VYPR

FL SWITCH

by Phoenixcontact

CVEs (28)

  • CVE-2018-10730CriMay 17, 2018
    risk 0.60cvss 9.1epss 0.05

    All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to OS command injection.

  • CVE-2018-10731CriMay 17, 2018
    risk 0.59cvss 9.0epss 0.03

    All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to buffer overflows when handling very large cookies (a different vulnerability than CVE-2018-10728).

  • CVE-2018-13992HigMay 7, 2019
    risk 0.53cvss 8.2epss 0.01

    The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 allows for plaintext transmission (HTTP) of user credentials by default.

  • CVE-2018-10728HigMay 17, 2018
    risk 0.53cvss 8.1epss 0.02

    All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to buffer overflows (a different vulnerability than CVE-2018-10731).

  • CVE-2021-21005HigJun 25, 2021
    risk 0.49cvss 7.5epss 0.01

    In Phoenix Contact FL SWITCH SMCS series products in multiple versions if an attacker sends a hand-crafted TCP-Packet with the Urgent-Flag set and the Urgent-Pointer set to 0, the network stack will crash. The device needs to be rebooted afterwards.

  • CVE-2021-21004HigJun 25, 2021
    risk 0.48cvss 7.4epss 0.01

    In Phoenix Contact FL SWITCH SMCS series products in multiple versions an attacker may insert malicious code via LLDP frames into the web-based management which could then be executed by the client.

  • CVE-2021-21003MedJun 25, 2021
    risk 0.35cvss 5.3epss 0.01

    In Phoenix Contact FL SWITCH SMCS series products in multiple versions fragmented TCP-Packets may cause a Denial of Service of Web-, SNMP- and ICMP-Echo services. The switching functionality of the device is not affected.

  • CVE-2018-10729MedMay 17, 2018
    risk 0.35cvss 5.3epss 0.02

    All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 allow reading the configuration file by an unauthenticated user.

  • CVE-2026-22321Mar 18, 2026
    risk 0.00cvss epss 0.00

    A stack-based buffer overflow in the device's Telnet/SSH CLI login routine occurs when a unauthenticated attacker send an oversized or unexpected username input. An overflow condition crashes the thread handling the login attempt, forcing the session to close. Because other CLI…

  • CVE-2026-22320Mar 18, 2026
    risk 0.00cvss epss 0.00

    A stack-based buffer overflow in the CLI's TFTP file‑transfer command handling allows a low-privileged attacker with Telnet/SSH access to trigger memory corruption by supplying unexpected or oversized filename input. Exploitation results in the corruption of the internal…

  • CVE-2026-22319Mar 18, 2026
    risk 0.00cvss epss 0.00

    A stack-based buffer overflow in the device's file installation workflow allows a high-privileged attacker to send oversized POST parameters that overflow a fixed-size stack buffer within an internal process, resulting in a DoS attack.

  • CVE-2026-22318Mar 18, 2026
    risk 0.00cvss epss 0.00

    A stack-based buffer overflow vulnerability in the device's file transfer parameter workflow allows a high-privileged attacker to send oversized POST parameters, causing memory corruption in an internal process, resulting in a DoS attack.

  • CVE-2026-22317Mar 18, 2026
    risk 0.00cvss epss 0.01

    A command injection vulnerability in the device’s Root CA certificate transfer workflow allows a high-privileged attacker to send crafted HTTP POST requests that result in arbitrary command execution on the underlying Linux OS with root privileges.

  • CVE-2026-22316Mar 18, 2026
    risk 0.00cvss epss 0.00

    A remote attacker with user privileges for the webUI can use the setting of the TFTP Filename with a POST Request to trigger a stack-based Buffer Overflow, resulting in a DoS attack.

  • CVE-2025-41693Dec 9, 2025
    risk 0.00cvss epss 0.00

    A low privileged remote attacker can use the ssh feature to execute commands directly after login. The process stays open and uses resources which leads to a reduced performance of the management functions. Switching functionality is not affected.

  • CVE-2025-41696Dec 9, 2025
    risk 0.00cvss epss 0.00

    An attacker can use an undocumented UART port on the PCB as a side-channel with the user hardcoded credentials obtained from CVE-2025-41692 to gain read access to parts of the filesystem of the device.

  • CVE-2025-41694Dec 9, 2025
    risk 0.00cvss epss 0.00

    A low privileged remote attacker can run the webshell with an empty command containing whitespace. The server will then block until it receives more data, resulting in a DoS condition of the websserver.

  • CVE-2025-41692Dec 9, 2025
    risk 0.00cvss epss 0.00

    A high privileged remote attacker with admin privileges for the webUI can brute-force the "root" and "user" passwords of the underlying OS due to a weak password generation algorithm.

  • CVE-2025-41697Dec 9, 2025
    risk 0.00cvss epss 0.00

    An attacker can use an undocumented UART port on the PCB as a side-channel to get root access e.g. with the credentials obtained from CVE-2025-41692.

  • CVE-2025-41695Dec 9, 2025
    risk 0.00cvss epss 0.01

    An XSS vulnerability in dyn_conn.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management (WBM). The vulnerability does not provide…

Page 1 of 2