A series of newly disclosed vulnerabilities could allow an attacker to gain control of industrial switches.

Phoenix Contact has disclosed four vulnerabilities in switches in the FL SWITCH industrial line. The affected devices are typically used in automated processes at digital substations, oil and gas, maritime, and other industrial applications.

The vulnerabilities were discovered by Positive Technologies researchers Vyacheslav Moskvin, Semyon Sokolov, Evgeny Druzhinin, Ilya Karpov, and Georgy Zaytsev.

Two of the vulnerabilities, CVE-2018-10730 and CVE-2018-10731, could allow an attacker to run arbitrary code on a switch.

CVE-2018-10728 involves a buffer overflow that could be exploited to perform a DoS attack, disable web and telnet services, or run arbitrary code, while CVE-2018-10729 would allow an unauthorized user to read the contents of the switch config file.

The vulnerabilities affect FL SWITCH models 3xxx, 4xxx, and 48xxx running firmware versions 1.0–1.33. The vendor strongly recommends updating to firmware version 1.34 as remediation for the vulnerabilities.

For more, read here.

Why Cybercriminals Attack: A DARK READING VIRTUAL EVENT Wednesday, June 27. Industry experts will offer a range of information and insight on who the bad guys are – and why they might be targeting your enterprise. Go here for more information on this free event.

About the Author(s)

Curtis Franklin, Principal Analyst, Omdia

Curtis Franklin Jr. is Principal Analyst at Omdia, focusing on enterprise security management. Previously, he was senior editor of Dark Reading, editor of Light Reading's Security Now, and executive editor, technology, at InformationWeek, where he was also executive producer of InformationWeek's online radio and podcast episodes

Curtis has been writing about technologies and products in computing and networking since the early 1980s. He has been on staff and contributed to technology-industry publications including BYTE, ComputerWorld, CEO, Enterprise Efficiency, ChannelWeb, Network Computing, InfoWorld, PCWorld, Dark Reading, and ITWorld.com on subjects ranging from mobile enterprise computing to enterprise security and wireless networking.

Curtis is the author of thousands of articles, the co-author of five books, and has been a frequent speaker at computer and networking industry conferences across North America and Europe. His most recent books, Cloud Computing: Technologies and Strategies of the Ubiquitous Data Center, and Securing the Cloud: Security Strategies for the Ubiquitous Data Center, with co-author Brian Chee, are published by Taylor and Francis.

When he's not writing, Curtis is a painter, photographer, cook, and multi-instrumentalist musician. He is active in running, amateur radio (KG4GWA), the MakerFX maker space in Orlando, FL, and is a certified Florida Master Naturalist.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights