CVE-2017-16741

CWE-200 — Information Exposure3 documents3 sources

Severity

5.3MEDIUM

EPSS

0.8%

top 26.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phoenixcontact FL Switch 3004t-fx Firmware Phoenixcontact FL Switch 3004t-fx ST Firmware Phoenixcontact FL Switch 3005 Firmware +26 more

Timeline

PublishedJan 12

Latest updateMay 14

Description

An Information Exposure issue was discovered in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, and 48xxx Series products running firmware Version 1.0 to 1.32. A remote unauthenticated attacker may be able to use Monitor Mode on the device to read diagnostic information.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages30 packages

▶NVDphoenixcontact/fl_switch_3005_firmware1.0 — 1.32

▶NVDphoenixcontact/fl_switch_3008_firmware1.0 — 1.32

▶NVDphoenixcontact/fl_switch_3016_firmware1.0 — 1.32

▶NVDphoenixcontact/fl_switch_3005t_firmware1.0 — 1.32

▶NVDphoenixcontact/fl_switch_3008t_firmware1.0 — 1.32

Patches

Patch: ics-cert.us-cert.gov ↗Patch: ics-cert.us-cert.gov ↗

🔴Vulnerability Details

GHSA

GHSA-6c6j-r563-746g: An Information Exposure issue was discovered in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, and 48xxx Series products running firmware Version 1↗2022-05-14

▶

CVEList

CVE-2017-16741: An Information Exposure issue was discovered in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, and 48xxx Series products running firmware Version 1↗2018-01-12

▶