CVE-2017-16743

Name of the Vulnerable Software and Affected Versions PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, and 48xxx Series products versions 1.0 through 1.32

Description An issue with improper authorization was found, allowing a remote unauthenticated attacker to craft special HTTP requests to bypass web-service authentication and obtain administrative privileges on the device. This can be achieved by exploiting weaknesses in the authorization procedure, enabling the attacker to gain administrative access through specially formed HTTP requests.

Recommendations For versions 1.0 through 1.32, consider restricting access to the web-service until a patch is available, and avoid using the device's administrative features over untrusted networks. As a temporary workaround, limit the device's exposure to the internet and isolate it from untrusted networks to minimize the risk of exploitation.