| Title | 複数の Phoenix Contact FL SWITCH 製品におけるバッファエラーの脆弱性 |
|---|---|
| Summary | 複数の Phoenix Contact FL SWITCH 製品には、バッファエラーの脆弱性が存在します。 本脆弱性は、CVE-2018-10728 とは異なる脆弱性です。 |
| Possible impacts | 情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。 |
| Solution | ベンダ情報および参考情報を参照して適切な対策を実施してください。 |
| Publication Date | May 17, 2018, midnight |
| Registration Date | July 9, 2018, 4:54 p.m. |
| Last Update | July 9, 2018, 4:54 p.m. |
| CVSS3.0 : 緊急 | |
| Score | 9 |
|---|---|
| Vector | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H |
| CVSS2.0 : 危険 | |
| Score | 9.3 |
|---|---|
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
| PHOENIX CONTACT |
| FL SWITCH 3004T-FX ST ファームウェア 1.0 から 1.33 |
| FL SWITCH 3004T-FX ファームウェア 1.0 から 1.33 |
| FL SWITCH 3005 ファームウェア 1.0 から 1.33 |
| FL SWITCH 3005T ファームウェア 1.0 から 1.33 |
| FL SWITCH 3006T-2FX SM ファームウェア 1.0 から 1.33 |
| FL SWITCH 3006T-2FX ST ファームウェア 1.0 から 1.33 |
| FL SWITCH 3006T-2FX ファームウェア 1.0 から 1.33 |
| FL SWITCH 3008 ファームウェア 1.0 から 1.33 |
| FL SWITCH 3008T ファームウェア 1.0 から 1.33 |
| FL SWITCH 3012E-2FX SM ファームウェア 1.0 から 1.33 |
| FL SWITCH 3012E-2SFX ファームウェア 1.0 から 1.33 |
| FL SWITCH 3016 ファームウェア 1.0 から 1.33 |
| FL SWITCH 3016E ファームウェア 1.0 から 1.33 |
| FL SWITCH 3016T ファームウェア 1.0 から 1.33 |
| FL SWITCH 4000T-8POE-2SFP-R ファームウェア 1.0 から 1.33 |
| FL SWITCH 4008T-2GT-3FX SM ファームウェア 1.0 から 1.33 |
| FL SWITCH 4008T-2GT-4FX SM ファームウェア 1.0 から 1.33 |
| FL SWITCH 4008T-2SFP ファームウェア 1.0 から 1.33 |
| FL SWITCH 4012T 2GT 2FX ファームウェア 1.0 から 1.33 |
| FL SWITCH 4012T-2GT-2FX ST ファームウェア 1.0 から 1.33 |
| FL SWITCH 4800E-24FX SM-4GC ファームウェア 1.0 から 1.33 |
| FL SWITCH 4800E-24FX-4GC ファームウェア 1.0 から 1.33 |
| FL SWITCH 4808E-16FX LC-4GC ファームウェア 1.0 から 1.33 |
| FL SWITCH 4808E-16FX SM LC-4GC ファームウェア 1.0 から 1.33 |
| FL SWITCH 4808E-16FX SM ST-4GC ファームウェア 1.0 から 1.33 |
| FL SWITCH 4808E-16FX SM-4GC ファームウェア 1.0 から 1.33 |
| FL SWITCH 4808E-16FX ST-4GC ファームウェア 1.0 から 1.33 |
| FL SWITCH 4808E-16FX-4GC ファームウェア 1.0 から 1.33 |
| FL SWITCH 4824E-4GC ファームウェア 1.0 から 1.33 |
| No | Changed Details | Date of change |
|---|---|---|
| 1 | [2018年07月09日] 掲載 |
July 9, 2018, 4:54 p.m. |
| Summary | All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to buffer overflows when handling very large cookies (a different vulnerability than CVE-2018-10728). |
|---|---|
| Publication Date | May 18, 2018, 4:29 a.m. |
| Registration Date | March 1, 2021, 6:43 p.m. |
| Last Update | Nov. 21, 2024, 12:41 p.m. |
| Configuration1 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_switch_3005_firmware:*:*:*:*:*:*:*:* | 1.33 | 1.0 | |||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_switch_3005:-:*:*:*:*:*:*:* | ||||
| Configuration2 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_switch_3005t_firmware:*:*:*:*:*:*:*:* | 1.0 | 1.33 | |||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_switch_3005t:-:*:*:*:*:*:*:* | ||||
| Configuration3 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_switch_3004t-fx_firmware:*:*:*:*:*:*:*:* | 1.0 | 1.33 | |||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_switch_3004t-fx:-:*:*:*:*:*:*:* | ||||
| Configuration4 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_switch_3004t-fx_st_firmware:*:*:*:*:*:*:*:* | 1.0 | 1.33 | |||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_switch_3004t-fx_st:-:*:*:*:*:*:*:* | ||||
| Configuration5 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_switch_3008_firmware:*:*:*:*:*:*:*:* | 1.0 | 1.33 | |||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_switch_3008:-:*:*:*:*:*:*:* | ||||
| Configuration6 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_switch_3008t_firmware:*:*:*:*:*:*:*:* | 1.0 | 1.33 | |||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_switch_3008t:-:*:*:*:*:*:*:* | ||||
| Configuration7 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_switch_3006t-2fx_firmware:*:*:*:*:*:*:*:* | 1.0 | 1.33 | |||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_switch_3006t-2fx:-:*:*:*:*:*:*:* | ||||
| Configuration8 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_switch_3006t-2fx_st_firmware:*:*:*:*:*:*:*:* | 1.0 | 1.33 | |||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_switch_3006t-2fx_st:-:*:*:*:*:*:*:* | ||||
| Configuration9 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_switch_3012e-2sfx_firmware:*:*:*:*:*:*:*:* | 1.0 | 1.33 | |||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_switch_3012e-2sfx:-:*:*:*:*:*:*:* | ||||
| Configuration10 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_switch_3016e_firmware:*:*:*:*:*:*:*:* | 1.0 | 1.33 | |||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_switch_3016e:-:*:*:*:*:*:*:* | ||||
| Configuration11 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_switch_3016_firmware:*:*:*:*:*:*:*:* | 1.0 | 1.33 | |||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_switch_3016:-:*:*:*:*:*:*:* | ||||
| Configuration12 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_switch_3016t_firmware:*:*:*:*:*:*:*:* | 1.0 | 1.33 | |||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_switch_3016t:-:*:*:*:*:*:*:* | ||||
| Configuration13 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_switch_3006t-2fx_sm_firmware:*:*:*:*:*:*:*:* | 1.0 | 1.33 | |||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_switch_3006t-2fx_sm:-:*:*:*:*:*:*:* | ||||
| Configuration14 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_switch_4008t-2sfp_firmware:*:*:*:*:*:*:*:* | 1.0 | 1.33 | |||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_switch_4008t-2sfp:-:*:*:*:*:*:*:* | ||||
| Configuration15 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_switch_4008t-2gt-4fx_sm_firmware:*:*:*:*:*:*:*:* | 1.0 | 1.33 | |||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_switch_4008t-2gt-4fx_sm:-:*:*:*:*:*:*:* | ||||
| Configuration16 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_switch_4008t-2gt-3fx_sm_firmware:*:*:*:*:*:*:*:* | 1.0 | 1.33 | |||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_switch_4008t-2gt-3fx_sm:-:*:*:*:*:*:*:* | ||||
| Configuration17 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_switch_4808e-16fx_lc-4gc_firmware:*:*:*:*:*:*:*:* | 1.0 | 1.33 | |||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_switch_4808e-16fx_lc-4gc:-:*:*:*:*:*:*:* | ||||
| Configuration18 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_switch_4808e-16fx_sm-4gc_firmware:*:*:*:*:*:*:*:* | 1.0 | 1.33 | |||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_switch_4808e-16fx_sm-4gc:-:*:*:*:*:*:*:* | ||||
| Configuration19 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_switch_4808e-16fx_sm_st-4gc_firmware:*:*:*:*:*:*:*:* | 1.0 | 1.33 | |||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_switch_4808e-16fx_sm_st-4gc:-:*:*:*:*:*:*:* | ||||
| Configuration20 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_switch_4808e-16fx_st-4gc_firmware:*:*:*:*:*:*:*:* | 1.0 | 1.33 | |||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_switch_4808e-16fx_st-4gc:-:*:*:*:*:*:*:* | ||||
| Configuration21 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_switch_4808e-16fx-4gc_firmware:*:*:*:*:*:*:*:* | 1.0 | 1.33 | |||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_switch_4808e-16fx-4gc:-:*:*:*:*:*:*:* | ||||
| Configuration22 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_switch_4808e-16fx_sm_lc-4gc_firmware:*:*:*:*:*:*:*:* | 1.0 | 1.33 | |||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_switch_4808e-16fx_sm_lc-4gc:-:*:*:*:*:*:*:* | ||||
| Configuration23 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_switch_4012t_2gt_2fx_firmware:*:*:*:*:*:*:*:* | 1.0 | 1.33 | |||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_switch_4012t_2gt_2fx:-:*:*:*:*:*:*:* | ||||
| Configuration24 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_switch_4012t-2gt-2fx_st_firmware:*:*:*:*:*:*:*:* | 1.0 | 1.33 | |||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_switch_4012t-2gt-2fx_st:-:*:*:*:*:*:*:* | ||||
| Configuration25 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_switch_4824e-4gc_firmware:*:*:*:*:*:*:*:* | 1.0 | 1.33 | |||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_switch_4824e-4gc:-:*:*:*:*:*:*:* | ||||
| Configuration26 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_switch_4800e-24fx-4gc_firmware:*:*:*:*:*:*:*:* | 1.0 | 1.33 | |||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_switch_4800e-24fx-4gc:-:*:*:*:*:*:*:* | ||||
| Configuration27 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_switch_4800e-24fx_sm-4gc_firmware:*:*:*:*:*:*:*:* | 1.0 | 1.33 | |||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_switch_4800e-24fx_sm-4gc:-:*:*:*:*:*:*:* | ||||
| Configuration28 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_switch_3012e-2fx_sm_firmware:*:*:*:*:*:*:*:* | 1.0 | 1.33 | |||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_switch_3012e-2fx_sm:-:*:*:*:*:*:*:* | ||||
| Configuration29 | or higher | or less | more than | less than | |
| cpe:2.3:o:phoenixcontact:fl_switch_4000t-8poe-2sfp-r_firmware:*:*:*:*:*:*:*:* | 1.0 | 1.33 | |||
| execution environment | |||||
| 1 | cpe:2.3:h:phoenixcontact:fl_switch_4000t-8poe-2sfp-r:-:*:*:*:*:*:*:* | ||||