CVE-2018-10728

Vulnerability

A stack-based buffer overflow vulnerability (CWE-121) exists in the web interface of all Phoenix Contact FL SWITCH 3xxx, 4xxx, and 48xx series products running firmware versions 1.0 to 1.33 [1]. The flaw is triggered by inserting a crafted long cookie into an HTTP GET request, causing a buffer overflow that can lead to denial of service and arbitrary code execution [1].

Exploitation

An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted GET request with an overly long cookie value to the switch's web server. The attack requires network access to the device, no prior authentication, and has a high attack complexity according to the CVSS vector [1]. The attacker must carefully craft the cookie payload to overflow the stack and gain control.

Impact

Successful exploitation allows the attacker to execute arbitrary code on the affected device, potentially leading to full compromise of the switch. The impact is severe, encompassing complete loss of confidentiality, integrity, and availability (CIA) as indicated by the CVSS score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) [1].

Mitigation

Phoenix Contact has released firmware updates to address this vulnerability. Users should upgrade to firmware version 1.34 or later as specified in the vendor advisory [1]. No workarounds are provided. The vulnerability is listed as CVE-2018-10728 and is separate from CVE-2018-10731 mentioned in the description. The affected products are not known to be listed on CISA's Known Exploited Vulnerabilities (KEV) catalog as of the last update.