You are here

PHOENIX CONTACT FL SWITCH 3xxx/4xxx/48xx Series (ICSA-18-137-02)

PHOENIX CONTACT FL SWITCH 3xxx/4xxx/48xx Series (ICSA-18-137-02)

Created: Monday, May 21, 2018 - 12:49
Categories:
Cybersecurity

The NCCIC has released an advisory on command injection, information exposure, and stack-based buffer overflow vulnerabilities in PHOENIX CONTACT FL SWITCH 3xxx/4xxx/48xx Series. All FL SWITCH 3xxx, 4xxx, and 48xxx Series products running firmware Version 1.0 to 1.32 are affected. Successful exploitation of these vulnerabilities could allow for remote code execution and information disclosure. PHOENIX CONTACT recommends that affected users upgrade to firmware Version 1.34 or higher. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.