PHOENIX CONTACT FL SWITCH (ICSA-19-024-02)

improper restriction of excessive authentication attempts, cleartext transmission of sensitive information, resource exhaustion, incorrectly specified destination in a communication channel, insecure storage of sensitive information, and memory corruption vulnerabilities in PHOENIX CONTACT FL SWITCH. Versions 3xxx, 4xxx, and 48xx and versions prior to 1.35. are affected. Successful exploitation of these vulnerabilities may allow attackers to have user privileges, gain access to the switch, read user credentials, deny access to the switch, or perform man-in-the-middle attacks. PHOENIX CONTACT recommends that users of FL SWITCH devices with affected firmware versions update the firmware to Version 1.35 or higher, which fixes these vulnerabilities. The NCCIC also advises on a series of mitigating measures for this vulnerability. Read the advisory at NCCIC/ICS-CERT.