Sign-up

ID

VAR-201801-0160


CVE

CVE-2017-16743


TITLE

PHOENIX CONTACT FL SWITCH Unauthorized Access Vulnerability

Trust: 0.8

sources: IVD: e2e1079f-39ab-11e9-8d74-000c29342cb1 // CNVD: CNVD-2018-00910

DESCRIPTION

An Improper Authorization issue was discovered in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, and 48xxx Series products running firmware Version 1.0 to 1.32. A remote unauthenticated attacker may be able to craft special HTTP requests allowing an attacker to bypass web-service authentication allowing the attacker to obtain administrative privileges on the device. FL SWITCH is a managed Ethernet switch from the Phoenix Contact group in Germany

Trust: 2.43

sources: NVD: CVE-2017-16743 // JVNDB: JVNDB-2017-012037 // CNVD: CNVD-2018-00910 // IVD: e2e1079f-39ab-11e9-8d74-000c29342cb1 // VULMON: CVE-2017-16743

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e2e1079f-39ab-11e9-8d74-000c29342cb1 // CNVD: CNVD-2018-00910

AFFECTED PRODUCTS

vendor:phoenixcontactmodel:fl switch 4000t-8poe-2sfp-rscope:gteversion:1.0

Trust: 1.0

vendor:phoenixcontactmodel:fl switch 4808e-16fx sm-4gcscope:lteversion:1.32

Trust: 1.0

vendor:phoenixcontactmodel:fl switch 4008t-2gt-3fx smscope:lteversion:1.32

Trust: 1.0

vendor:phoenixcontactmodel:fl switch 3008tscope:gteversion:1.0

Trust: 1.0

vendor:phoenixcontactmodel:fl switch 4008t-2sfpscope:gteversion:1.0

Trust: 1.0

vendor:phoenixcontactmodel:fl switch 3005scope:lteversion:1.32

Trust: 1.0

vendor:phoenixcontactmodel:fl switch 3016tscope:lteversion:1.32

Trust: 1.0

vendor:phoenixcontactmodel:fl switch 4808e-16fx sm lc-4gcscope:gteversion:1.0

Trust: 1.0

vendor:phoenixcontactmodel:fl switch 3004t-fx stscope:lteversion:1.32

Trust: 1.0

vendor:phoenixcontactmodel:fl switch 4800e-24fx sm-4gcscope:lteversion:1.32

Trust: 1.0

vendor:phoenixcontactmodel:fl switch 3016scope:gteversion:1.0

Trust: 1.0

vendor:phoenixcontactmodel:fl switch 3004t-fxscope:gteversion:1.0

Trust: 1.0

vendor:phoenixcontactmodel:fl switch 3012e-2sfxscope:lteversion:1.32

Trust: 1.0

vendor:phoenixcontactmodel:fl switch 4808e-16fx-4gcscope:lteversion:1.32

Trust: 1.0

vendor:phoenixcontactmodel:fl switch 3008scope:gteversion:1.0

Trust: 1.0

vendor:phoenixcontactmodel:fl switch 4012t-2gt-2fx stscope:gteversion:1.0

Trust: 1.0

vendor:phoenixcontactmodel:fl switch 3012e-2fx smscope:lteversion:1.32

Trust: 1.0

vendor:phoenixcontactmodel:fl switch 3005tscope:gteversion:1.0

Trust: 1.0

vendor:phoenixcontactmodel:fl switch 4000t-8poe-2sfp-rscope:lteversion:1.32

Trust: 1.0

vendor:phoenixcontactmodel:fl switch 3006t-2fxscope:gteversion:1.0

Trust: 1.0

vendor:phoenixcontactmodel:fl switch 3006t-2fx stscope:lteversion:1.32

Trust: 1.0

vendor:phoenixcontactmodel:fl switch 4808e-16fx lc-4gcscope:gteversion:1.0

Trust: 1.0

vendor:phoenixcontactmodel:fl switch 3008tscope:lteversion:1.32

Trust: 1.0

vendor:phoenixcontactmodel:fl switch 3006t-2fx smscope:lteversion:1.32

Trust: 1.0

vendor:phoenixcontactmodel:fl switch 4008t-2sfpscope:lteversion:1.32

Trust: 1.0

vendor:phoenixcontactmodel:fl switch 3012e-2fx smscope:gteversion:1.0

Trust: 1.0

vendor:phoenixcontactmodel:fl switch 3016escope:gteversion:1.0

Trust: 1.0

vendor:phoenixcontactmodel:fl switch 4808e-16fx sm lc-4gcscope:lteversion:1.32

Trust: 1.0

vendor:phoenixcontactmodel:fl switch 4012t 2gt 2fxscope:gteversion:1.0

Trust: 1.0

vendor:phoenixcontactmodel:fl switch 4808e-16fx sm st-4gcscope:lteversion:1.32

Trust: 1.0

vendor:phoenixcontactmodel:fl switch 3004t-fxscope:lteversion:1.32

Trust: 1.0

vendor:phoenixcontactmodel:fl switch 4808e-16fx st-4gcscope:gteversion:1.0

Trust: 1.0

vendor:phoenixcontactmodel:fl switch 4800e-24fx-4gcscope:gteversion:1.0

Trust: 1.0

vendor:phoenixcontactmodel:fl switch 4008t-2gt-4fx smscope:gteversion:1.0

Trust: 1.0

vendor:phoenixcontactmodel:fl switch 3005tscope:lteversion:1.32

Trust: 1.0

vendor:phoenixcontactmodel:fl switch 3008scope:lteversion:1.32

Trust: 1.0

vendor:phoenixcontactmodel:fl switch 4808e-16fx sm-4gcscope:gteversion:1.0

Trust: 1.0

vendor:phoenixcontactmodel:fl switch 4008t-2gt-3fx smscope:gteversion:1.0

Trust: 1.0

vendor:phoenixcontactmodel:fl switch 4808e-16fx lc-4gcscope:lteversion:1.32

Trust: 1.0

vendor:phoenixcontactmodel:fl switch 4012t-2gt-2fx stscope:lteversion:1.32

Trust: 1.0

vendor:phoenixcontactmodel:fl switch 3016scope:lteversion:1.32

Trust: 1.0

vendor:phoenixcontactmodel:fl switch 3004t-fx stscope:gteversion:1.0

Trust: 1.0

vendor:phoenixcontactmodel:fl switch 4824e-4gcscope:gteversion:1.0

Trust: 1.0

vendor:phoenixcontactmodel:fl switch 4800e-24fx sm-4gcscope:gteversion:1.0

Trust: 1.0

vendor:phoenixcontactmodel:fl switch 3005scope:gteversion:1.0

Trust: 1.0

vendor:phoenixcontactmodel:fl switch 3016tscope:gteversion:1.0

Trust: 1.0

vendor:phoenixcontactmodel:fl switch 3006t-2fxscope:lteversion:1.32

Trust: 1.0

vendor:phoenixcontactmodel:fl switch 4808e-16fx st-4gcscope:lteversion:1.32

Trust: 1.0

vendor:phoenixcontactmodel:fl switch 3016escope:lteversion:1.32

Trust: 1.0

vendor:phoenixcontactmodel:fl switch 4800e-24fx-4gcscope:lteversion:1.32

Trust: 1.0

vendor:phoenixcontactmodel:fl switch 4008t-2gt-4fx smscope:lteversion:1.32

Trust: 1.0

vendor:phoenixcontactmodel:fl switch 3006t-2fx smscope:gteversion:1.0

Trust: 1.0

vendor:phoenixcontactmodel:fl switch 4808e-16fx-4gcscope:gteversion:1.0

Trust: 1.0

vendor:phoenixcontactmodel:fl switch 3006t-2fx stscope:gteversion:1.0

Trust: 1.0

vendor:phoenixcontactmodel:fl switch 4012t 2gt 2fxscope:lteversion:1.32

Trust: 1.0

vendor:phoenixcontactmodel:fl switch 3012e-2sfxscope:gteversion:1.0

Trust: 1.0

vendor:phoenixcontactmodel:fl switch 4808e-16fx sm st-4gcscope:gteversion:1.0

Trust: 1.0

vendor:phoenixcontactmodel:fl switch 4824e-4gcscope:lteversion:1.32

Trust: 1.0

vendor:phoenix contactmodel:fl switch 3004t-fx stscope:eqversion:1.0 to 1.32

Trust: 0.8

vendor:phoenix contactmodel:fl switch 3004t-fxscope:eqversion:1.0 to 1.32

Trust: 0.8

vendor:phoenix contactmodel:fl switch 3005scope:eqversion:1.0 to 1.32

Trust: 0.8

vendor:phoenix contactmodel:fl switch 3005tscope:eqversion:1.0 to 1.32

Trust: 0.8

vendor:phoenix contactmodel:fl switch 3006t-2fx smscope:eqversion:1.0 to 1.32

Trust: 0.8

vendor:phoenix contactmodel:fl switch 3006t-2fx stscope:eqversion:1.0 to 1.32

Trust: 0.8

vendor:phoenix contactmodel:fl switch 3006t-2fxscope:eqversion:1.0 to 1.32

Trust: 0.8

vendor:phoenix contactmodel:fl switch 3008scope:eqversion:1.0 to 1.32

Trust: 0.8

vendor:phoenix contactmodel:fl switch 3008tscope:eqversion:1.0 to 1.32

Trust: 0.8

vendor:phoenix contactmodel:fl switch 3012e-2fx smscope:eqversion:1.0 to 1.32

Trust: 0.8

vendor:phoenix contactmodel:fl switch 3012e-2sfxscope:eqversion:1.0 to 1.32

Trust: 0.8

vendor:phoenix contactmodel:fl switch 3016scope:eqversion:1.0 to 1.32

Trust: 0.8

vendor:phoenix contactmodel:fl switch 3016escope:eqversion:1.0 to 1.32

Trust: 0.8

vendor:phoenix contactmodel:fl switch 3016tscope:eqversion:1.0 to 1.32

Trust: 0.8

vendor:phoenix contactmodel:fl switch 4000t-8poe-2sfp-rscope:eqversion:1.0 to 1.32

Trust: 0.8

vendor:phoenix contactmodel:fl switch 4008t-2gt-3fx smscope:eqversion:1.0 to 1.32

Trust: 0.8

vendor:phoenix contactmodel:fl switch 4008t-2gt-4fx smscope:eqversion:1.0 to 1.32

Trust: 0.8

vendor:phoenix contactmodel:fl switch 4008t-2sfpscope:eqversion:1.0 to 1.32

Trust: 0.8

vendor:phoenix contactmodel:fl switch 4012t 2gt 2fxscope:eqversion:1.0 to 1.32

Trust: 0.8

vendor:phoenix contactmodel:fl switch 4012t-2gt-2fx stscope:eqversion:1.0 to 1.32

Trust: 0.8

vendor:phoenix contactmodel:fl switch 4800e-24fx sm-4gcscope:eqversion:1.0 to 1.32

Trust: 0.8

vendor:phoenix contactmodel:fl switch 4800e-24fx-4gcscope:eqversion:1.0 to 1.32

Trust: 0.8

vendor:phoenix contactmodel:fl switch 4808e-16fx lc-4gcscope:eqversion:1.0 to 1.32

Trust: 0.8

vendor:phoenix contactmodel:fl switch 4808e-16fx sm lc-4gcscope:eqversion:1.0 to 1.32

Trust: 0.8

vendor:phoenix contactmodel:fl switch 4808e-16fx sm st-4gcscope:eqversion:1.0 to 1.32

Trust: 0.8

vendor:phoenix contactmodel:fl switch 4808e-16fx sm-4gcscope:eqversion:1.0 to 1.32

Trust: 0.8

vendor:phoenix contactmodel:fl switch 4808e-16fx st-4gcscope:eqversion:1.0 to 1.32

Trust: 0.8

vendor:phoenix contactmodel:fl switch 4808e-16fx-4gcscope:eqversion:1.0 to 1.32

Trust: 0.8

vendor:phoenix contactmodel:fl switch 4824e-4gcscope:eqversion:1.0 to 1.32

Trust: 0.8

vendor:phoenixmodel:contact fl switchscope:eqversion:3xxx>=1.0,<=1.32

Trust: 0.6

vendor:phoenixmodel:contact fl switchscope:eqversion:4xxx>=1.0,<=1.32

Trust: 0.6

vendor:phoenixmodel:contact fl switchscope:eqversion:8xxx>=1.0,<=1.32

Trust: 0.6

vendor:fl switch 4800e 24fx sm 4gcmodel: - scope:eqversion:*

Trust: 0.4

vendor:fl switch 3005model: - scope:eqversion:*

Trust: 0.2

vendor:fl switch 3016emodel: - scope:eqversion:*

Trust: 0.2

vendor:fl switch 3016model: - scope:eqversion:*

Trust: 0.2

vendor:fl switch 3016tmodel: - scope:eqversion:*

Trust: 0.2

vendor:fl switch 3006t 2fx smmodel: - scope:eqversion:*

Trust: 0.2

vendor:fl switch 4008t 2sfpmodel: - scope:eqversion:*

Trust: 0.2

vendor:fl switch 4008t 2gt 4fx smmodel: - scope:eqversion:*

Trust: 0.2

vendor:fl switch 4008t 2gt 3fx smmodel: - scope:eqversion:*

Trust: 0.2

vendor:fl switch 4808e 16fx lc 4gcmodel: - scope:eqversion:*

Trust: 0.2

vendor:fl switch 4808e 16fx sm 4gcmodel: - scope:eqversion:*

Trust: 0.2

vendor:fl switch 4808e 16fx sm st 4gcmodel: - scope:eqversion:*

Trust: 0.2

vendor:fl switch 3005tmodel: - scope:eqversion:*

Trust: 0.2

vendor:fl switch 4808e 16fx st 4gcmodel: - scope:eqversion:*

Trust: 0.2

vendor:fl switch 4808e 16fx 4gcmodel: - scope:eqversion:*

Trust: 0.2

vendor:fl switch 4808e 16fx sm lc 4gcmodel: - scope:eqversion:*

Trust: 0.2

vendor:fl switch 4012t 2gt 2fxmodel: - scope:eqversion:*

Trust: 0.2

vendor:fl switch 4012t 2gt 2fx stmodel: - scope:eqversion:*

Trust: 0.2

vendor:fl switch 4824e 4gcmodel: - scope:eqversion:*

Trust: 0.2

vendor:fl switch 4800e 24fx 4gcmodel: - scope:eqversion:*

Trust: 0.2

vendor:fl switch 3012e 2fx smmodel: - scope:eqversion:*

Trust: 0.2

vendor:fl switch 3004t fxmodel: - scope:eqversion:*

Trust: 0.2

vendor:fl switch 4000t 8poe 2sfp rmodel: - scope:eqversion:*

Trust: 0.2

vendor:fl switch 3004t fx stmodel: - scope:eqversion:*

Trust: 0.2

vendor:fl switch 3008model: - scope:eqversion:*

Trust: 0.2

vendor:fl switch 3008tmodel: - scope:eqversion:*

Trust: 0.2

vendor:fl switch 3006t 2fxmodel: - scope:eqversion:*

Trust: 0.2

vendor:fl switch 3006t 2fx stmodel: - scope:eqversion:*

Trust: 0.2

vendor:fl switch 3012e 2sfxmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: e2e1079f-39ab-11e9-8d74-000c29342cb1 // CNVD: CNVD-2018-00910 // JVNDB: JVNDB-2017-012037 // NVD: CVE-2017-16743

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-16743
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-16743
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2018-00910
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201801-526
value: CRITICAL

Trust: 0.6

IVD: e2e1079f-39ab-11e9-8d74-000c29342cb1
value: CRITICAL

Trust: 0.2

VULMON: CVE-2017-16743
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-16743
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2018-00910
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2e1079f-39ab-11e9-8d74-000c29342cb1
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2017-16743
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: e2e1079f-39ab-11e9-8d74-000c29342cb1 // CNVD: CNVD-2018-00910 // VULMON: CVE-2017-16743 // JVNDB: JVNDB-2017-012037 // CNNVD: CNNVD-201801-526 // NVD: CVE-2017-16743

PROBLEMTYPE DATA

problemtype:CWE-285

Trust: 1.8

problemtype:CWE-863

Trust: 1.0

sources: JVNDB: JVNDB-2017-012037 // NVD: CVE-2017-16743

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201801-526

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201801-526

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-012037

PATCH
title:トップページurl:https://www.phoenixcontact.com/online/portal/jp
Trust: 0.8
title:PHOENIX CONTACT FL SWITCH Unauthorized Access Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/113421
Trust: 0.6
title:PHOENIX CONTACT FL SWITCH 3xxx , 4xxx  and 48xxx Series Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77747
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-00910 // 
            
            
            
            JVNDB: JVNDB-2017-012037 // 
            
            
            
            CNNVD: CNNVD-201801-526

EXTERNAL IDS
db:NVDid:CVE-2017-16743
Trust: 3.3
db:ICS CERTid:ICSA-18-011-03
Trust: 3.1
db:CERT@VDEid:VDE-2017-006
Trust: 1.7
db:CNVDid:CNVD-2018-00910
Trust: 0.8
db:CNNVDid:CNNVD-201801-526
Trust: 0.8
db:JVNDBid:JVNDB-2017-012037
Trust: 0.8
db:IVDid:E2E1079F-39AB-11E9-8D74-000C29342CB1
Trust: 0.2
db:VULMONid:CVE-2017-16743
Trust: 0.1
sources:
            
            
            IVD: e2e1079f-39ab-11e9-8d74-000c29342cb1 // 
            
            
            
            CNVD: CNVD-2018-00910 // 
            
            
            
            VULMON: CVE-2017-16743 // 
            
            
            
            JVNDB: JVNDB-2017-012037 // 
            
            
            
            CNNVD: CNNVD-201801-526 // 
            
            
            
            NVD: CVE-2017-16743

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-18-011-03
Trust: 3.1
url:https://cert.vde.com/en-us/advisories/vde-2017-006
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16743
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-16743
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/863.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-00910 // 
            
            
            
            VULMON: CVE-2017-16743 // 
            
            
            
            JVNDB: JVNDB-2017-012037 // 
            
            
            
            CNNVD: CNNVD-201801-526 // 
            
            
            
            NVD: CVE-2017-16743

SOURCES
db:IVDid:e2e1079f-39ab-11e9-8d74-000c29342cb1
db:CNVDid:CNVD-2018-00910
db:VULMONid:CVE-2017-16743
db:JVNDBid:JVNDB-2017-012037
db:CNNVDid:CNNVD-201801-526
db:NVDid:CVE-2017-16743

LAST UPDATE DATE
2024-11-23T22:30:32.398000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-00910date:2018-01-15T00:00:00
db:VULMONid:CVE-2017-16743date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2017-012037date:2018-02-14T00:00:00
db:CNNVDid:CNNVD-201801-526date:2019-10-23T00:00:00
db:NVDid:CVE-2017-16743date:2024-11-21T03:16:53.180

SOURCES RELEASE DATE
db:IVDid:e2e1079f-39ab-11e9-8d74-000c29342cb1date:2018-01-15T00:00:00
db:CNVDid:CNVD-2018-00910date:2018-01-15T00:00:00
db:VULMONid:CVE-2017-16743date:2018-01-12T00:00:00
db:JVNDBid:JVNDB-2017-012037date:2018-02-14T00:00:00
db:CNNVDid:CNNVD-201801-526date:2018-01-16T00:00:00
db:NVDid:CVE-2017-16743date:2018-01-12T20:29:00.387