Details of VAR-201805-0721

ID

VAR-201805-0721

CVE

CVE-2018-10728

TITLE

Phoenix Contact managed FL SWITCH Buffer Overflow Vulnerability

Trust: 0.8

sources: IVD: e2efd4b0-39ab-11e9-8585-000c29342cb1 // CNVD: CNVD-2018-10149

DESCRIPTION

All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to buffer overflows (a different vulnerability than CVE-2018-10731). plural Phoenix Contact FL SWITCH The product contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PhoenixContact is a German provider of industrial automation, connectivity and interface solutions for critical infrastructure applications such as communications, critical manufacturing and information technology. PhoenixContactmanagedFLSWITCH has a buffer overflow vulnerability that allows an attacker to insert a specially crafted cookie into a GET request to cause a buffer overflow, thereby triggering a denial of service attack and executing arbitrary code. An OS command-execution vulnerability 2. An information-disclosure vulnerability 3. Multiple stack-based buffer-overflow vulnerabilities Attackers can exploit these issues to execute arbitrary code, execute arbitrary OS commands, obtain sensitive information, and perform unauthorized actions. Failed exploit attempts will likely cause a denial-of-service condition

Trust: 2.61

sources: NVD: CVE-2018-10728 // JVNDB: JVNDB-2018-005165 // CNVD: CNVD-2018-10149 // BID: 104231 // IVD: e2efd4b0-39ab-11e9-8585-000c29342cb1

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: e2efd4b0-39ab-11e9-8585-000c29342cb1 // CNVD: CNVD-2018-10149

AFFECTED PRODUCTS

vendor:	phoenixcontact	model:	fl switch 4000t-8poe-2sfp-r	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3008t	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4008t-2sfp	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4808e-16fx lc-4gc	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4808e-16fx sm lc-4gc	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4012t-2gt-2fx st	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3016	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3016	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3004t-fx	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3006t-2fx	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3008	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4808e-16fx st-4gc	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4012t-2gt-2fx st	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3005t	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3016e	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4008t-2gt-4fx sm	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4800e-24fx-4gc	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3006t-2fx	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4808e-16fx lc-4gc	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4012t 2gt 2fx	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3012e-2fx sm	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3016e	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4824e-4gc	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4012t 2gt 2fx	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4800e-24fx-4gc	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4808e-16fx st-4gc	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4808e-16fx sm-4gc	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4008t-2gt-3fx sm	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3005	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3016t	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4008t-2gt-4fx sm	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3005	scope:	gt	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3004t-fx st	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4808e-16fx sm-4gc	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4800e-24fx sm-4gc	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3012e-2sfx	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4808e-16fx-4gc	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4008t-2gt-3fx sm	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3012e-2fx sm	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3004t-fx st	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4824e-4gc	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4800e-24fx sm-4gc	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4000t-8poe-2sfp-r	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3006t-2fx st	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3016t	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3008t	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3006t-2fx sm	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4008t-2sfp	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3008	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4808e-16fx sm lc-4gc	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3006t-2fx sm	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4808e-16fx sm st-4gc	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3004t-fx	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3006t-2fx st	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4808e-16fx-4gc	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3012e-2sfx	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4808e-16fx sm st-4gc	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3005t	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenix contact	model:	fl switch 3004t-fx st	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 3004t-fx	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 3005	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 3005t	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 3006t-2fx sm	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 3006t-2fx st	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 3006t-2fx	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 3008	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 3008t	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 3012e-2fx sm	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 3012e-2sfx	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 3016	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 3016e	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 3016t	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 4000t-8poe-2sfp-r	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 4008t-2gt-3fx sm	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 4008t-2gt-4fx sm	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 4008t-2sfp	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 4012t 2gt 2fx	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 4012t-2gt-2fx st	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 4800e-24fx sm-4gc	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 4800e-24fx-4gc	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 4808e-16fx lc-4gc	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 4808e-16fx sm lc-4gc	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 4808e-16fx sm st-4gc	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 4808e-16fx sm-4gc	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 4808e-16fx st-4gc	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 4808e-16fx-4gc	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 4824e-4gc	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix	model:	contact fl switch	scope:	eq	version:	3xxx>=1.0,<=1.32	Trust: 0.6
vendor:	phoenix	model:	contact fl switch	scope:	eq	version:	4xxx>=1.0,<=1.32	Trust: 0.6
vendor:	phoenix	model:	contact fl switch series	scope:	eq	version:	48xxx>=1.0,<=1.32	Trust: 0.6
vendor:	phoenix	model:	contact fl switch series	scope:	eq	version:	4xxx1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch series	scope:	eq	version:	4xxx1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch series	scope:	eq	version:	48xx1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch series	scope:	eq	version:	48xx1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4824e-4gc	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4824e-4gc	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4808e-16fx-4gc	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4808e-16fx-4gc	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4808e-16fx st-4gc	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4808e-16fx st-4gc	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4808e-16fx sm-4gc	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4808e-16fx sm-4gc	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4808e-16fx sm st-4gc	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4808e-16fx sm st-4gc	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4808e-16fx sm lc-4gc	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4808e-16fx sm lc-4gc	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4808e-16fx lc-4gc	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4808e-16fx lc-4gc	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4800e-24fx-4gc	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4800e-24fx-4gc	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4800e-24fx sm-4gc	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4800e-24fx sm-4gc	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4012t-2gt-2fx st	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4012t-2gt-2fx st	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4012t 2gt 2fx	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4012t 2gt 2fx	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4008t-2sfp	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4008t-2sfp	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4008t-2gt-4fx sm	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4008t-2gt-4fx sm	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4008t-2gt-3fx sm	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4008t-2gt-3fx sm	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4000t-8poe-2sfp-r	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4000t-8poe-2sfp-r	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch series	scope:	eq	version:	3xxx1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch series	scope:	eq	version:	3xxx1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3016t	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3016t	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3016e	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3016e	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch	scope:	eq	version:	30161.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch	scope:	eq	version:	30161.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3012e-2sfx	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3012e-2sfx	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3012e-2fx sm	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3012e-2fx sm	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3008t	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3008t	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch	scope:	eq	version:	30081.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch	scope:	eq	version:	30081.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3006t-2fx st	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3006t-2fx st	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3006t-2fx sm	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3006t-2fx sm	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3006t-2fx	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3006t-2fx	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3005t	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3005t	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch	scope:	eq	version:	30051.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch	scope:	eq	version:	30051.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3004t-fx st	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3004t-fx st	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3004t-fx	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3004t-fx	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4824e-4gc	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4808e-16fx-4gc	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4808e-16fx st-4gc	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4808e-16fx sm-4gc	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4808e-16fx sm st-4gc	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4808e-16fx sm lc-4gc	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4800e-24fx-4gc	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4800e-24fx sm-4gc	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4012t-2gt-2fx st	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4012t 2gt 2fx	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4008t-2sfp	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4008t-2gt-4fx sm	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4008t-2gt-3fx sm	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4000t-8poe-2sfp-r	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3016t	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3016e	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch	scope:	ne	version:	30161.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3012e-2sfx	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3012e-2fx sm	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3008t	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch	scope:	ne	version:	30081.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3006t-2fx sm	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3006t-2fx	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3005t	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch	scope:	ne	version:	30051.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3004t-fx st	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3004t-fx	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch -4804g8ce-16fx lc	scope:	ne	version:	1.34	Trust: 0.3
vendor:	fl switch 3005	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	fl switch 3016e	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	fl switch 3016	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	fl switch 3016t	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	fl switch 3006t 2fx sm	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	fl switch 4008t 2sfp	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	fl switch 4008t 2gt 4fx sm	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	fl switch 4008t 2gt 3fx sm	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	fl switch 4808e 16fx lc 4gc	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	fl switch 4808e 16fx sm 4gc	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	fl switch 4808e 16fx sm st 4gc	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	fl switch 3005t	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	fl switch 4808e 16fx st 4gc	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	fl switch 4808e 16fx 4gc	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	fl switch 4808e 16fx sm lc 4gc	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	fl switch 4012t 2gt 2fx	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	fl switch 4012t 2gt 2fx st	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	fl switch 4824e 4gc	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	fl switch 4800e 24fx 4gc	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	fl switch 4800e 24fx sm 4gc	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	fl switch 3012e 2fx sm	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	fl switch 4000t 8poe 2sfp r	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	fl switch 3004t fx	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	fl switch 3004t fx st	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	fl switch 3008	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	fl switch 3008t	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	fl switch 3006t 2fx	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	fl switch 3006t 2fx st	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	fl switch 3012e 2sfx	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: e2efd4b0-39ab-11e9-8585-000c29342cb1 // CNVD: CNVD-2018-10149 // BID: 104231 // JVNDB: JVNDB-2018-005165 // NVD: CVE-2018-10728

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-10728
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-10728
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2018-10149
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201805-520
value:	MEDIUM
Trust: 0.6
IVD:	e2efd4b0-39ab-11e9-8585-000c29342cb1
value:	MEDIUM
Trust: 0.2

nvd@nist.gov:	CVE-2018-10728
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-10149
severity:	HIGH
baseScore:	7.6
vectorString:	AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	4.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2efd4b0-39ab-11e9-8585-000c29342cb1
severity:	HIGH
baseScore:	7.6
vectorString:	AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	4.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2018-10728
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: IVD: e2efd4b0-39ab-11e9-8585-000c29342cb1 // CNVD: CNVD-2018-10149 // JVNDB: JVNDB-2018-005165 // CNNVD: CNNVD-201805-520 // NVD: CVE-2018-10728

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2018-005165 // NVD: CVE-2018-10728

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201805-520

TYPE

Buffer overflow

Trust: 0.8

sources: IVD: e2efd4b0-39ab-11e9-8585-000c29342cb1 // CNNVD: CNNVD-201805-520

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-005165

PATCH

title:	Top Page	url:	https://www.phoenixcontact.com/online/portal/pc	Trust: 0.8
title:	Patch for PhoenixContactmanagedFLSWITCH Buffer Overflow Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/130067	Trust: 0.6
title:	PHOENIX CONTACT FL SWITCH 3xxx , 4xxx and 48xxx Series Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83452	Trust: 0.6

sources: CNVD: CNVD-2018-10149 // JVNDB: JVNDB-2018-005165 // CNNVD: CNNVD-201805-520

EXTERNAL IDS

db:	NVD	id:	CVE-2018-10728	Trust: 3.5
db:	CERT@VDE	id:	VDE-2018-006	Trust: 3.0
db:	ICS CERT	id:	ICSA-18-137-02	Trust: 2.7
db:	BID	id:	104231	Trust: 1.3
db:	CNVD	id:	CNVD-2018-10149	Trust: 0.8
db:	CNNVD	id:	CNNVD-201805-520	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-005165	Trust: 0.8
db:	IVD	id:	E2EFD4B0-39AB-11E9-8585-000C29342CB1	Trust: 0.2

sources: IVD: e2efd4b0-39ab-11e9-8585-000c29342cb1 // CNVD: CNVD-2018-10149 // BID: 104231 // JVNDB: JVNDB-2018-005165 // CNNVD: CNNVD-201805-520 // NVD: CVE-2018-10728

REFERENCES

url:	https://cert.vde.com/de-de/advisories/vde-2018-006	Trust: 3.0
url:	https://ics-cert.us-cert.gov/advisories/icsa-18-137-02	Trust: 2.7
url:	http://www.securityfocus.com/bid/104231	Trust: 1.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10728	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-10728	Trust: 0.8
url:	https://www.phoenixcontact.com/online/portal/pc	Trust: 0.3

sources: CNVD: CNVD-2018-10149 // BID: 104231 // JVNDB: JVNDB-2018-005165 // CNNVD: CNNVD-201805-520 // NVD: CVE-2018-10728

CREDITS

ERT@VDE working with Vyacheslav Moskvin, Semen Sokolov, Evgeniy Druzhinin, Georgy Zaytsev and Ilya Karpov of Positive Technologies and PHOENIX CONTACT.

Trust: 0.3

sources: BID: 104231

SOURCES

db:	IVD	id:	e2efd4b0-39ab-11e9-8585-000c29342cb1
db:	CNVD	id:	CNVD-2018-10149
db:	BID	id:	104231
db:	JVNDB	id:	JVNDB-2018-005165
db:	CNNVD	id:	CNNVD-201805-520
db:	NVD	id:	CVE-2018-10728

LAST UPDATE DATE

2024-11-23T22:17:30.095000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-10149	date:	2018-05-23T00:00:00
db:	BID	id:	104231	date:	2018-05-17T00:00:00
db:	JVNDB	id:	JVNDB-2018-005165	date:	2018-07-09T00:00:00
db:	CNNVD	id:	CNNVD-201805-520	date:	2018-05-23T00:00:00
db:	NVD	id:	CVE-2018-10728	date:	2024-11-21T03:41:56.097

SOURCES RELEASE DATE

db:	IVD	id:	e2efd4b0-39ab-11e9-8585-000c29342cb1	date:	2018-05-23T00:00:00
db:	CNVD	id:	CNVD-2018-10149	date:	2018-05-23T00:00:00
db:	BID	id:	104231	date:	2018-05-17T00:00:00
db:	JVNDB	id:	JVNDB-2018-005165	date:	2018-07-09T00:00:00
db:	CNNVD	id:	CNNVD-201805-520	date:	2018-05-17T00:00:00
db:	NVD	id:	CVE-2018-10728	date:	2018-05-17T19:29:00.307