Details of VAR-201805-0693

ID

VAR-201805-0693

CVE

CVE-2018-10731

TITLE

plural Phoenix Contact FL SWITCH Product buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-005167

DESCRIPTION

All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to buffer overflows when handling very large cookies (a different vulnerability than CVE-2018-10728). plural Phoenix Contact FL SWITCH The product contains a buffer error vulnerability. This vulnerability CVE-2018-10728 Is a different vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PHOENIXCONTACTFLSWITCH3xxx, 4xxx and 48xxxSeries are all different series of switch devices from the Phoenix Contact group in Germany. A stack buffer overflow vulnerability exists in PHOENIXCONTACTFLSWITCH3xxx, 4xxx, and 48xxxSeries products using firmware versions 1.0 through 1.32. A remote attacker could exploit the vulnerability to gain unauthorized access to the switch operating system files and to inject executable code into the operating system. An OS command-execution vulnerability 2. An information-disclosure vulnerability 3. Multiple stack-based buffer-overflow vulnerabilities Attackers can exploit these issues to execute arbitrary code, execute arbitrary OS commands, obtain sensitive information, and perform unauthorized actions. Failed exploit attempts will likely cause a denial-of-service condition

Trust: 2.43

sources: NVD: CVE-2018-10731 // JVNDB: JVNDB-2018-005167 // CNVD: CNVD-2018-14414 // BID: 104231

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-14414

AFFECTED PRODUCTS

vendor:	phoenixcontact	model:	fl switch 4000t-8poe-2sfp-r	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3008t	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4008t-2sfp	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4808e-16fx lc-4gc	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4808e-16fx sm lc-4gc	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4012t-2gt-2fx st	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3016	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3016	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3004t-fx	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3006t-2fx	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3008	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4808e-16fx st-4gc	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4012t-2gt-2fx st	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3005t	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3016e	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4008t-2gt-4fx sm	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4800e-24fx-4gc	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3006t-2fx	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4808e-16fx lc-4gc	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4012t 2gt 2fx	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3012e-2fx sm	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3016e	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4824e-4gc	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4012t 2gt 2fx	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4800e-24fx-4gc	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4808e-16fx st-4gc	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4808e-16fx sm-4gc	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4008t-2gt-3fx sm	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3005	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3016t	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4008t-2gt-4fx sm	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3005	scope:	gt	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3004t-fx st	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4808e-16fx sm-4gc	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4800e-24fx sm-4gc	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3012e-2sfx	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4808e-16fx-4gc	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4008t-2gt-3fx sm	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3012e-2fx sm	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3004t-fx st	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4824e-4gc	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4800e-24fx sm-4gc	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4000t-8poe-2sfp-r	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3006t-2fx st	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3016t	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3008t	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3006t-2fx sm	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4008t-2sfp	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3008	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4808e-16fx sm lc-4gc	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3006t-2fx sm	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4808e-16fx sm st-4gc	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3004t-fx	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3006t-2fx st	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4808e-16fx-4gc	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3012e-2sfx	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4808e-16fx sm st-4gc	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3005t	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenix contact	model:	fl switch 3004t-fx st	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 3004t-fx	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 3005	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 3005t	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 3006t-2fx sm	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 3006t-2fx st	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 3006t-2fx	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 3008	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 3008t	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 3012e-2fx sm	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 3012e-2sfx	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 3016	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 3016e	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 3016t	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 4000t-8poe-2sfp-r	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 4008t-2gt-3fx sm	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 4008t-2gt-4fx sm	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 4008t-2sfp	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 4012t 2gt 2fx	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 4012t-2gt-2fx st	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 4800e-24fx sm-4gc	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 4800e-24fx-4gc	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 4808e-16fx lc-4gc	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 4808e-16fx sm lc-4gc	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 4808e-16fx sm st-4gc	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 4808e-16fx sm-4gc	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 4808e-16fx st-4gc	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 4808e-16fx-4gc	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 4824e-4gc	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix	model:	contact fl switch series	scope:	eq	version:	3xxx	Trust: 0.6
vendor:	phoenix	model:	contact fl switch series	scope:	eq	version:	4xxx	Trust: 0.6
vendor:	phoenix	model:	contact fl switch series	scope:	eq	version:	48xx	Trust: 0.6
vendor:	phoenix	model:	contact fl switch series	scope:	eq	version:	4xxx1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch series	scope:	eq	version:	4xxx1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch series	scope:	eq	version:	48xx1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch series	scope:	eq	version:	48xx1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4824e-4gc	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4824e-4gc	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4808e-16fx-4gc	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4808e-16fx-4gc	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4808e-16fx st-4gc	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4808e-16fx st-4gc	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4808e-16fx sm-4gc	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4808e-16fx sm-4gc	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4808e-16fx sm st-4gc	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4808e-16fx sm st-4gc	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4808e-16fx sm lc-4gc	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4808e-16fx sm lc-4gc	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4808e-16fx lc-4gc	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4808e-16fx lc-4gc	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4800e-24fx-4gc	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4800e-24fx-4gc	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4800e-24fx sm-4gc	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4800e-24fx sm-4gc	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4012t-2gt-2fx st	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4012t-2gt-2fx st	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4012t 2gt 2fx	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4012t 2gt 2fx	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4008t-2sfp	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4008t-2sfp	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4008t-2gt-4fx sm	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4008t-2gt-4fx sm	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4008t-2gt-3fx sm	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4008t-2gt-3fx sm	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4000t-8poe-2sfp-r	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4000t-8poe-2sfp-r	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch series	scope:	eq	version:	3xxx1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch series	scope:	eq	version:	3xxx1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3016t	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3016t	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3016e	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3016e	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch	scope:	eq	version:	30161.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch	scope:	eq	version:	30161.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3012e-2sfx	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3012e-2sfx	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3012e-2fx sm	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3012e-2fx sm	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3008t	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3008t	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch	scope:	eq	version:	30081.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch	scope:	eq	version:	30081.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3006t-2fx st	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3006t-2fx st	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3006t-2fx sm	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3006t-2fx sm	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3006t-2fx	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3006t-2fx	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3005t	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3005t	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch	scope:	eq	version:	30051.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch	scope:	eq	version:	30051.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3004t-fx st	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3004t-fx st	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3004t-fx	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3004t-fx	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4824e-4gc	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4808e-16fx-4gc	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4808e-16fx st-4gc	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4808e-16fx sm-4gc	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4808e-16fx sm st-4gc	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4808e-16fx sm lc-4gc	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4800e-24fx-4gc	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4800e-24fx sm-4gc	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4012t-2gt-2fx st	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4012t 2gt 2fx	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4008t-2sfp	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4008t-2gt-4fx sm	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4008t-2gt-3fx sm	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4000t-8poe-2sfp-r	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3016t	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3016e	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch	scope:	ne	version:	30161.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3012e-2sfx	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3012e-2fx sm	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3008t	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch	scope:	ne	version:	30081.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3006t-2fx sm	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3006t-2fx	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3005t	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch	scope:	ne	version:	30051.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3004t-fx st	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3004t-fx	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch -4804g8ce-16fx lc	scope:	ne	version:	1.34	Trust: 0.3

sources: CNVD: CNVD-2018-14414 // BID: 104231 // JVNDB: JVNDB-2018-005167 // NVD: CVE-2018-10731

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-10731
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-10731
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2018-14414
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201805-517
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2018-10731
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-14414
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2018-10731
baseSeverity:	CRITICAL
baseScore:	9.0
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	6.0
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-14414 // JVNDB: JVNDB-2018-005167 // CNNVD: CNNVD-201805-517 // NVD: CVE-2018-10731

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2018-005167 // NVD: CVE-2018-10731

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201805-517

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201805-517

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-005167

PATCH

title:	Top Page	url:	https://www.phoenixcontact.com/online/portal/pc	Trust: 0.8
title:	PHOENIX CONTACT FL SWITCH 3xxx , 4xxx and 48xxx Series Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83449	Trust: 0.6

sources: JVNDB: JVNDB-2018-005167 // CNNVD: CNNVD-201805-517

EXTERNAL IDS

db:	NVD	id:	CVE-2018-10731	Trust: 3.3
db:	CERT@VDE	id:	VDE-2018-007	Trust: 2.4
db:	ICS CERT	id:	ICSA-18-137-02	Trust: 2.1
db:	BID	id:	104231	Trust: 1.9
db:	JVNDB	id:	JVNDB-2018-005167	Trust: 0.8
db:	CNVD	id:	CNVD-2018-14414	Trust: 0.6
db:	CNNVD	id:	CNNVD-201805-517	Trust: 0.6

sources: CNVD: CNVD-2018-14414 // BID: 104231 // JVNDB: JVNDB-2018-005167 // CNNVD: CNNVD-201805-517 // NVD: CVE-2018-10731

REFERENCES

url:	https://cert.vde.com/de-de/advisories/vde-2018-007	Trust: 2.4
url:	https://ics-cert.us-cert.gov/advisories/icsa-18-137-02	Trust: 2.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-10731	Trust: 1.4
url:	http://www.securityfocus.com/bid/104231	Trust: 1.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10731	Trust: 0.8
url:	https://www.phoenixcontact.com/online/portal/pc	Trust: 0.3

sources: CNVD: CNVD-2018-14414 // BID: 104231 // JVNDB: JVNDB-2018-005167 // CNNVD: CNNVD-201805-517 // NVD: CVE-2018-10731

CREDITS

ERT@VDE working with Vyacheslav Moskvin, Semen Sokolov, Evgeniy Druzhinin, Georgy Zaytsev and Ilya Karpov of Positive Technologies and PHOENIX CONTACT.

Trust: 0.3

sources: BID: 104231

SOURCES

db:	CNVD	id:	CNVD-2018-14414
db:	BID	id:	104231
db:	JVNDB	id:	JVNDB-2018-005167
db:	CNNVD	id:	CNNVD-201805-517
db:	NVD	id:	CVE-2018-10731

LAST UPDATE DATE

2024-11-23T22:17:30.214000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-14414	date:	2018-08-01T00:00:00
db:	BID	id:	104231	date:	2018-05-17T00:00:00
db:	JVNDB	id:	JVNDB-2018-005167	date:	2018-07-09T00:00:00
db:	CNNVD	id:	CNNVD-201805-517	date:	2018-05-23T00:00:00
db:	NVD	id:	CVE-2018-10731	date:	2024-11-21T03:41:56.613

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-14414	date:	2018-08-01T00:00:00
db:	BID	id:	104231	date:	2018-05-17T00:00:00
db:	JVNDB	id:	JVNDB-2018-005167	date:	2018-07-09T00:00:00
db:	CNNVD	id:	CNNVD-201805-517	date:	2018-05-17T00:00:00
db:	NVD	id:	CVE-2018-10731	date:	2018-05-17T19:29:00.447