CVE-2018-10729

CWE-200 — Information Exposure3 documents3 sources

Severity

5.3MEDIUM

EPSS

0.2%

top 53.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

29

Phoenixcontact FL Switch 3004t-fx Firmware Phoenixcontact FL Switch 3004t-fx ST Firmware Phoenixcontact FL Switch 3005 Firmware +26 more

Timeline

PublishedMay 17

Latest updateMay 14

Description

All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 allow reading the configuration file by an unauthenticated user.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages29 packages

▶NVDphoenixcontact/fl_switch_3005_firmware1.33

▶NVDphoenixcontact/fl_switch_3008_firmware1.0 — 1.33

▶NVDphoenixcontact/fl_switch_3016_firmware1.0 — 1.33

▶NVDphoenixcontact/fl_switch_3005t_firmware1.0 — 1.33

▶NVDphoenixcontact/fl_switch_3008t_firmware1.0 — 1.33

Patches

Patch: cert.vde.com ↗Patch: ics-cert.us-cert.gov ↗Patch: cert.vde.com ↗

🔴Vulnerability Details

2

GHSA

GHSA-5rh6-9788-fh7g: All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1↗2022-05-14

▶

CVEList

CVE-2018-10729: All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1↗2018-05-17

▶

CVE-2018-10729 (MEDIUM CVSS 5.3) | All Phoenix Contact managed FL SWIT | cvebase.io