CVE-2018-10731

high-risk

Published 2018-05-17

All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to buffer overflows when handling very large cookies (a different vulnerability than CVE-2018-10728).

Do I need to act?

~

1.4% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

9

CVSS 9.0/10 Critical

NETWORK / HIGH complexity

Affected Products (20)

Fl Switch 3005 Firmware

Fl Switch 3005T Firmware

Fl Switch 3004T-Fx Firmware

Fl Switch 3004T-Fx St Firmware

Fl Switch 3008 Firmware

Fl Switch 3008T Firmware

Fl Switch 3006T-2Fx Firmware

Fl Switch 3006T-2Fx St Firmware

Fl Switch 3012E-2Sfx Firmware

Fl Switch 3016E Firmware

Fl Switch 3016 Firmware

Fl Switch 3016T Firmware

Fl Switch 3006T-2Fx Sm Firmware

Fl Switch 4008T-2Sfp Firmware

Fl Switch 4008T-2Gt-4Fx Sm Firmware

Fl Switch 4008T-2Gt-3Fx Sm Firmware

Fl Switch 4808E-16Fx Lc-4Gc Firmware

Fl Switch 4808E-16Fx Sm-4Gc Firmware

Fl Switch 4808E-16Fx Sm St-4Gc Firmware

Fl Switch 4808E-16Fx St-4Gc Firmware

Affected Vendors

Phoenixcontact

References (6)

Third Party Advisory http://www.securityfocus.com/bid/104231

Patch https://cert.vde.com/de-de/advisories/vde-2018-007

Patch https://ics-cert.us-cert.gov/advisories/ICSA-18-137-02

Third Party Advisory http://www.securityfocus.com/bid/104231

Patch https://cert.vde.com/de-de/advisories/vde-2018-007

Patch https://ics-cert.us-cert.gov/advisories/ICSA-18-137-02

52

/ 100

high-risk

Severity 26/34 · High

Exploitability 4/34 · Minimal

Exposure 22/34 · High