CVE-2018-10730

CWE-78OS Command Injection3 documents3 sources
Severity
9.1CRITICAL
EPSS
3.4%
top 12.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
29
Phoenixcontact FL Switch 3004t-fx FirmwarePhoenixcontact FL Switch 3004t-fx ST FirmwarePhoenixcontact FL Switch 3005 Firmware+26 more
Timeline
PublishedMay 17
Latest updateMay 14

Description

All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to OS command injection.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 2.3 | Impact: 6.0

Affected Packages29 packages

Patches

Patch: cert.vde.comPatch: ics-cert.us-cert.govPatch: cert.vde.com

🔴Vulnerability Details

2
GHSA
GHSA-v9j3-6w7p-3346: All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 12022-05-14
CVEList
CVE-2018-10730: All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 12018-05-17
CVE-2018-10730 (CRITICAL CVSS 9.1) | All Phoenix Contact managed FL SWIT | cvebase.io