Semen Sokolov

**Name of the Vulnerable Software and Affected Versions** Phoenix Contact FL SWITCH versions 1.0 through 1.33 **Description** The issue is caused by a buffer overflow in the memory of the menu pxc.cgi and index.cgi components of the managed switch firmware. This can be exploited by a remote attacker by sending a GET request with a specially crafted cookie, potentially allowing the execution of arbitrary code or causing a denial of service. **Recommendations** For versions 1.0 through 1.33, as a temporary workaround, consider restricting access to the vulnerable menu pxc.cgi and index.cgi components until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Phoenix Contact FL SWITCH versions 1.0 through 1.33 **Description** The issue is related to insufficient security mechanisms in the CGI applications of the firmware, allowing a remote attacker to access the contents of configuration files. An unauthenticated user can read the configuration file. **Recommendations** For versions 1.0 through 1.33, restrict access to the configuration file to prevent unauthorized reading until a patch is available. Consider implementing additional security measures to protect the configuration files from unauthorized access.

**Name of the Vulnerable Software and Affected Versions** Phoenix Contact FL SWITCH versions 1.0 through 1.33 **Description** The issue is caused by a buffer overflow in the device's memory, allowing a remote attacker to gain unauthorized access to the device's OS files and execute arbitrary code. The estimated number of potentially affected devices worldwide is not specified. **Recommendations** For versions 1.0 through 1.33, update the firmware to a version that is not affected by this issue. As a temporary workaround, consider restricting access to the device to minimize the risk of exploitation.