Details of VAR-201805-0723

ID

VAR-201805-0723

CVE

CVE-2018-10730

TITLE

Phoenix Contact managed FL SWITCH Command injection vulnerability

Trust: 0.8

sources: IVD: e2effbc0-39ab-11e9-986e-000c29342cb1 // CNVD: CNVD-2018-10151

DESCRIPTION

All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to OS command injection. PhoenixContact is a German provider of industrial automation, connectivity and interface solutions for critical infrastructure applications such as communications, critical manufacturing and information technology. PhoenixContactmanagedFLSWITCH has a command injection vulnerability. If the configuration file can be transferred to the switch or transferred from the switch, the attacker can upgrade the firmware to execute any OSshell command. An OS command-execution vulnerability 2. An information-disclosure vulnerability 3. Multiple stack-based buffer-overflow vulnerabilities Attackers can exploit these issues to execute arbitrary code, execute arbitrary OS commands, obtain sensitive information, and perform unauthorized actions. Failed exploit attempts will likely cause a denial-of-service condition

Trust: 2.61

sources: NVD: CVE-2018-10730 // JVNDB: JVNDB-2018-005112 // CNVD: CNVD-2018-10151 // BID: 104231 // IVD: e2effbc0-39ab-11e9-986e-000c29342cb1

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: e2effbc0-39ab-11e9-986e-000c29342cb1 // CNVD: CNVD-2018-10151

AFFECTED PRODUCTS

vendor:	phoenixcontact	model:	fl switch 4000t-8poe-2sfp-r	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3008t	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4008t-2sfp	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4808e-16fx lc-4gc	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4808e-16fx sm lc-4gc	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4012t-2gt-2fx st	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3016	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3016	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3004t-fx	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3006t-2fx	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3008	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4808e-16fx st-4gc	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4012t-2gt-2fx st	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3005t	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3016e	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4008t-2gt-4fx sm	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4800e-24fx-4gc	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3006t-2fx	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4808e-16fx lc-4gc	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4012t 2gt 2fx	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3012e-2fx sm	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3016e	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4824e-4gc	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4012t 2gt 2fx	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4800e-24fx-4gc	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4808e-16fx st-4gc	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4808e-16fx sm-4gc	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4008t-2gt-3fx sm	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3005	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3016t	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4008t-2gt-4fx sm	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3005	scope:	gt	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3004t-fx st	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4808e-16fx sm-4gc	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4800e-24fx sm-4gc	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3012e-2sfx	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4808e-16fx-4gc	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4008t-2gt-3fx sm	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3012e-2fx sm	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3004t-fx st	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4824e-4gc	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4800e-24fx sm-4gc	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4000t-8poe-2sfp-r	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3006t-2fx st	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3016t	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3008t	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3006t-2fx sm	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4008t-2sfp	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3008	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4808e-16fx sm lc-4gc	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3006t-2fx sm	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4808e-16fx sm st-4gc	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3004t-fx	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3006t-2fx st	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4808e-16fx-4gc	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3012e-2sfx	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4808e-16fx sm st-4gc	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3005t	scope:	lte	version:	1.33	Trust: 1.0
vendor:	phoenix contact	model:	fl switch 3004t-fx st	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 3004t-fx	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 3005	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 3005t	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 3006t-2fx sm	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 3006t-2fx st	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 3006t-2fx	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 3008	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 3008t	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 3012e-2fx sm	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 3012e-2sfx	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 3016	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 3016e	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 3016t	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 4000t-8poe-2sfp-r	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 4008t-2gt-3fx sm	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 4008t-2gt-4fx sm	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 4008t-2sfp	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 4012t 2gt 2fx	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 4012t-2gt-2fx st	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 4800e-24fx sm-4gc	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 4800e-24fx-4gc	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 4808e-16fx lc-4gc	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 4808e-16fx sm lc-4gc	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 4808e-16fx sm st-4gc	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 4808e-16fx sm-4gc	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 4808e-16fx st-4gc	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 4808e-16fx-4gc	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 4824e-4gc	scope:	eq	version:	1.0 to 1.33	Trust: 0.8
vendor:	phoenix	model:	contact fl switch	scope:	eq	version:	3xxx>=1.0,<=1.32	Trust: 0.6
vendor:	phoenix	model:	contact fl switch	scope:	eq	version:	4xxx>=1.0,<=1.32	Trust: 0.6
vendor:	phoenix	model:	contact fl switch series	scope:	eq	version:	48xxx>=1.0,<=1.32	Trust: 0.6
vendor:	phoenix	model:	contact fl switch series	scope:	eq	version:	4xxx1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch series	scope:	eq	version:	4xxx1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch series	scope:	eq	version:	48xx1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch series	scope:	eq	version:	48xx1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4824e-4gc	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4824e-4gc	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4808e-16fx-4gc	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4808e-16fx-4gc	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4808e-16fx st-4gc	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4808e-16fx st-4gc	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4808e-16fx sm-4gc	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4808e-16fx sm-4gc	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4808e-16fx sm st-4gc	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4808e-16fx sm st-4gc	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4808e-16fx sm lc-4gc	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4808e-16fx sm lc-4gc	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4808e-16fx lc-4gc	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4808e-16fx lc-4gc	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4800e-24fx-4gc	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4800e-24fx-4gc	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4800e-24fx sm-4gc	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4800e-24fx sm-4gc	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4012t-2gt-2fx st	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4012t-2gt-2fx st	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4012t 2gt 2fx	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4012t 2gt 2fx	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4008t-2sfp	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4008t-2sfp	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4008t-2gt-4fx sm	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4008t-2gt-4fx sm	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4008t-2gt-3fx sm	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4008t-2gt-3fx sm	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4000t-8poe-2sfp-r	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4000t-8poe-2sfp-r	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch series	scope:	eq	version:	3xxx1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch series	scope:	eq	version:	3xxx1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3016t	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3016t	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3016e	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3016e	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch	scope:	eq	version:	30161.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch	scope:	eq	version:	30161.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3012e-2sfx	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3012e-2sfx	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3012e-2fx sm	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3012e-2fx sm	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3008t	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3008t	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch	scope:	eq	version:	30081.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch	scope:	eq	version:	30081.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3006t-2fx st	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3006t-2fx st	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3006t-2fx sm	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3006t-2fx sm	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3006t-2fx	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3006t-2fx	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3005t	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3005t	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch	scope:	eq	version:	30051.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch	scope:	eq	version:	30051.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3004t-fx st	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3004t-fx st	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3004t-fx	scope:	eq	version:	1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3004t-fx	scope:	eq	version:	1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4824e-4gc	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4808e-16fx-4gc	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4808e-16fx st-4gc	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4808e-16fx sm-4gc	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4808e-16fx sm st-4gc	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4808e-16fx sm lc-4gc	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4800e-24fx-4gc	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4800e-24fx sm-4gc	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4012t-2gt-2fx st	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4012t 2gt 2fx	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4008t-2sfp	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4008t-2gt-4fx sm	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4008t-2gt-3fx sm	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 4000t-8poe-2sfp-r	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3016t	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3016e	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch	scope:	ne	version:	30161.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3012e-2sfx	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3012e-2fx sm	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3008t	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch	scope:	ne	version:	30081.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3006t-2fx sm	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3006t-2fx	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3005t	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch	scope:	ne	version:	30051.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3004t-fx st	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch 3004t-fx	scope:	ne	version:	1.34	Trust: 0.3
vendor:	phoenix	model:	contact fl switch -4804g8ce-16fx lc	scope:	ne	version:	1.34	Trust: 0.3
vendor:	fl switch 3005	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	fl switch 3016e	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	fl switch 3016	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	fl switch 3016t	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	fl switch 3006t 2fx sm	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	fl switch 4008t 2sfp	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	fl switch 4008t 2gt 4fx sm	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	fl switch 4008t 2gt 3fx sm	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	fl switch 4808e 16fx lc 4gc	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	fl switch 4808e 16fx sm 4gc	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	fl switch 4808e 16fx sm st 4gc	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	fl switch 3005t	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	fl switch 4808e 16fx st 4gc	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	fl switch 4808e 16fx 4gc	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	fl switch 4808e 16fx sm lc 4gc	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	fl switch 4012t 2gt 2fx	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	fl switch 4012t 2gt 2fx st	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	fl switch 4824e 4gc	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	fl switch 4800e 24fx 4gc	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	fl switch 4800e 24fx sm 4gc	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	fl switch 3012e 2fx sm	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	fl switch 4000t 8poe 2sfp r	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	fl switch 3004t fx	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	fl switch 3004t fx st	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	fl switch 3008	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	fl switch 3008t	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	fl switch 3006t 2fx	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	fl switch 3006t 2fx st	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	fl switch 3012e 2sfx	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: e2effbc0-39ab-11e9-986e-000c29342cb1 // CNVD: CNVD-2018-10151 // BID: 104231 // JVNDB: JVNDB-2018-005112 // NVD: CVE-2018-10730

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-10730
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-10730
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2018-10151
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201805-518
value:	CRITICAL
Trust: 0.6
IVD:	e2effbc0-39ab-11e9-986e-000c29342cb1
value:	CRITICAL
Trust: 0.2

nvd@nist.gov:	CVE-2018-10730
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-10151
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2effbc0-39ab-11e9-986e-000c29342cb1
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2018-10730
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.3
impactScore:	6.0
version:	3.0
Trust: 1.8

sources: IVD: e2effbc0-39ab-11e9-986e-000c29342cb1 // CNVD: CNVD-2018-10151 // JVNDB: JVNDB-2018-005112 // CNNVD: CNNVD-201805-518 // NVD: CVE-2018-10730

PROBLEMTYPE DATA

problemtype:

CWE-78

Trust: 1.8

sources: JVNDB: JVNDB-2018-005112 // NVD: CVE-2018-10730

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201805-518

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201805-518

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-005112

PATCH

title:	トップページ	url:	https://www.phoenixcontact.com/online/portal/jp	Trust: 0.8
title:	Patch for the PhoenixContactmanagedFLSWITCH command injection vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/130053	Trust: 0.6
title:	FL SWITCH 3xxx , 4xxx and 48xxx Series Product Command Injection Vulnerability Fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83450	Trust: 0.6

sources: CNVD: CNVD-2018-10151 // JVNDB: JVNDB-2018-005112 // CNNVD: CNNVD-201805-518

EXTERNAL IDS

db:	NVD	id:	CVE-2018-10730	Trust: 3.5
db:	CERT@VDE	id:	VDE-2018-004	Trust: 3.0
db:	ICS CERT	id:	ICSA-18-137-02	Trust: 2.7
db:	BID	id:	104231	Trust: 1.3
db:	CNVD	id:	CNVD-2018-10151	Trust: 0.8
db:	CNNVD	id:	CNNVD-201805-518	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-005112	Trust: 0.8
db:	IVD	id:	E2EFFBC0-39AB-11E9-986E-000C29342CB1	Trust: 0.2

sources: IVD: e2effbc0-39ab-11e9-986e-000c29342cb1 // CNVD: CNVD-2018-10151 // BID: 104231 // JVNDB: JVNDB-2018-005112 // CNNVD: CNNVD-201805-518 // NVD: CVE-2018-10730

REFERENCES

url:	https://cert.vde.com/de-de/advisories/vde-2018-004	Trust: 3.0
url:	https://ics-cert.us-cert.gov/advisories/icsa-18-137-02	Trust: 2.7
url:	http://www.securityfocus.com/bid/104231	Trust: 1.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10730	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-10730	Trust: 0.8
url:	https://www.phoenixcontact.com/online/portal/pc	Trust: 0.3

sources: CNVD: CNVD-2018-10151 // BID: 104231 // JVNDB: JVNDB-2018-005112 // CNNVD: CNNVD-201805-518 // NVD: CVE-2018-10730

CREDITS

ERT@VDE working with Vyacheslav Moskvin, Semen Sokolov, Evgeniy Druzhinin, Georgy Zaytsev and Ilya Karpov of Positive Technologies and PHOENIX CONTACT.

Trust: 0.3

sources: BID: 104231

SOURCES

db:	IVD	id:	e2effbc0-39ab-11e9-986e-000c29342cb1
db:	CNVD	id:	CNVD-2018-10151
db:	BID	id:	104231
db:	JVNDB	id:	JVNDB-2018-005112
db:	CNNVD	id:	CNNVD-201805-518
db:	NVD	id:	CVE-2018-10730

LAST UPDATE DATE

2024-11-23T22:17:30.174000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-10151	date:	2018-05-23T00:00:00
db:	BID	id:	104231	date:	2018-05-17T00:00:00
db:	JVNDB	id:	JVNDB-2018-005112	date:	2018-07-06T00:00:00
db:	CNNVD	id:	CNNVD-201805-518	date:	2018-05-23T00:00:00
db:	NVD	id:	CVE-2018-10730	date:	2024-11-21T03:41:56.450

SOURCES RELEASE DATE

db:	IVD	id:	e2effbc0-39ab-11e9-986e-000c29342cb1	date:	2018-05-23T00:00:00
db:	CNVD	id:	CNVD-2018-10151	date:	2018-05-23T00:00:00
db:	BID	id:	104231	date:	2018-05-17T00:00:00
db:	JVNDB	id:	JVNDB-2018-005112	date:	2018-07-06T00:00:00
db:	CNNVD	id:	CNNVD-201805-518	date:	2018-05-17T00:00:00
db:	NVD	id:	CVE-2018-10730	date:	2018-05-17T19:29:00.400