CVE-2018-10731

CWE-119 — Buffer Overflow3 documents3 sources

Severity

9.0CRITICAL

EPSS

1.4%

top 19.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

29

Phoenixcontact FL Switch 3004t-fx Firmware Phoenixcontact FL Switch 3004t-fx ST Firmware Phoenixcontact FL Switch 3005 Firmware +26 more

Timeline

PublishedMay 17

Latest updateMay 14

Description

All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to buffer overflows when handling very large cookies (a different vulnerability than CVE-2018-10728).

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 2.2 | Impact: 6.0

Affected Packages29 packages

▶NVDphoenixcontact/fl_switch_3005_firmware1.33

▶NVDphoenixcontact/fl_switch_3008_firmware1.0 — 1.33

▶NVDphoenixcontact/fl_switch_3016_firmware1.0 — 1.33

▶NVDphoenixcontact/fl_switch_3005t_firmware1.0 — 1.33

▶NVDphoenixcontact/fl_switch_3008t_firmware1.0 — 1.33

Patches

Patch: cert.vde.com ↗Patch: ics-cert.us-cert.gov ↗Patch: cert.vde.com ↗

🔴Vulnerability Details

2

GHSA

GHSA-fwh4-47pw-jmg5: All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1↗2022-05-14

▶

CVEList

CVE-2018-10731: All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1↗2018-05-17

▶

CVE-2018-10731 (CRITICAL CVSS 9) | All Phoenix Contact managed FL SWIT | cvebase.io