| Title | PHOENIX CONTACT FL SWITCH の複数のシリーズの製品のファームウェアにおける OS コマンドインジェクションの脆弱性 |
|---|---|
| Summary | PHOENIX CONTACT FL SWITCH の 3xxx、4xxx、および 48xxx シリーズの製品のファームウェアには、OS コマンドインジェクションの脆弱性が存在します。 |
| Possible impacts | 情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。 |
| Solution | ベンダ情報および参考情報を参照して適切な対策を実施してください。 |
| Publication Date | May 16, 2018, midnight |
| Registration Date | July 6, 2018, 4:52 p.m. |
| Last Update | July 6, 2018, 4:52 p.m. |
| CVSS3.0 : 緊急 | |
| Score | 9.1 |
|---|---|
| Vector | CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
| CVSS2.0 : 危険 | |
| Score | 9 |
|---|---|
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
| PHOENIX CONTACT |
| FL SWITCH 3004T-FX ST ファームウェア 1.0 から 1.33 |
| FL SWITCH 3004T-FX ファームウェア 1.0 から 1.33 |
| FL SWITCH 3005 ファームウェア 1.0 から 1.33 |
| FL SWITCH 3005T ファームウェア 1.0 から 1.33 |
| FL SWITCH 3006T-2FX SM ファームウェア 1.0 から 1.33 |
| FL SWITCH 3006T-2FX ST ファームウェア 1.0 から 1.33 |
| FL SWITCH 3006T-2FX ファームウェア 1.0 から 1.33 |
| FL SWITCH 3008 ファームウェア 1.0 から 1.33 |
| FL SWITCH 3008T ファームウェア 1.0 から 1.33 |
| FL SWITCH 3012E-2FX SM ファームウェア 1.0 から 1.33 |
| FL SWITCH 3012E-2SFX ファームウェア 1.0 から 1.33 |
| FL SWITCH 3016 ファームウェア 1.0 から 1.33 |
| FL SWITCH 3016E ファームウェア 1.0 から 1.33 |
| FL SWITCH 3016T ファームウェア 1.0 から 1.33 |
| FL SWITCH 4000T-8POE-2SFP-R ファームウェア 1.0 から 1.33 |
| FL SWITCH 4008T-2GT-3FX SM ファームウェア 1.0 から 1.33 |
| FL SWITCH 4008T-2GT-4FX SM ファームウェア 1.0 から 1.33 |
| FL SWITCH 4008T-2SFP ファームウェア 1.0 から 1.33 |
| FL SWITCH 4012T 2GT 2FX ファームウェア 1.0 から 1.33 |
| FL SWITCH 4012T-2GT-2FX ST ファームウェア 1.0 から 1.33 |
| FL SWITCH 4800E-24FX SM-4GC ファームウェア 1.0 から 1.33 |
| FL SWITCH 4800E-24FX-4GC ファームウェア 1.0 から 1.33 |
| FL SWITCH 4808E-16FX LC-4GC ファームウェア 1.0 から 1.33 |
| FL SWITCH 4808E-16FX SM LC-4GC ファームウェア 1.0 から 1.33 |
| FL SWITCH 4808E-16FX SM ST-4GC ファームウェア 1.0 から 1.33 |
| FL SWITCH 4808E-16FX SM-4GC ファームウェア 1.0 から 1.33 |
| FL SWITCH 4808E-16FX ST-4GC ファームウェア 1.0 から 1.33 |
| FL SWITCH 4808E-16FX-4GC ファームウェア 1.0 から 1.33 |
| FL SWITCH 4824E-4GC ファームウェア 1.0 から 1.33 |
| No | Changed Details | Date of change |
|---|---|---|
| 1 | [2018年07月06日] 掲載 |
July 6, 2018, 4:52 p.m. |
| Summary | All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to OS command injection. |
|---|---|
| Publication Date | May 18, 2018, 4:29 a.m. |
| Registration Date | March 1, 2021, 6:43 p.m. |
| Last Update | Nov. 21, 2024, 12:41 p.m. |
| Configuration1 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_switch_3005_firmware:*:*:*:*:*:*:*:* | 1.33 | 1.0 | |||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_switch_3005:-:*:*:*:*:*:*:* | ||||
| Configuration2 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_switch_3005t_firmware:*:*:*:*:*:*:*:* | 1.0 | 1.33 | |||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_switch_3005t:-:*:*:*:*:*:*:* | ||||
| Configuration3 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_switch_3004t-fx_firmware:*:*:*:*:*:*:*:* | 1.0 | 1.33 | |||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_switch_3004t-fx:-:*:*:*:*:*:*:* | ||||
| Configuration4 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_switch_3004t-fx_st_firmware:*:*:*:*:*:*:*:* | 1.0 | 1.33 | |||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_switch_3004t-fx_st:-:*:*:*:*:*:*:* | ||||
| Configuration5 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_switch_3008_firmware:*:*:*:*:*:*:*:* | 1.0 | 1.33 | |||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_switch_3008:-:*:*:*:*:*:*:* | ||||
| Configuration6 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_switch_3008t_firmware:*:*:*:*:*:*:*:* | 1.0 | 1.33 | |||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_switch_3008t:-:*:*:*:*:*:*:* | ||||
| Configuration7 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_switch_3006t-2fx_firmware:*:*:*:*:*:*:*:* | 1.0 | 1.33 | |||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_switch_3006t-2fx:-:*:*:*:*:*:*:* | ||||
| Configuration8 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_switch_3006t-2fx_st_firmware:*:*:*:*:*:*:*:* | 1.0 | 1.33 | |||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_switch_3006t-2fx_st:-:*:*:*:*:*:*:* | ||||
| Configuration9 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_switch_3012e-2sfx_firmware:*:*:*:*:*:*:*:* | 1.0 | 1.33 | |||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_switch_3012e-2sfx:-:*:*:*:*:*:*:* | ||||
| Configuration10 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_switch_3016e_firmware:*:*:*:*:*:*:*:* | 1.0 | 1.33 | |||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_switch_3016e:-:*:*:*:*:*:*:* | ||||
| Configuration11 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_switch_3016_firmware:*:*:*:*:*:*:*:* | 1.0 | 1.33 | |||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_switch_3016:-:*:*:*:*:*:*:* | ||||
| Configuration12 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_switch_3016t_firmware:*:*:*:*:*:*:*:* | 1.0 | 1.33 | |||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_switch_3016t:-:*:*:*:*:*:*:* | ||||
| Configuration13 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_switch_3006t-2fx_sm_firmware:*:*:*:*:*:*:*:* | 1.0 | 1.33 | |||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_switch_3006t-2fx_sm:-:*:*:*:*:*:*:* | ||||
| Configuration14 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_switch_4008t-2sfp_firmware:*:*:*:*:*:*:*:* | 1.0 | 1.33 | |||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_switch_4008t-2sfp:-:*:*:*:*:*:*:* | ||||
| Configuration15 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_switch_4008t-2gt-4fx_sm_firmware:*:*:*:*:*:*:*:* | 1.0 | 1.33 | |||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_switch_4008t-2gt-4fx_sm:-:*:*:*:*:*:*:* | ||||
| Configuration16 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_switch_4008t-2gt-3fx_sm_firmware:*:*:*:*:*:*:*:* | 1.0 | 1.33 | |||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_switch_4008t-2gt-3fx_sm:-:*:*:*:*:*:*:* | ||||
| Configuration17 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_switch_4808e-16fx_lc-4gc_firmware:*:*:*:*:*:*:*:* | 1.0 | 1.33 | |||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_switch_4808e-16fx_lc-4gc:-:*:*:*:*:*:*:* | ||||
| Configuration18 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_switch_4808e-16fx_sm-4gc_firmware:*:*:*:*:*:*:*:* | 1.0 | 1.33 | |||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_switch_4808e-16fx_sm-4gc:-:*:*:*:*:*:*:* | ||||
| Configuration19 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_switch_4808e-16fx_sm_st-4gc_firmware:*:*:*:*:*:*:*:* | 1.0 | 1.33 | |||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_switch_4808e-16fx_sm_st-4gc:-:*:*:*:*:*:*:* | ||||
| Configuration20 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_switch_4808e-16fx_st-4gc_firmware:*:*:*:*:*:*:*:* | 1.0 | 1.33 | |||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_switch_4808e-16fx_st-4gc:-:*:*:*:*:*:*:* | ||||
| Configuration21 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_switch_4808e-16fx-4gc_firmware:*:*:*:*:*:*:*:* | 1.0 | 1.33 | |||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_switch_4808e-16fx-4gc:-:*:*:*:*:*:*:* | ||||
| Configuration22 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_switch_4808e-16fx_sm_lc-4gc_firmware:*:*:*:*:*:*:*:* | 1.0 | 1.33 | |||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_switch_4808e-16fx_sm_lc-4gc:-:*:*:*:*:*:*:* | ||||
| Configuration23 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_switch_4012t_2gt_2fx_firmware:*:*:*:*:*:*:*:* | 1.0 | 1.33 | |||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_switch_4012t_2gt_2fx:-:*:*:*:*:*:*:* | ||||
| Configuration24 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_switch_4012t-2gt-2fx_st_firmware:*:*:*:*:*:*:*:* | 1.0 | 1.33 | |||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_switch_4012t-2gt-2fx_st:-:*:*:*:*:*:*:* | ||||
| Configuration25 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_switch_4824e-4gc_firmware:*:*:*:*:*:*:*:* | 1.0 | 1.33 | |||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_switch_4824e-4gc:-:*:*:*:*:*:*:* | ||||
| Configuration26 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_switch_4800e-24fx-4gc_firmware:*:*:*:*:*:*:*:* | 1.0 | 1.33 | |||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_switch_4800e-24fx-4gc:-:*:*:*:*:*:*:* | ||||
| Configuration27 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_switch_4800e-24fx_sm-4gc_firmware:*:*:*:*:*:*:*:* | 1.0 | 1.33 | |||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_switch_4800e-24fx_sm-4gc:-:*:*:*:*:*:*:* | ||||
| Configuration28 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_switch_3012e-2fx_sm_firmware:*:*:*:*:*:*:*:* | 1.0 | 1.33 | |||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_switch_3012e-2fx_sm:-:*:*:*:*:*:*:* | ||||
| Configuration29 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_switch_4000t-8poe-2sfp-r_firmware:*:*:*:*:*:*:*:* | 1.0 | 1.33 | |||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_switch_4000t-8poe-2sfp-r:-:*:*:*:*:*:*:* | ||||