Anne Borcherding

Name of the Vulnerable Software and Affected Versions: Phoenix Contact FL SWITCH SMCS series products (affected versions not specified) Description: The issue concerns fragmented TCP-Packets that may cause a Denial of Service of Web-, SNMP- and ICMP-Echo services in the affected products. The switching functionality of the device is not affected. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Phoenix Contact FL SWITCH SMCS series products (affected versions not specified) Description: The issue allows an attacker to insert malicious code via LLDP frames into the web-based management, which could then be executed by the client. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Phoenix Contact FL SWITCH SMCS series products (affected versions not specified) Description: The issue concerns a network stack crash that occurs when a hand-crafted TCP-Packet with the Urgent-Flag set and the Urgent-Pointer set to 0 is sent to the device. This results in the device needing to be rebooted afterwards. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.