFPID-32046",
"CSAFPID-32047",
"CSAFPID-32048",
"CSAFPID-32049",
"CSAFPID-32050",
"CSAFPID-32051",
"CSAFPID-32052",
"CSAFPID-32053",
"CSAFPID-32054",
"CSAFPID-32055",
"CSAFPID-32056",
"CSAFPID-32057",
"CSAFPID-32058",
"CSAFPID-32059",
"CSAFPID-32060",
"CSAFPID-32061",
"CSAFPID-32062",
"CSAFPID-32063",
"CSAFPID-32064"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "## Remediation for CWE-319 (CVE-2018-13992)\n\nCustomers using Phoenix Contact managed FL SWITCH devices are recommended to enable HTTP security.\n\n## Remediation for Multiple CWEs:\n(CWE-352 (CVE-2018-13993), CWE-307 (CVE-2018-13990), CWE-400 (CVE-2018-13994), CWE-922 (CVE-2018-13991), CWE-119 (CVE-2017-3735))\n\nCustomers using Phoenix Contact managed FL SWITCH devices with affected firmware versions are recommended to update the firmware to version **1.35 or higher**, which fixes these vulnerabilities. \nThe updated firmware may be downloaded from the managed switch product page on the Phoenix Contact website:\n\n| Article No. | Model | Updated Firmware |\n|-------------|--------------------------------|------------------|\n| 2891033 | FL SWITCH 3004T-FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-2891033?type=firmware_update) |\n| 2891034 | FL SWITCH 3004T-FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-st-2891034?type=firmware_update) |\n| 2891030 | FL SWITCH 3005 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005-2891030?type=firmware_update) |\n| 2891032 | FL SWITCH 3005T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005t-2891032?type=firmware_update) |\n| 2891036 | FL SWITCH 3006T-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-2891036?type=firmware_update) |\n| 2891060 | FL SWITCH 3006T-2FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-sm-2891060?type=firmware_update) |\n| 2891037 | FL SWITCH 3006T-2FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-st-2891037?type=firmware_update) |\n| 2891031 | FL SWITCH 3008 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008-2891031?type=firmware_update) |\n| 2891035 | FL SWITCH 3008T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008t-2891035?type=firmware_update) |\n| 2891120 | FL SWITCH 3012E-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-2891120?type=firmware_update) |\n| 2891119 | FL SWITCH 3012E-2FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-sm-2891119?type=firmware_update) |\n| 2891067 | FL SWITCH 3012E-2SFX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2sfx-2891067?type=firmware_update) |\n| 2891058 | FL SWITCH 3016 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016-2891058?type=firmware_update) |\n| 2891066 | FL SWITCH 3016E | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016e-2891066?type=firmware_update) |\n| 2891059 | FL SWITCH 3016T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016t-2891059?type=firmware_update) |\n| 1026924 | FL SWITCH 4000T-4POE-1SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-4poe-1sfp-1026924?type=firmware_update) |\n| 1026923 | FL SWITCH 4000T-8POE-2SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-8poe-2sfp-1026923?type=firmware_update) |\n| 1026922 | FL SWITCH 4004T-8POE-4SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4004t-8poe-4sfp-1026922?type=firmware_update) |\n| 2891160 | FL SWITCH 4008T-2GT-3FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-3fx-sm-2891160?type=firmware_update) |\n| 2891061 | FL SWITCH 4008T-2GT-4FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-4fx-sm-2891061?type=firmware_update) |\n| 2891062 | FL SWITCH 4008T-2SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2sfp-2891062?type=firmware_update) |\n| 2891063 | FL SWITCH 4012T-2GT-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-2891063?type=firmware_update) |\n| 2891161 | FL SWITCH 4012T-2GT-2FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-st-2891161?type=firmware_update) |\n| 2891104 | FL SWITCH 4800E-24FX SM-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-sm-4gc-2891104?type=firmware_update) |\n| 2891102 | FL SWITCH 4800E-24FX-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-4gc-2891102?type=firmware_update) |\n| 2891073 | FL SWITCH 4808E-16FX LC-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-lc-4gc-2891073?type=firmware_update) |\n| 2891074 | FL SWITCH 4808E-16FX SM LC-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-lc-4gc-2891074?type=firmware_update) |\n| 2891086 | FL SWITCH 4808E-16FX SM ST-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-st-4gc-2891086?type=firmware_update) |",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030",
"CSAFPID-31031",
"CSAFPID-31032"
]
}
],
"title": "CVE-2017-3735"
},
{
"cve": "CVE-2018-13993",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is prone to CSRF.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014",
"CSAFPID-32015",
"CSAFPID-32016",
"CSAFPID-32017",
"CSAFPID-32018",
"CSAFPID-32019",
"CSAFPID-32020",
"CSAFPID-32021",
"CSAFPID-32022",
"CSAFPID-32023",
"CSAFPID-32024",
"CSAFPID-32025",
"CSAFPID-32026",
"CSAFPID-32027",
"CSAFPID-32028",
"CSAFPID-32029",
"CSAFPID-32030",
"CSAFPID-32031",
"CSAFPID-32032"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030",
"CSAFPID-31031",
"CSAFPID-31032"
],
"known_not_affected": [
"CSAFPID-32033",
"CSAFPID-32034",
"CSAFPID-32035",
"CSAFPID-32036",
"CSAFPID-32037",
"CSAFPID-32038",
"CSAFPID-32039",
"CSAFPID-32040",
"CSAFPID-32041",
"CSAFPID-32042",
"CSAFPID-32043",
"CSAFPID-32044",
"CSAFPID-32045",
"CSAFPID-32046",
"CSAFPID-32047",
"CSAFPID-32048",
"CSAFPID-32049",
"CSAFPID-32050",
"CSAFPID-32051",
"CSAFPID-32052",
"CSAFPID-32053",
"CSAFPID-32054",
"CSAFPID-32055",
"CSAFPID-32056",
"CSAFPID-32057",
"CSAFPID-32058",
"CSAFPID-32059",
"CSAFPID-32060",
"CSAFPID-32061",
"CSAFPID-32062",
"CSAFPID-32063",
"CSAFPID-32064"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "## Remediation for CWE-319 (CVE-2018-13992)\n\nCustomers using Phoenix Contact managed FL SWITCH devices are recommended to enable HTTP security.\n\n## Remediation for Multiple CWEs:\n(CWE-352 (CVE-2018-13993), CWE-307 (CVE-2018-13990), CWE-400 (CVE-2018-13994), CWE-922 (CVE-2018-13991), CWE-119 (CVE-2017-3735))\n\nCustomers using Phoenix Contact managed FL SWITCH devices with affected firmware versions are recommended to update the firmware to version **1.35 or higher**, which fixes these vulnerabilities. \nThe updated firmware may be downloaded from the managed switch product page on the Phoenix Contact website:\n\n| Article No. | Model | Updated Firmware |\n|-------------|--------------------------------|------------------|\n| 2891033 | FL SWITCH 3004T-FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-2891033?type=firmware_update) |\n| 2891034 | FL SWITCH 3004T-FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-st-2891034?type=firmware_update) |\n| 2891030 | FL SWITCH 3005 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005-2891030?type=firmware_update) |\n| 2891032 | FL SWITCH 3005T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005t-2891032?type=firmware_update) |\n| 2891036 | FL SWITCH 3006T-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-2891036?type=firmware_update) |\n| 2891060 | FL SWITCH 3006T-2FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-sm-2891060?type=firmware_update) |\n| 2891037 | FL SWITCH 3006T-2FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-st-2891037?type=firmware_update) |\n| 2891031 | FL SWITCH 3008 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008-2891031?type=firmware_update) |\n| 2891035 | FL SWITCH 3008T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008t-2891035?type=firmware_update) |\n| 2891120 | FL SWITCH 3012E-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-2891120?type=firmware_update) |\n| 2891119 | FL SWITCH 3012E-2FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-sm-2891119?type=firmware_update) |\n| 2891067 | FL SWITCH 3012E-2SFX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2sfx-2891067?type=firmware_update) |\n| 2891058 | FL SWITCH 3016 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016-2891058?type=firmware_update) |\n| 2891066 | FL SWITCH 3016E | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016e-2891066?type=firmware_update) |\n| 2891059 | FL SWITCH 3016T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016t-2891059?type=firmware_update) |\n| 1026924 | FL SWITCH 4000T-4POE-1SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-4poe-1sfp-1026924?type=firmware_update) |\n| 1026923 | FL SWITCH 4000T-8POE-2SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-8poe-2sfp-1026923?type=firmware_update) |\n| 1026922 | FL SWITCH 4004T-8POE-4SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4004t-8poe-4sfp-1026922?type=firmware_update) |\n| 2891160 | FL SWITCH 4008T-2GT-3FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-3fx-sm-2891160?type=firmware_update) |\n| 2891061 | FL SWITCH 4008T-2GT-4FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-4fx-sm-2891061?type=firmware_update) |\n| 2891062 | FL SWITCH 4008T-2SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2sfp-2891062?type=firmware_update) |\n| 2891063 | FL SWITCH 4012T-2GT-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-2891063?type=firmware_update) |\n| 2891161 | FL SWITCH 4012T-2GT-2FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-st-2891161?type=firmware_update) |\n| 2891104 | FL SWITCH 4800E-24FX SM-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-sm-4gc-2891104?type=firmware_update) |\n| 2891102 | FL SWITCH 4800E-24FX-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-4gc-2891102?type=firmware_update) |\n| 2891073 | FL SWITCH 4808E-16FX LC-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-lc-4gc-2891073?type=firmware_update) |\n| 2891074 | FL SWITCH 4808E-16FX SM LC-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-lc-4gc-2891074?type=firmware_update) |\n| 2891086 | FL SWITCH 4808E-16FX SM ST-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-st-4gc-2891086?type=firmware_update) |",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030",
"CSAFPID-31031",
"CSAFPID-31032"
]
}
],
"title": "CVE-2018-13993"
},
{
"cve": "CVE-2018-13990",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions prior to 1.35 is vulnerable to brute-force attacks, because of Improper Restriction of Excessive Authentication Attempts.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014",
"CSAFPID-32015",
"CSAFPID-32016",
"CSAFPID-32017",
"CSAFPID-32018",
"CSAFPID-32019",
"CSAFPID-32020",
"CSAFPID-32021",
"CSAFPID-32022",
"CSAFPID-32023",
"CSAFPID-32024",
"CSAFPID-32025",
"CSAFPID-32026",
"CSAFPID-32027",
"CSAFPID-32028",
"CSAFPID-32029",
"CSAFPID-32030",
"CSAFPID-32031",
"CSAFPID-32032"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030",
"CSAFPID-31031",
"CSAFPID-31032"
],
"known_not_affected": [
"CSAFPID-32033",
"CSAFPID-32034",
"CSAFPID-32035",
"CSAFPID-32036",
"CSAFPID-32037",
"CSAFPID-32038",
"CSAFPID-32039",
"CSAFPID-32040",
"CSAFPID-32041",
"CSAFPID-32042",
"CSAFPID-32043",
"CSAFPID-32044",
"CSAFPID-32045",
"CSAFPID-32046",
"CSAFPID-32047",
"CSAFPID-32048",
"CSAFPID-32049",
"CSAFPID-32050",
"CSAFPID-32051",
"CSAFPID-32052",
"CSAFPID-32053",
"CSAFPID-32054",
"CSAFPID-32055",
"CSAFPID-32056",
"CSAFPID-32057",
"CSAFPID-32058",
"CSAFPID-32059",
"CSAFPID-32060",
"CSAFPID-32061",
"CSAFPID-32062",
"CSAFPID-32063",
"CSAFPID-32064"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "## Remediation for CWE-319 (CVE-2018-13992)\n\nCustomers using Phoenix Contact managed FL SWITCH devices are recommended to enable HTTP security.\n\n## Remediation for Multiple CWEs:\n(CWE-352 (CVE-2018-13993), CWE-307 (CVE-2018-13990), CWE-400 (CVE-2018-13994), CWE-922 (CVE-2018-13991), CWE-119 (CVE-2017-3735))\n\nCustomers using Phoenix Contact managed FL SWITCH devices with affected firmware versions are recommended to update the firmware to version **1.35 or higher**, which fixes these vulnerabilities. \nThe updated firmware may be downloaded from the managed switch product page on the Phoenix Contact website:\n\n| Article No. | Model | Updated Firmware |\n|-------------|--------------------------------|------------------|\n| 2891033 | FL SWITCH 3004T-FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-2891033?type=firmware_update) |\n| 2891034 | FL SWITCH 3004T-FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-st-2891034?type=firmware_update) |\n| 2891030 | FL SWITCH 3005 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005-2891030?type=firmware_update) |\n| 2891032 | FL SWITCH 3005T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005t-2891032?type=firmware_update) |\n| 2891036 | FL SWITCH 3006T-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-2891036?type=firmware_update) |\n| 2891060 | FL SWITCH 3006T-2FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-sm-2891060?type=firmware_update) |\n| 2891037 | FL SWITCH 3006T-2FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-st-2891037?type=firmware_update) |\n| 2891031 | FL SWITCH 3008 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008-2891031?type=firmware_update) |\n| 2891035 | FL SWITCH 3008T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008t-2891035?type=firmware_update) |\n| 2891120 | FL SWITCH 3012E-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-2891120?type=firmware_update) |\n| 2891119 | FL SWITCH 3012E-2FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-sm-2891119?type=firmware_update) |\n| 2891067 | FL SWITCH 3012E-2SFX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2sfx-2891067?type=firmware_update) |\n| 2891058 | FL SWITCH 3016 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016-2891058?type=firmware_update) |\n| 2891066 | FL SWITCH 3016E | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016e-2891066?type=firmware_update) |\n| 2891059 | FL SWITCH 3016T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016t-2891059?type=firmware_update) |\n| 1026924 | FL SWITCH 4000T-4POE-1SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-4poe-1sfp-1026924?type=firmware_update) |\n| 1026923 | FL SWITCH 4000T-8POE-2SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-8poe-2sfp-1026923?type=firmware_update) |\n| 1026922 | FL SWITCH 4004T-8POE-4SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4004t-8poe-4sfp-1026922?type=firmware_update) |\n| 2891160 | FL SWITCH 4008T-2GT-3FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-3fx-sm-2891160?type=firmware_update) |\n| 2891061 | FL SWITCH 4008T-2GT-4FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-4fx-sm-2891061?type=firmware_update) |\n| 2891062 | FL SWITCH 4008T-2SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2sfp-2891062?type=firmware_update) |\n| 2891063 | FL SWITCH 4012T-2GT-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-2891063?type=firmware_update) |\n| 2891161 | FL SWITCH 4012T-2GT-2FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-st-2891161?type=firmware_update) |\n| 2891104 | FL SWITCH 4800E-24FX SM-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-sm-4gc-2891104?type=firmware_update) |\n| 2891102 | FL SWITCH 4800E-24FX-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-4gc-2891102?type=firmware_update) |\n| 2891073 | FL SWITCH 4808E-16FX LC-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-lc-4gc-2891073?type=firmware_update) |\n| 2891074 | FL SWITCH 4808E-16FX SM LC-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-lc-4gc-2891074?type=firmware_update) |\n| 2891086 | FL SWITCH 4808E-16FX SM ST-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-st-4gc-2891086?type=firmware_update) |",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030",
"CSAFPID-31031",
"CSAFPID-31032"
]
}
],
"title": "CVE-2018-13990"
},
{
"cve": "CVE-2018-13992",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 allows for plaintext transmission (HTTP) of user credentials by default.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014",
"CSAFPID-32015",
"CSAFPID-32016",
"CSAFPID-32017",
"CSAFPID-32018",
"CSAFPID-32019",
"CSAFPID-32020",
"CSAFPID-32021",
"CSAFPID-32022",
"CSAFPID-32023",
"CSAFPID-32024",
"CSAFPID-32025",
"CSAFPID-32026",
"CSAFPID-32027",
"CSAFPID-32028",
"CSAFPID-32029",
"CSAFPID-32030",
"CSAFPID-32031",
"CSAFPID-32032"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030",
"CSAFPID-31031",
"CSAFPID-31032"
],
"known_not_affected": [
"CSAFPID-32033",
"CSAFPID-32034",
"CSAFPID-32035",
"CSAFPID-32036",
"CSAFPID-32037",
"CSAFPID-32038",
"CSAFPID-32039",
"CSAFPID-32040",
"CSAFPID-32041",
"CSAFPID-32042",
"CSAFPID-32043",
"CSAFPID-32044",
"CSAFPID-32045",
"CSAFPID-32046",
"CSAFPID-32047",
"CSAFPID-32048",
"CSAFPID-32049",
"CSAFPID-32050",
"CSAFPID-32051",
"CSAFPID-32052",
"CSAFPID-32053",
"CSAFPID-32054",
"CSAFPID-32055",
"CSAFPID-32056",
"CSAFPID-32057",
"CSAFPID-32058",
"CSAFPID-32059",
"CSAFPID-32060",
"CSAFPID-32061",
"CSAFPID-32062",
"CSAFPID-32063",
"CSAFPID-32064"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "## Remediation for CWE-319 (CVE-2018-13992)\n\nCustomers using Phoenix Contact managed FL SWITCH devices are recommended to enable HTTP security.\n\n## Remediation for Multiple CWEs:\n(CWE-352 (CVE-2018-13993), CWE-307 (CVE-2018-13990), CWE-400 (CVE-2018-13994), CWE-922 (CVE-2018-13991), CWE-119 (CVE-2017-3735))\n\nCustomers using Phoenix Contact managed FL SWITCH devices with affected firmware versions are recommended to update the firmware to version **1.35 or higher**, which fixes these vulnerabilities. \nThe updated firmware may be downloaded from the managed switch product page on the Phoenix Contact website:\n\n| Article No. | Model | Updated Firmware |\n|-------------|--------------------------------|------------------|\n| 2891033 | FL SWITCH 3004T-FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-2891033?type=firmware_update) |\n| 2891034 | FL SWITCH 3004T-FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-st-2891034?type=firmware_update) |\n| 2891030 | FL SWITCH 3005 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005-2891030?type=firmware_update) |\n| 2891032 | FL SWITCH 3005T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005t-2891032?type=firmware_update) |\n| 2891036 | FL SWITCH 3006T-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-2891036?type=firmware_update) |\n| 2891060 | FL SWITCH 3006T-2FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-sm-2891060?type=firmware_update) |\n| 2891037 | FL SWITCH 3006T-2FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-st-2891037?type=firmware_update) |\n| 2891031 | FL SWITCH 3008 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008-2891031?type=firmware_update) |\n| 2891035 | FL SWITCH 3008T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008t-2891035?type=firmware_update) |\n| 2891120 | FL SWITCH 3012E-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-2891120?type=firmware_update) |\n| 2891119 | FL SWITCH 3012E-2FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-sm-2891119?type=firmware_update) |\n| 2891067 | FL SWITCH 3012E-2SFX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2sfx-2891067?type=firmware_update) |\n| 2891058 | FL SWITCH 3016 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016-2891058?type=firmware_update) |\n| 2891066 | FL SWITCH 3016E | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016e-2891066?type=firmware_update) |\n| 2891059 | FL SWITCH 3016T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016t-2891059?type=firmware_update) |\n| 1026924 | FL SWITCH 4000T-4POE-1SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-4poe-1sfp-1026924?type=firmware_update) |\n| 1026923 | FL SWITCH 4000T-8POE-2SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-8poe-2sfp-1026923?type=firmware_update) |\n| 1026922 | FL SWITCH 4004T-8POE-4SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4004t-8poe-4sfp-1026922?type=firmware_update) |\n| 2891160 | FL SWITCH 4008T-2GT-3FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-3fx-sm-2891160?type=firmware_update) |\n| 2891061 | FL SWITCH 4008T-2GT-4FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-4fx-sm-2891061?type=firmware_update) |\n| 2891062 | FL SWITCH 4008T-2SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2sfp-2891062?type=firmware_update) |\n| 2891063 | FL SWITCH 4012T-2GT-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-2891063?type=firmware_update) |\n| 2891161 | FL SWITCH 4012T-2GT-2FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-st-2891161?type=firmware_update) |\n| 2891104 | FL SWITCH 4800E-24FX SM-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-sm-4gc-2891104?type=firmware_update) |\n| 2891102 | FL SWITCH 4800E-24FX-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-4gc-2891102?type=firmware_update) |\n| 2891073 | FL SWITCH 4808E-16FX LC-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-lc-4gc-2891073?type=firmware_update) |\n| 2891074 | FL SWITCH 4808E-16FX SM LC-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-lc-4gc-2891074?type=firmware_update) |\n| 2891086 | FL SWITCH 4808E-16FX SM ST-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-st-4gc-2891086?type=firmware_update) |",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030",
"CSAFPID-31031",
"CSAFPID-31032"
]
}
],
"title": "CVE-2018-13992"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…