#VU10010 Privilege escalation in Phoenix Contact GmbH Hardware solutions


Published: 2018-01-16

Vulnerability identifier: #VU10010

Vulnerability risk: Low

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-16743

CWE-ID: CWE-285

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
FL SWITCH 4000T-8POE-2SFP-R
Hardware solutions / Routers & switches, VoIP, GSM, etc
FL SWITCH 3012E-2FX SM
Hardware solutions / Routers & switches, VoIP, GSM, etc
FL SWITCH 4800E-24FX SM-4GC
Hardware solutions / Routers & switches, VoIP, GSM, etc
FL SWITCH 4800E-24FX-4GC
Hardware solutions / Routers & switches, VoIP, GSM, etc
FL SWITCH 4824E-4GC
Hardware solutions / Routers & switches, VoIP, GSM, etc
FL SWITCH 4012T-2GT-2FX ST
Hardware solutions / Routers & switches, VoIP, GSM, etc
FL SWITCH 4012T 2GT 2FX
Hardware solutions / Routers & switches, VoIP, GSM, etc
FL SWITCH 4808E-16FX SM LC-4GC
Hardware solutions / Routers & switches, VoIP, GSM, etc
FL SWITCH 4808E-16FX-4GC
Hardware solutions / Routers & switches, VoIP, GSM, etc
FL SWITCH 4808E-16FX ST-4GC
Hardware solutions / Routers & switches, VoIP, GSM, etc
FL SWITCH 4808E-16FX SM ST-4GC
Hardware solutions / Routers & switches, VoIP, GSM, etc
FL SWITCH 4808E-16FX SM-4GC
Hardware solutions / Routers & switches, VoIP, GSM, etc
FL SWITCH 4808E-16FX LC-4GC
Hardware solutions / Routers & switches, VoIP, GSM, etc
FL SWITCH 4008T-2GT-3FX SM
Hardware solutions / Routers & switches, VoIP, GSM, etc
FL SWITCH 4008T-2GT-4FX SM
Hardware solutions / Routers & switches, VoIP, GSM, etc
FL SWITCH 4008T-2SFP
Hardware solutions / Routers & switches, VoIP, GSM, etc
FL SWITCH 3006T-2FX SM
Hardware solutions / Routers & switches, VoIP, GSM, etc
FL SWITCH 3016T
Hardware solutions / Routers & switches, VoIP, GSM, etc
FL SWITCH 3016
Hardware solutions / Routers & switches, VoIP, GSM, etc
FL SWITCH 3016E
Hardware solutions / Routers & switches, VoIP, GSM, etc
FL SWITCH 3012E-2SFX
Hardware solutions / Routers & switches, VoIP, GSM, etc
FL SWITCH 3006T-2FX ST
Hardware solutions / Routers & switches, VoIP, GSM, etc
FL SWITCH 3006T-2FX
Hardware solutions / Routers & switches, VoIP, GSM, etc
FL SWITCH 3008T
Hardware solutions / Routers & switches, VoIP, GSM, etc
FL SWITCH 3008
Hardware solutions / Routers & switches, VoIP, GSM, etc
FL SWITCH 3004T-FX ST
Hardware solutions / Routers & switches, VoIP, GSM, etc
FL SWITCH 3004T-FX
Hardware solutions / Routers & switches, VoIP, GSM, etc
FL SWITCH 3005T
Hardware solutions / Routers & switches, VoIP, GSM, etc
FL SWITCH 3005
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vendor: Phoenix Contact GmbH

Description
The vulnerability allows a remote attacker to gain elevated privileges.

The weakness exists due to improper authorization. A remote attacker can send a specially crafted HTTP request, bypass authentication and gain administrative privileges on the target device.

Mitigation
Update to version 1.33.

Vulnerable software versions

FL SWITCH 4000T-8POE-2SFP-R: All versions

FL SWITCH 3012E-2FX SM: All versions

FL SWITCH 4800E-24FX SM-4GC: All versions

FL SWITCH 4800E-24FX-4GC: All versions

FL SWITCH 4824E-4GC: All versions

FL SWITCH 4012T-2GT-2FX ST: All versions

FL SWITCH 4012T 2GT 2FX: All versions

FL SWITCH 4808E-16FX SM LC-4GC: All versions

FL SWITCH 4808E-16FX-4GC: All versions

FL SWITCH 4808E-16FX ST-4GC: All versions

FL SWITCH 4808E-16FX SM ST-4GC: All versions

FL SWITCH 4808E-16FX SM-4GC: All versions

FL SWITCH 4808E-16FX LC-4GC: All versions

FL SWITCH 4008T-2GT-3FX SM: All versions

FL SWITCH 4008T-2GT-4FX SM: All versions

FL SWITCH 4008T-2SFP: All versions

FL SWITCH 3006T-2FX SM: All versions

FL SWITCH 3016T: All versions

FL SWITCH 3016: All versions

FL SWITCH 3016E: All versions

FL SWITCH 3012E-2SFX: All versions

FL SWITCH 3006T-2FX ST: All versions

FL SWITCH 3006T-2FX: All versions

FL SWITCH 3008T: All versions

FL SWITCH 3008: All versions

FL SWITCH 3004T-FX ST: All versions

FL SWITCH 3004T-FX: All versions

FL SWITCH 3005T: All versions

FL SWITCH 3005: All versions

External links
http://ics-cert.us-cert.gov/advisories/ICSA-18-011-03

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in PHOENIX CONTACT FL SWITCH