VDE-2018-006
Mai 14, 2025, 3:00 nachm.
An attacker may insert a carefully crafted cookie into a GET menu_pxc.cgi or GET index.cgi request to cause a buffer overflow that can initiate a Denial of Service attack and …
VDE-2018-007
Mai 22, 2025, 3:03 nachm.
Phoenix Contact: FL SWITCH 3xxx/4xxx/48xx series - Stack-based Buffer Overflow in shared object file
An attacker may exploit a 'long cookie' related vulnerability to cause a buffer overflow that allows unauthorized access to the switches operating system files. The attacker can then insert executable …
VDE-2018-005
Mai 16, 2018, 7:35 vorm.
Web interface CGI applications may copy the contents of the running configuration file to a commonly accessed file. Clever manipulation of a web login request can expose the contents of …
VDE-2018-004
Mai 14, 2025, 2:28 nachm.
An attacker with permission to transfer configuration files to/from the switch or permission to upgrade firmware, is able to execute arbitrary OS shell commands. CGI applications config_transfer.cgi and software_update.cgi are …
VDE-2018-003
Mai 14, 2025, 3:00 nachm.
Several CPUs manufactured by Intel, AMD or based on ARM technology may leak information due to their internal operation if attacked by specifically written software executed on the affected systems. …
VDE-2018-002
Mai 14, 2025, 2:28 nachm.
Critical vulnerabilities within several CPUs have been identified by security researchers. These hardware vulnerabilities allow programs to learn about the contents of a system's memory, using side-channel attacks. Potential attack …
VDE-2018-001
Mai 14, 2025, 2:28 nachm.
The integrity of the mGuard firmware atomic update process cannot be guaranteed under all circumstances. The mGuard atomic update mechanism relies on internal checksums for the integrity verification of some …
VDE-2017-006
Mai 14, 2025, 3:00 nachm.
PHOENIX CONTACT FL SWITCH 3xxx series, FL SWITCH 4xxx series, and FL SWITCH 48xx series products running firmware version 1.0 to 1.32 allow unauthenticated users with network access to gain …