The vulnerability of Phoenix Contact FL SWITCH router microprogramming software, related to deficiencies in authentication procedures, allows a malicious actor to gain access to the device with administrator privileges.

🗓️ 16 Feb 2018 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

Authentication weakness in FL SWITCH router allows a remote attacker to gain administrator rights via web requests.

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2017-16743	30 Jan 202619:02	–	circl
CNVD	PHOENIX CONTACT FL SWITCH Unauthorized Access Vulnerability	15 Jan 201800:00	–	cnvd
CVE	CVE-2017-16743	12 Jan 201820:00	–	cve
Cvelist	CVE-2017-16743	12 Jan 201820:00	–	cvelist
EUVD	EUVD-2017-7927	7 Oct 202500:30	–	euvd
ICS	PHOENIX CONTACT FL SWITCH	11 Jan 201800:00	–	ics
NVD	CVE-2017-16743	12 Jan 201820:29	–	nvd
Prion	Authorization	12 Jan 201820:29	–	prion
Positive Technologies	PT-2018-02: Improper Authorization in PHOENIX CONTACT FL SWITCH	2 Aug 201700:00	–	ptsecurity

Vulners

Node

phoenix_contact_gmbh_&_co._kg fl_switch_3004t-fxRange1.0–1.32

OR

phoenix_contact_gmbh_&_co._kg fl_switch_3004t-fx_stRange1.0–1.32

OR

phoenix_contact_gmbh_&_co._kg fl_switch_3005Range1.0–1.32

OR

phoenix_contact_gmbh_&_co._kg fl_switch_3005tRange1.0–1.32

OR

phoenix_contact_gmbh_&_co._kg fl_switch_3006t-2fxRange1.0–1.32

OR

phoenix_contact_gmbh_&_co._kg fl_switch_3006t-2fx_smRange1.0–1.32

OR

phoenix_contact_gmbh_&_co._kg fl_switch_3006t-2fx_stRange1.0–1.32

OR

phoenix_contact_gmbh_&_co._kg fl_switch_3008Range1.0–1.32

OR

phoenix_contact_gmbh_&_co._kg fl_switch_3008tRange1.0–1.32

OR

phoenix_contact_gmbh_&_co._kg fl_switch_3012e-2fx_smRange1.0–1.32

OR

phoenix_contact_gmbh_&_co._kg fl_switch_3012e-2sfxRange1.0–1.32

OR

phoenix_contact_gmbh_&_co._kg fl_switch_3016Range1.0–1.32

OR

phoenix_contact_gmbh_&_co._kg fl_switch_3016eRange1.0–1.32

OR

phoenix_contact_gmbh_&_co._kg fl_switch_3016tRange1.0–1.32

OR

phoenix_contact_gmbh_&_co._kg fl_switch_4000t-8poe-2sfp-rRange1.0–1.32

OR

phoenix_contact_gmbh_&_co._kg fl_switch_4008t-2gt-3fx_smRange1.0–1.32

OR

phoenix_contact_gmbh_&_co._kg fl_switch_4008t-2gt-4fx_smRange1.0–1.32

OR

phoenix_contact_gmbh_&_co._kg fl_switch_4008t-2sfpRange1.0–1.32

OR

phoenix_contact_gmbh_&_co._kg fl_switch_4012t_2gt_2fxRange1.0–1.32

OR

phoenix_contact_gmbh_&_co._kg fl_switch_4012t-2gt-2fx_stRange1.0–1.32

OR

phoenix_contact_gmbh_&_co._kg fl_switch_4800e-24fx_sm-4gcRange1.0–1.32

OR

phoenix_contact_gmbh_&_co._kg fl_switch_4800e-24fx-4gcRange1.0–1.32

OR

phoenix_contact_gmbh_&_co._kg fl_switch_4808e-16fx_lc-4gcRange1.0–1.32

OR

phoenix_contact_gmbh_&_co._kg fl_switch_4808e-16fx_sm_lc-4gcRange1.0–1.32

OR

phoenix_contact_gmbh_&_co._kg fl_switch_4808e-16fx_sm_st-4gcRange1.0–1.32

OR

phoenix_contact_gmbh_&_co._kg fl_switch_4808e-16fx_sm-4gcRange1.0–1.32

OR

phoenix_contact_gmbh_&_co._kg fl_switch_4808e-16fx_st-4gcRange1.0–1.32

OR

phoenix_contact_gmbh_&_co._kg fl_switch_4808e-16fx-4gcRange1.0–1.32

OR

phoenix_contact_gmbh_&_co._kg fl_switch_4824e-4gcRange1.0–1.32

Source	Link
ics-cert	www.ics-cert.us-cert.gov/advisories/ICSA-18-011-03
ptsecurity	www.ptsecurity.com/ru-ru/about/news/290108/
web	www.web.nvd.nist.gov/view/vuln/detail

23 Mar 2021 00:00Current

5.5Medium risk

Vulners AI Score5.5

CVSS 39.8

CVSS 210

EPSS0.0124

authentication weakness fl switch router remote attacker administrator rights web requests