CVE-2018-10731

CRITICAL

Phoenix Contact FL SWITCH 3xxx/4xxx/48xx Firmware < 1.33 - Buffer Overflow via Large Cookie

Title source: llm
STIX 2.1

Description

All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to buffer overflows when handling very large cookies (a different vulnerability than CVE-2018-10728).

References (3)

Core 3
Core References
Patch, Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-18-137-02
Patch, Third Party Advisory x_refsource_confirm
https://cert.vde.com/de-de/advisories/vde-2018-007
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/104231

Scores

CVSS v3 9.0
EPSS 0.0277
EPSS Percentile 84.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (29)
phoenixcontact/fl_switch_3004t-fx_firmware 1.0 - 1.33
phoenixcontact/fl_switch_3004t-fx_st_firmware 1.0 - 1.33
phoenixcontact/fl_switch_3005_firmware 1.0 - 1.33
phoenixcontact/fl_switch_3005t_firmware 1.0 - 1.33
phoenixcontact/fl_switch_3006t-2fx_firmware 1.0 - 1.33
phoenixcontact/fl_switch_3006t-2fx_sm_firmware 1.0 - 1.33
phoenixcontact/fl_switch_3006t-2fx_st_firmware 1.0 - 1.33
phoenixcontact/fl_switch_3008_firmware 1.0 - 1.33
phoenixcontact/fl_switch_3008t_firmware 1.0 - 1.33
phoenixcontact/fl_switch_3012e-2fx_sm_firmware 1.0 - 1.33
... and 19 more
Published May 17, 2018
Tracked Since Feb 18, 2026