CVE-2018-10729

MEDIUM

Phoenix Contact FL SWITCH 3xxx/4xxx/48xx < 1.33 - Sensitive Information Exposure

Title source: llm
STIX 2.1

Description

All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 allow reading the configuration file by an unauthenticated user.

References (3)

Core 3
Core References
Patch, Third Party Advisory x_refsource_confirm
https://cert.vde.com/de-de/advisories/vde-2018-005
Patch, Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-18-137-02
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/104231

Scores

CVSS v3 5.3
EPSS 0.0191
EPSS Percentile 77.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-200
Status published
Products (29)
phoenixcontact/fl_switch_3004t-fx_firmware 1.0 - 1.33
phoenixcontact/fl_switch_3004t-fx_st_firmware 1.0 - 1.33
phoenixcontact/fl_switch_3005_firmware 1.0 - 1.33
phoenixcontact/fl_switch_3005t_firmware 1.0 - 1.33
phoenixcontact/fl_switch_3006t-2fx_firmware 1.0 - 1.33
phoenixcontact/fl_switch_3006t-2fx_sm_firmware 1.0 - 1.33
phoenixcontact/fl_switch_3006t-2fx_st_firmware 1.0 - 1.33
phoenixcontact/fl_switch_3008_firmware 1.0 - 1.33
phoenixcontact/fl_switch_3008t_firmware 1.0 - 1.33
phoenixcontact/fl_switch_3012e-2fx_sm_firmware 1.0 - 1.33
... and 19 more
Published May 17, 2018
Tracked Since Feb 18, 2026