Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-13994 (GCVE-0-2018-13994)
Vulnerability from cvelistv5 – Published: 2019-05-07 17:36 – Updated: 2024-08-05 09:21
VLAI?
EPSS
Summary
The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is vulnerable to a denial-of-service attack by making more than 120 connections.
Severity ?
7.5 (High)
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:21:40.712Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-024-02"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106737"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is vulnerable to a denial-of-service attack by making more than 120 connections."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-07T17:36:17.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-024-02"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/106737"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13994",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is vulnerable to a denial-of-service attack by making more than 120 connections."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-024-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-024-02"
},
{
"name": "http://www.securityfocus.com/bid/106737",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/106737"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-13994",
"datePublished": "2019-05-07T17:36:17.000Z",
"dateReserved": "2018-07-11T00:00:00.000Z",
"dateUpdated": "2024-08-05T09:21:40.712Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2018-13994\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-05-07T18:29:00.583\",\"lastModified\":\"2024-11-21T03:48:23.860\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is vulnerable to a denial-of-service attack by making more than 120 connections.\"},{\"lang\":\"es\",\"value\":\"La interfaz web de usuario de PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versiones desde 1.0 hasta 1.34, es vulnerable a un ataque de denegaci\u00f3n de servicio al realizar mas de 120 conexiones.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"cve@mitre.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:phoenixcontact:fl_switch_3005_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0\",\"versionEndIncluding\":\"1.34\",\"matchCriteriaId\":\"04A47D70-E559-4D83-8BC5-0A5A99BBE046\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:phoenixcontact:fl_switch_3005:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CDD6E20C-23E3-4D04-879B-2AC6EF428947\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:phoenixcontact:fl_switch_3005t_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0\",\"versionEndIncluding\":\"1.34\",\"matchCriteriaId\":\"A044EFDC-2F7F-4B07-AD3F-2C3085AD499B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:phoenixcontact:fl_switch_3005t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"378D94CF-D885-42D4-8A0E-21CD748F6807\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:phoenixcontact:fl_switch_3004t-fx_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0\",\"versionEndIncluding\":\"1.34\",\"matchCriteriaId\":\"17E9343C-8760-439D-9E4B-3D6CCA4E2819\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:phoenixcontact:fl_switch_3004t-fx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA9C98D8-21D3-45C1-B060-A9A9E2F3C097\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:phoenixcontact:fl_switch_3004t-fx_st_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0\",\"versionEndIncluding\":\"1.34\",\"matchCriteriaId\":\"C63BBDE7-162C-4E1F-B95C-A96D75B6534D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:phoenixcontact:fl_switch_3004t-fx_st:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7741E125-4A42-49D9-B042-F9CE55635AAC\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:phoenixcontact:fl_switch_3008_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0\",\"versionEndIncluding\":\"1.34\",\"matchCriteriaId\":\"AC486493-C679-491D-85C3-65778974F619\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:phoenixcontact:fl_switch_3008:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B6CE354-013E-4F95-BC30-1C9B319EBED2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:phoenixcontact:fl_switch_3008t_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0\",\"versionEndIncluding\":\"1.34\",\"matchCriteriaId\":\"1F287862-E23E-4A75-A678-7498C5319C67\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:phoenixcontact:fl_switch_3008t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9AABEF33-10A0-4799-B838-56EDD19DA0C0\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:phoenixcontact:fl_switch_3006t-2fx_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0\",\"versionEndIncluding\":\"1.34\",\"matchCriteriaId\":\"066EBCFD-A38E-4CC1-874C-76438F2BBFD2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:phoenixcontact:fl_switch_3006t-2fx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"183345F0-1A43-4721-99C1-6F1A7DF951C5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:phoenixcontact:fl_switch_3006t-2fx_st_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0\",\"versionEndIncluding\":\"1.34\",\"matchCriteriaId\":\"A709134E-8108-46D5-87B6-B8EFAFC46A57\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:phoenixcontact:fl_switch_3006t-2fx_st:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"745B393D-B1D4-49B3-B869-54B103DDC09E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:phoenixcontact:fl_switch_3012e-2sfx_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0\",\"versionEndIncluding\":\"1.34\",\"matchCriteriaId\":\"BF6F59B4-D27B-47BD-9245-113AE40975D4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:phoenixcontact:fl_switch_3012e-2sfx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E73E8DE-CCC4-43EC-8DD5-B8F75EA06A79\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:phoenixcontact:fl_switch_3016e_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0\",\"versionEndIncluding\":\"1.34\",\"matchCriteriaId\":\"EA7DFECE-5FD0-426C-A8AD-8FD76DF2686C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:phoenixcontact:fl_switch_3016e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AAE50CC4-384B-499F-BC7D-E66AB2B8D42F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:phoenixcontact:fl_switch_3016_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0\",\"versionEndIncluding\":\"1.34\",\"matchCriteriaId\":\"F332F2A6-4ADC-44E1-8992-E8EA6439C1F7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:phoenixcontact:fl_switch_3016:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE5BBAFE-2229-4472-BED8-30A5A2547746\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:phoenixcontact:fl_switch_3016t_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0\",\"versionEndIncluding\":\"1.34\",\"matchCriteriaId\":\"AB5CA5AA-1388-4718-8A1E-7A84A015A3C9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:phoenixcontact:fl_switch_3016t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"20E4B7B8-0BCF-4A6D-A1D6-D76D7B67277D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:phoenixcontact:fl_switch_3006t-2fx_sm_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0\",\"versionEndIncluding\":\"1.34\",\"matchCriteriaId\":\"2304E00B-6927-47CD-B8F9-5737C4DFEE0F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:phoenixcontact:fl_switch_3006t-2fx_sm:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"94001A55-C569-4FD3-BB74-9EC7D85C1473\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:phoenixcontact:fl_switch_4008t-2sfp_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0\",\"versionEndIncluding\":\"1.34\",\"matchCriteriaId\":\"AFB27CA8-DD29-47D0-ABF8-0749CCD54C1B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:phoenixcontact:fl_switch_4008t-2sfp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8BDDB1D7-3E0C-4C06-B19F-A2FE8F6CC541\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:phoenixcontact:fl_switch_4008t-2gt-4fx_sm_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0\",\"versionEndIncluding\":\"1.34\",\"matchCriteriaId\":\"5425DCC2-8DFA-45E4-B772-B86787D1D84E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:phoenixcontact:fl_switch_4008t-2gt-4fx_sm:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB83F75C-61AD-4161-B7FC-815BB79DD84C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:phoenixcontact:fl_switch_4008t-2gt-3fx_sm_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0\",\"versionEndIncluding\":\"1.34\",\"matchCriteriaId\":\"473466B5-3D67-497B-8AB5-39987B5A5D88\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:phoenixcontact:fl_switch_4008t-2gt-3fx_sm:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"59A8884E-A04E-4A52-9CE6-8EE210F6CA8A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:phoenixcontact:fl_switch_4808e-16fx_lc-4gc_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0\",\"versionEndIncluding\":\"1.34\",\"matchCriteriaId\":\"CDC53950-9BEF-4DF8-9C38-4424AC38BDC1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:phoenixcontact:fl_switch_4808e-16fx_lc-4gc:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D2ACFB7-4685-48F2-8741-AD0ECFC8804E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:phoenixcontact:fl_switch_4808e-16fx_sm-4gc_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0\",\"versionEndIncluding\":\"1.34\",\"matchCriteriaId\":\"C284DB89-C9FD-489D-A705-85DFAAEB2661\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:phoenixcontact:fl_switch_4808e-16fx_sm-4gc:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"640ECB9C-3D8C-4BCD-A0AF-AA79DE508FD0\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:phoenixcontact:fl_switch_4808e-16fx_sm_st-4gc_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0\",\"versionEndIncluding\":\"1.34\",\"matchCriteriaId\":\"DC4FBE69-214A-4B71-9573-FCCAA9F296F9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:phoenixcontact:fl_switch_4808e-16fx_sm_st-4gc:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24767260-220D-40D2-82D4-944DD1557C68\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:phoenixcontact:fl_switch_4808e-16fx_st-4gc_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0\",\"versionEndIncluding\":\"1.34\",\"matchCriteriaId\":\"F7E77B1A-9A78-423B-ADB1-0DE5105012DC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:phoenixcontact:fl_switch_4808e-16fx_st-4gc:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D1D7163-5489-47A3-B6DF-13C2C137CD39\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:phoenixcontact:fl_switch_4808e-16fx-4gc_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0\",\"versionEndIncluding\":\"1.34\",\"matchCriteriaId\":\"D3CA8093-6C61-4E0F-89F2-83008B6A3047\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:phoenixcontact:fl_switch_4808e-16fx-4gc:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA4CF1D6-AEB2-4A75-959A-81F70FE7A634\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:phoenixcontact:fl_switch_4808e-16fx_sm_lc-4gc_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0\",\"versionEndIncluding\":\"1.34\",\"matchCriteriaId\":\"64552653-D5D2-4002-A255-68080BA13820\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:phoenixcontact:fl_switch_4808e-16fx_sm_lc-4gc:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A11C522-B022-4F38-9DE9-189BAB367CA6\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:phoenixcontact:fl_switch_4012t_2gt_2fx_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0\",\"versionEndIncluding\":\"1.34\",\"matchCriteriaId\":\"F3F0F169-2BA8-48B7-9017-49993D1B1046\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:phoenixcontact:fl_switch_4012t_2gt_2fx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF8A0E7B-0B6D-496C-81A4-077C4D1BA2BA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:phoenixcontact:fl_switch_4012t-2gt-2fx_st_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0\",\"versionEndIncluding\":\"1.34\",\"matchCriteriaId\":\"EA7D5CCD-A27A-47B9-898F-D2C605A7E02F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:phoenixcontact:fl_switch_4012t-2gt-2fx_st:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"67F3A41E-72FA-4876-B29C-810A83237E74\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:phoenixcontact:fl_switch_4824e-4gc_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0\",\"versionEndIncluding\":\"1.34\",\"matchCriteriaId\":\"12C5D49B-B36E-44CE-BDEF-6D092F9F98CC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:phoenixcontact:fl_switch_4824e-4gc:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0AF48CE-231F-42F9-BF50-B3E8FB49D0F0\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:phoenixcontact:fl_switch_4800e-24fx-4gc_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0\",\"versionEndIncluding\":\"1.34\",\"matchCriteriaId\":\"6D629743-D62B-446F-9365-9CD4F8D4C7C0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:phoenixcontact:fl_switch_4800e-24fx-4gc:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5516A419-3B65-4866-91AD-7824C7D93A1E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:phoenixcontact:fl_switch_4800e-24fx_sm-4gc_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0\",\"versionEndIncluding\":\"1.34\",\"matchCriteriaId\":\"045FA39D-54C2-4A14-BAE2-4100BE2B9DC9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:phoenixcontact:fl_switch_4800e-24fx_sm-4gc:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9D8EBCA-D4C9-4698-B0A6-78796228ABD7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:phoenixcontact:fl_switch_3012e-2fx_sm_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0\",\"versionEndIncluding\":\"1.34\",\"matchCriteriaId\":\"31B73742-90A2-412E-B31B-0C3968C66735\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:phoenixcontact:fl_switch_3012e-2fx_sm:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E13750CC-A1ED-4AC5-BE05-C70B0A8E697D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:phoenixcontact:fl_switch_4000t-8poe-2sfp-r_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0\",\"versionEndIncluding\":\"1.34\",\"matchCriteriaId\":\"CE523BC5-9A74-45D1-8054-5AF8E8DC7C6F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:phoenixcontact:fl_switch_4000t-8poe-2sfp-r:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5C8DB2C-0647-42FC-A401-264A6A00621E\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/106737\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-19-024-02\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/106737\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-19-024-02\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\",\"VDB Entry\"]}]}}"
}
}
ICSA-19-024-02
Vulnerability from csaf_cisa - Published: 2019-01-24 00:00 - Updated: 2019-01-24 00:00Summary
PHOENIX CONTACT FL SWITCH
Notes
CISA Disclaimer: This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation: Successful exploitation of these vulnerabilities may allow attackers to have user privileges, gain access to the switch, read user credentials, deny access to the switch, or perform man-in-the-middle attacks.
Critical infrastructure sectors: Communications, Critical Manufacturing, Information Technology
Countries/areas deployed: Worldwide
Company headquarters location: Germany
Recommended Practices: NCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:
Recommended Practices: NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.
Exploitability: No known public exploits specifically target these vulnerabilities.
8.8 (High)
Mitigation
Phoenix Contact recommends that users of FL SWITCH devices with affected firmware versions update the firmware to Version 1.35 or higher, which fixes these vulnerabilities. The updated firmware may be downloaded from the managed switch product page on the Phoenix Contact website. Please see the CERT VDE advisory for these vulnerabilities for the location of the new firmware download for each specific product: https://cert.vde.com/de-de/advisories/vde-2019-001
https://cert.vde.com/de-de/advisories/vde-2019-001
Mitigation
Phoenix Contact also recommends that users using the Phoenix Contact managed FL SWITCH devices enable HTTP security.
8.6 (High)
Mitigation
Phoenix Contact recommends that users of FL SWITCH devices with affected firmware versions update the firmware to Version 1.35 or higher, which fixes these vulnerabilities. The updated firmware may be downloaded from the managed switch product page on the Phoenix Contact website. Please see the CERT VDE advisory for these vulnerabilities for the location of the new firmware download for each specific product: https://cert.vde.com/de-de/advisories/vde-2019-001
https://cert.vde.com/de-de/advisories/vde-2019-001
Mitigation
Phoenix Contact also recommends that users using the Phoenix Contact managed FL SWITCH devices enable HTTP security.
8.2 (High)
Mitigation
Phoenix Contact recommends that users of FL SWITCH devices with affected firmware versions update the firmware to Version 1.35 or higher, which fixes these vulnerabilities. The updated firmware may be downloaded from the managed switch product page on the Phoenix Contact website. Please see the CERT VDE advisory for these vulnerabilities for the location of the new firmware download for each specific product: https://cert.vde.com/de-de/advisories/vde-2019-001
https://cert.vde.com/de-de/advisories/vde-2019-001
Mitigation
Phoenix Contact also recommends that users using the Phoenix Contact managed FL SWITCH devices enable HTTP security.
7.5 (High)
Mitigation
Phoenix Contact recommends that users of FL SWITCH devices with affected firmware versions update the firmware to Version 1.35 or higher, which fixes these vulnerabilities. The updated firmware may be downloaded from the managed switch product page on the Phoenix Contact website. Please see the CERT VDE advisory for these vulnerabilities for the location of the new firmware download for each specific product: https://cert.vde.com/de-de/advisories/vde-2019-001
https://cert.vde.com/de-de/advisories/vde-2019-001
Mitigation
Phoenix Contact also recommends that users using the Phoenix Contact managed FL SWITCH devices enable HTTP security.
5.3 (Medium)
Mitigation
Phoenix Contact recommends that users of FL SWITCH devices with affected firmware versions update the firmware to Version 1.35 or higher, which fixes these vulnerabilities. The updated firmware may be downloaded from the managed switch product page on the Phoenix Contact website. Please see the CERT VDE advisory for these vulnerabilities for the location of the new firmware download for each specific product: https://cert.vde.com/de-de/advisories/vde-2019-001
https://cert.vde.com/de-de/advisories/vde-2019-001
Mitigation
Phoenix Contact also recommends that users using the Phoenix Contact managed FL SWITCH devices enable HTTP security.
5.3 (Medium)
Mitigation
Phoenix Contact recommends that users of FL SWITCH devices with affected firmware versions update the firmware to Version 1.35 or higher, which fixes these vulnerabilities. The updated firmware may be downloaded from the managed switch product page on the Phoenix Contact website. Please see the CERT VDE advisory for these vulnerabilities for the location of the new firmware download for each specific product: https://cert.vde.com/de-de/advisories/vde-2019-001
https://cert.vde.com/de-de/advisories/vde-2019-001
Mitigation
Phoenix Contact also recommends that users using the Phoenix Contact managed FL SWITCH devices enable HTTP security.
References
Acknowledgments
{
"document": {
"acknowledgments": [
{
"summary": "Phoenix Contact recommends that users of FL SWITCH devices with affected firmware versions update the firmware to Version 1.35 or higher, which fixes these vulnerabilities. The updated firmware may be downloaded from the managed switch product page on the Phoenix Contact website. Please see the CERT VDE advisory for these vulnerabilities for the location of the new firmware download for each specific product: https://cert.vde.com/de-de/advisories/vde-2019-001"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of these vulnerabilities may allow attackers to have user privileges, gain access to the switch, read user credentials, deny access to the switch, or perform man-in-the-middle attacks.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Communications, Critical Manufacturing, Information Technology",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "NCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "other",
"text": "No known public exploits specifically target these vulnerabilities.",
"title": "Exploitability"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-19-024-02 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2019/icsa-19-024-02.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-19-024-02 Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-19-024-02"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "PHOENIX CONTACT FL SWITCH",
"tracking": {
"current_release_date": "2019-01-24T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-19-024-02",
"initial_release_date": "2019-01-24T00:00:00.000000Z",
"revision_history": [
{
"date": "2019-01-24T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSA-19-024-02 PHOENIX CONTACT FL SWITCH"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 1.35",
"product": {
"name": "FL SWITCH 3xxx 4xxx and 48xx: versions prior to Version 1.35",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "FL SWITCH 3xxx 4xxx and 48xx"
}
],
"category": "vendor",
"name": "PHOENIX CONTACT, Innominate Security Technologies"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-13993",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"notes": [
{
"category": "summary",
"text": "This vulnerability may allow an attacker to trick the web browser into transmitting unwanted commands.CVE-2018-13993 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-13993"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends that users of FL SWITCH devices with affected firmware versions update the firmware to Version 1.35 or higher, which fixes these vulnerabilities. The updated firmware may be downloaded from the managed switch product page on the Phoenix Contact website. Please see the CERT VDE advisory for these vulnerabilities for the location of the new firmware download for each specific product: https://cert.vde.com/de-de/advisories/vde-2019-001",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2019-001"
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends that users using the Phoenix Contact managed FL SWITCH devices enable HTTP security.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2018-13990",
"cwe": {
"id": "CWE-307",
"name": "Improper Restriction of Excessive Authentication Attempts"
},
"notes": [
{
"category": "summary",
"text": "The switch lacks a login time-out feature to prevent high-speed automated username and password combination guessing. An attacker may gain access by brute forcing of usernames and passwords.CVE-2018-13990 has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-13990"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends that users of FL SWITCH devices with affected firmware versions update the firmware to Version 1.35 or higher, which fixes these vulnerabilities. The updated firmware may be downloaded from the managed switch product page on the Phoenix Contact website. Please see the CERT VDE advisory for these vulnerabilities for the location of the new firmware download for each specific product: https://cert.vde.com/de-de/advisories/vde-2019-001",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2019-001"
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends that users using the Phoenix Contact managed FL SWITCH devices enable HTTP security.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2018-13992",
"cwe": {
"id": "CWE-319",
"name": "Cleartext Transmission of Sensitive Information"
},
"notes": [
{
"category": "summary",
"text": "The default setting of the Web UI (HTTP) allows user credentials to be transmitted unencrypted.CVE-2018-13992 has been assigned to this vulnerability. A CVSS v3 base score of 8.2 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-13992"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends that users of FL SWITCH devices with affected firmware versions update the firmware to Version 1.35 or higher, which fixes these vulnerabilities. The updated firmware may be downloaded from the managed switch product page on the Phoenix Contact website. Please see the CERT VDE advisory for these vulnerabilities for the location of the new firmware download for each specific product: https://cert.vde.com/de-de/advisories/vde-2019-001",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2019-001"
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends that users using the Phoenix Contact managed FL SWITCH devices enable HTTP security.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2018-13994",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "An attacker can initiate a web denial-of-service attack by producing an excessive number of Web UI connections.CVE-2018-13994 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-13994"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends that users of FL SWITCH devices with affected firmware versions update the firmware to Version 1.35 or higher, which fixes these vulnerabilities. The updated firmware may be downloaded from the managed switch product page on the Phoenix Contact website. Please see the CERT VDE advisory for these vulnerabilities for the location of the new firmware download for each specific product: https://cert.vde.com/de-de/advisories/vde-2019-001",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2019-001"
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends that users using the Phoenix Contact managed FL SWITCH devices enable HTTP security.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2018-13991",
"cwe": {
"id": "CWE-922",
"name": "Insecure Storage of Sensitive Information"
},
"notes": [
{
"category": "summary",
"text": "An attacker may extract the switch \u0027s default private keys from its firmware image.CVE-2018-13991 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-13991"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends that users of FL SWITCH devices with affected firmware versions update the firmware to Version 1.35 or higher, which fixes these vulnerabilities. The updated firmware may be downloaded from the managed switch product page on the Phoenix Contact website. Please see the CERT VDE advisory for these vulnerabilities for the location of the new firmware download for each specific product: https://cert.vde.com/de-de/advisories/vde-2019-001",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2019-001"
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends that users using the Phoenix Contact managed FL SWITCH devices enable HTTP security.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2017-3735",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "Buffer errors in the existing switch security library may allow a denial-of-service condition.CVE-2017-3735 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3735"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends that users of FL SWITCH devices with affected firmware versions update the firmware to Version 1.35 or higher, which fixes these vulnerabilities. The updated firmware may be downloaded from the managed switch product page on the Phoenix Contact website. Please see the CERT VDE advisory for these vulnerabilities for the location of the new firmware download for each specific product: https://cert.vde.com/de-de/advisories/vde-2019-001",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2019-001"
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends that users using the Phoenix Contact managed FL SWITCH devices enable HTTP security.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
}
]
}
VAR-201905-0719
Vulnerability from variot - Updated: 2024-11-23 19:39The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is vulnerable to a denial-of-service attack by making more than 120 connections. PhoenixContactFLSWITCH is an industrial Ethernet switch from the PhoenixContact group in Germany. A denial of service vulnerability exists in versions prior to PhoenixContactFLSWITCH3xxx1.35, prior to 4xxx1.35, and prior to 48xx1.35, which could allow an attacker to exploit a vulnerability by making a large number of WebUI connections. A cross-site request-forgery vulnerability. 2. An authentication-bypass vulnerability. 3. Multiple information-disclosure vulnerabilities. 4. A denial-of-service vulnerability. Attackers can exploit these issues to bypass the authentication process, obtain sensitive information, and perform unauthorized actions. Failed exploit attempts will likely cause a denial-of-service condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-0719",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fl switch 4000t-8poe-2sfp-r",
"scope": "gte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.0"
},
{
"model": "fl switch 4824e-4gc",
"scope": "lte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.34"
},
{
"model": "fl switch 3008t",
"scope": "gte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.0"
},
{
"model": "fl switch 4008t-2sfp",
"scope": "gte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.0"
},
{
"model": "fl switch 4808e-16fx sm-4gc",
"scope": "lte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.34"
},
{
"model": "fl switch 4808e-16fx sm lc-4gc",
"scope": "gte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.0"
},
{
"model": "fl switch 4008t-2gt-3fx sm",
"scope": "lte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.34"
},
{
"model": "fl switch 3005",
"scope": "lte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.34"
},
{
"model": "fl switch 3016",
"scope": "gte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.0"
},
{
"model": "fl switch 3016t",
"scope": "lte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.34"
},
{
"model": "fl switch 3004t-fx",
"scope": "gte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.0"
},
{
"model": "fl switch 3004t-fx st",
"scope": "lte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.34"
},
{
"model": "fl switch 4800e-24fx sm-4gc",
"scope": "lte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.34"
},
{
"model": "fl switch 3008",
"scope": "gte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.0"
},
{
"model": "fl switch 4012t-2gt-2fx st",
"scope": "gte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.0"
},
{
"model": "fl switch 3012e-2sfx",
"scope": "lte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.34"
},
{
"model": "fl switch 4808e-16fx-4gc",
"scope": "lte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.34"
},
{
"model": "fl switch 3005t",
"scope": "gte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.0"
},
{
"model": "fl switch 3006t-2fx",
"scope": "gte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.0"
},
{
"model": "fl switch 3012e-2fx sm",
"scope": "lte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.34"
},
{
"model": "fl switch 4808e-16fx lc-4gc",
"scope": "gte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.0"
},
{
"model": "fl switch 4000t-8poe-2sfp-r",
"scope": "lte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.34"
},
{
"model": "fl switch 3012e-2fx sm",
"scope": "gte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.0"
},
{
"model": "fl switch 3006t-2fx st",
"scope": "lte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.34"
},
{
"model": "fl switch 3016e",
"scope": "gte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.0"
},
{
"model": "fl switch 3008t",
"scope": "lte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.34"
},
{
"model": "fl switch 3006t-2fx sm",
"scope": "lte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.34"
},
{
"model": "fl switch 4008t-2sfp",
"scope": "lte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.34"
},
{
"model": "fl switch 4012t 2gt 2fx",
"scope": "gte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.0"
},
{
"model": "fl switch 4808e-16fx sm lc-4gc",
"scope": "lte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.34"
},
{
"model": "fl switch 4808e-16fx st-4gc",
"scope": "gte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.0"
},
{
"model": "fl switch 4800e-24fx-4gc",
"scope": "gte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.0"
},
{
"model": "fl switch 4808e-16fx sm st-4gc",
"scope": "lte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.34"
},
{
"model": "fl switch 3004t-fx",
"scope": "lte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.34"
},
{
"model": "fl switch 4008t-2gt-4fx sm",
"scope": "gte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.0"
},
{
"model": "fl switch 3008",
"scope": "lte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.34"
},
{
"model": "fl switch 4808e-16fx sm-4gc",
"scope": "gte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.0"
},
{
"model": "fl switch 3005t",
"scope": "lte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.34"
},
{
"model": "fl switch 4008t-2gt-3fx sm",
"scope": "gte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.0"
},
{
"model": "fl switch 4808e-16fx lc-4gc",
"scope": "lte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.34"
},
{
"model": "fl switch 3004t-fx st",
"scope": "gte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.0"
},
{
"model": "fl switch 4824e-4gc",
"scope": "gte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.0"
},
{
"model": "fl switch 4800e-24fx sm-4gc",
"scope": "gte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.0"
},
{
"model": "fl switch 3005",
"scope": "gte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.0"
},
{
"model": "fl switch 3016",
"scope": "lte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.34"
},
{
"model": "fl switch 3016t",
"scope": "gte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.0"
},
{
"model": "fl switch 4012t-2gt-2fx st",
"scope": "lte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.34"
},
{
"model": "fl switch 3006t-2fx",
"scope": "lte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.34"
},
{
"model": "fl switch 4808e-16fx st-4gc",
"scope": "lte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.34"
},
{
"model": "fl switch 4008t-2gt-4fx sm",
"scope": "lte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.34"
},
{
"model": "fl switch 3006t-2fx sm",
"scope": "gte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.0"
},
{
"model": "fl switch 4808e-16fx-4gc",
"scope": "gte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.0"
},
{
"model": "fl switch 3006t-2fx st",
"scope": "gte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.0"
},
{
"model": "fl switch 3016e",
"scope": "lte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.34"
},
{
"model": "fl switch 3012e-2sfx",
"scope": "gte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.0"
},
{
"model": "fl switch 4800e-24fx-4gc",
"scope": "lte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.34"
},
{
"model": "fl switch 4012t 2gt 2fx",
"scope": "lte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.34"
},
{
"model": "fl switch 4808e-16fx sm st-4gc",
"scope": "gte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.0"
},
{
"model": "fl switch 3004t-fx st",
"scope": "eq",
"trust": 0.8,
"vendor": "phoenix contact",
"version": "1.0 to 1.34"
},
{
"model": "fl switch 3004t-fx",
"scope": "eq",
"trust": 0.8,
"vendor": "phoenix contact",
"version": "1.0 to 1.34"
},
{
"model": "fl switch 3005",
"scope": "eq",
"trust": 0.8,
"vendor": "phoenix contact",
"version": "1.0 to 1.34"
},
{
"model": "fl switch 3005t",
"scope": "eq",
"trust": 0.8,
"vendor": "phoenix contact",
"version": "1.0 to 1.34"
},
{
"model": "fl switch 3006t-2fx st",
"scope": "eq",
"trust": 0.8,
"vendor": "phoenix contact",
"version": "1.0 to 1.34"
},
{
"model": "fl switch 3006t-2fx",
"scope": "eq",
"trust": 0.8,
"vendor": "phoenix contact",
"version": "1.0 to 1.34"
},
{
"model": "fl switch 3008",
"scope": "eq",
"trust": 0.8,
"vendor": "phoenix contact",
"version": "1.0 to 1.34"
},
{
"model": "fl switch 3008t",
"scope": "eq",
"trust": 0.8,
"vendor": "phoenix contact",
"version": "1.0 to 1.34"
},
{
"model": "fl switch 3012e-2sfx",
"scope": "eq",
"trust": 0.8,
"vendor": "phoenix contact",
"version": "1.0 to 1.34"
},
{
"model": "fl switch 3016e",
"scope": "eq",
"trust": 0.8,
"vendor": "phoenix contact",
"version": "1.0 to 1.34"
},
{
"model": "contact fl switch",
"scope": "eq",
"trust": 0.6,
"vendor": "phoenix",
"version": "3xxx\u003c1.35"
},
{
"model": "contact fl switch",
"scope": "eq",
"trust": 0.6,
"vendor": "phoenix",
"version": "4xxx\u003c1.35"
},
{
"model": "contact fl switch",
"scope": "eq",
"trust": 0.6,
"vendor": "phoenix",
"version": "48xx\u003c1.35"
},
{
"model": "contact fl switch series",
"scope": "eq",
"trust": 0.3,
"vendor": "phoenix",
"version": "4xxx1.32"
},
{
"model": "contact fl switch series",
"scope": "eq",
"trust": 0.3,
"vendor": "phoenix",
"version": "4xxx1.0"
},
{
"model": "contact fl switch series",
"scope": "eq",
"trust": 0.3,
"vendor": "phoenix",
"version": "48xx1.32"
},
{
"model": "contact fl switch series",
"scope": "eq",
"trust": 0.3,
"vendor": "phoenix",
"version": "48xx1.0"
},
{
"model": "contact fl switch series",
"scope": "eq",
"trust": 0.3,
"vendor": "phoenix",
"version": "3xxx1.32"
},
{
"model": "contact fl switch series",
"scope": "eq",
"trust": 0.3,
"vendor": "phoenix",
"version": "3xxx1.0"
},
{
"model": "contact fl switch series",
"scope": "ne",
"trust": 0.3,
"vendor": "phoenix",
"version": "4xxx1.35"
},
{
"model": "contact fl switch series",
"scope": "ne",
"trust": 0.3,
"vendor": "phoenix",
"version": "48xx1.35"
},
{
"model": "contact fl switch series",
"scope": "ne",
"trust": 0.3,
"vendor": "phoenix",
"version": "3xxx1.35"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-03261"
},
{
"db": "BID",
"id": "106737"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015397"
},
{
"db": "NVD",
"id": "CVE-2018-13994"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:phoenixcontact:fl_switch_3004t-fx_st_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:phoenixcontact:fl_switch_3004t-fx_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:phoenixcontact:fl_switch_3005_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:phoenixcontact:fl_switch_3005t_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:phoenixcontact:fl_switch_3006t-2fx_st_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:phoenixcontact:fl_switch_3006t-2fx_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:phoenixcontact:fl_switch_3008_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:phoenixcontact:fl_switch_3008t_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:phoenixcontact:fl_switch_3012e-2sfx_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:phoenixcontact:fl_switch_3016e_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015397"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "working with Evgeniy Druzhinin,Phoenix Contact, Ilya Karpov, and Georgy Zaytsev of Positive Technologies.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-895"
}
],
"trust": 0.6
},
"cve": "CVE-2018-13994",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-13994",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-03261",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-13994",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-13994",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cve@mitre.org",
"id": "CVE-2018-13994",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-13994",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-03261",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201901-895",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-03261"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015397"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-895"
},
{
"db": "NVD",
"id": "CVE-2018-13994"
},
{
"db": "NVD",
"id": "CVE-2018-13994"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is vulnerable to a denial-of-service attack by making more than 120 connections. PhoenixContactFLSWITCH is an industrial Ethernet switch from the PhoenixContact group in Germany. A denial of service vulnerability exists in versions prior to PhoenixContactFLSWITCH3xxx1.35, prior to 4xxx1.35, and prior to 48xx1.35, which could allow an attacker to exploit a vulnerability by making a large number of WebUI connections. A cross-site request-forgery vulnerability. \n2. An authentication-bypass vulnerability. \n3. Multiple information-disclosure vulnerabilities. \n4. A denial-of-service vulnerability. \nAttackers can exploit these issues to bypass the authentication process, obtain sensitive information, and perform unauthorized actions. Failed exploit attempts will likely cause a denial-of-service condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-13994"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015397"
},
{
"db": "CNVD",
"id": "CNVD-2019-03261"
},
{
"db": "BID",
"id": "106737"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-19-024-02",
"trust": 3.3
},
{
"db": "NVD",
"id": "CVE-2018-13994",
"trust": 3.3
},
{
"db": "BID",
"id": "106737",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015397",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-03261",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201901-895",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-03261"
},
{
"db": "BID",
"id": "106737"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015397"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-895"
},
{
"db": "NVD",
"id": "CVE-2018-13994"
}
]
},
"id": "VAR-201905-0719",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-03261"
}
],
"trust": 1.4020833499999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-03261"
}
]
},
"last_update_date": "2024-11-23T19:39:51.790000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.phoenixcontact.com/online/portal/us"
},
{
"title": "Patch for PhoenixContactFLSWITCH Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/151751"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-03261"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015397"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015397"
},
{
"db": "NVD",
"id": "CVE-2018-13994"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-024-02"
},
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/106737"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-13994"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13994"
},
{
"trust": 0.3,
"url": "https://www.phoenixcontact.com/online/portal/pc"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-03261"
},
{
"db": "BID",
"id": "106737"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015397"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-895"
},
{
"db": "NVD",
"id": "CVE-2018-13994"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-03261"
},
{
"db": "BID",
"id": "106737"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015397"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-895"
},
{
"db": "NVD",
"id": "CVE-2018-13994"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-03261"
},
{
"date": "2019-01-24T00:00:00",
"db": "BID",
"id": "106737"
},
{
"date": "2019-06-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015397"
},
{
"date": "2019-01-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-895"
},
{
"date": "2019-05-07T18:29:00.583000",
"db": "NVD",
"id": "CVE-2018-13994"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-03261"
},
{
"date": "2019-01-24T00:00:00",
"db": "BID",
"id": "106737"
},
{
"date": "2019-06-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015397"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-895"
},
{
"date": "2024-11-21T03:48:23.860000",
"db": "NVD",
"id": "CVE-2018-13994"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-895"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural PHOENIX CONTACT FL SWITCH Product depletion vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015397"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-895"
}
],
"trust": 0.6
}
}
VDE-2019-001
Vulnerability from csaf_phoenixcontactgmbhcokg - Published: 2019-01-23 12:02 - Updated: 2025-05-14 13:00Summary
PHOENIX CONTACT: Multiple Vulnerabilities in FL SWITCH 3xxx, 4xxx and 48xx
Notes
Summary: Multiple vulnerabilities for FL SWITCH have been identified in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx version 1.0 to 1.34.
Impact: [TODO]
Remediation: ## Remediation for CWE-319 (CVE-2018-13992)
Customers using Phoenix Contact managed FL SWITCH devices are recommended to enable HTTP security.
## Remediation for Multiple CWEs:
(CWE-352 (CVE-2018-13993), CWE-307 (CVE-2018-13990), CWE-400 (CVE-2018-13994), CWE-922 (CVE-2018-13991), CWE-119 (CVE-2017-3735))
Customers using Phoenix Contact managed FL SWITCH devices with affected firmware versions are recommended to update the firmware to version **1.35 or higher**, which fixes these vulnerabilities.
The updated firmware may be downloaded from the managed switch product page on the Phoenix Contact website:
| Article No. | Model | Updated Firmware |
|-------------|--------------------------------|------------------|
| 2891033 | FL SWITCH 3004T-FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-2891033?type=firmware_update) |
| 2891034 | FL SWITCH 3004T-FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-st-2891034?type=firmware_update) |
| 2891030 | FL SWITCH 3005 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005-2891030?type=firmware_update) |
| 2891032 | FL SWITCH 3005T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005t-2891032?type=firmware_update) |
| 2891036 | FL SWITCH 3006T-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-2891036?type=firmware_update) |
| 2891060 | FL SWITCH 3006T-2FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-sm-2891060?type=firmware_update) |
| 2891037 | FL SWITCH 3006T-2FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-st-2891037?type=firmware_update) |
| 2891031 | FL SWITCH 3008 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008-2891031?type=firmware_update) |
| 2891035 | FL SWITCH 3008T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008t-2891035?type=firmware_update) |
| 2891120 | FL SWITCH 3012E-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-2891120?type=firmware_update) |
| 2891119 | FL SWITCH 3012E-2FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-sm-2891119?type=firmware_update) |
| 2891067 | FL SWITCH 3012E-2SFX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2sfx-2891067?type=firmware_update) |
| 2891058 | FL SWITCH 3016 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016-2891058?type=firmware_update) |
| 2891066 | FL SWITCH 3016E | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016e-2891066?type=firmware_update) |
| 2891059 | FL SWITCH 3016T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016t-2891059?type=firmware_update) |
| 1026924 | FL SWITCH 4000T-4POE-1SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-4poe-1sfp-1026924?type=firmware_update) |
| 1026923 | FL SWITCH 4000T-8POE-2SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-8poe-2sfp-1026923?type=firmware_update) |
| 1026922 | FL SWITCH 4004T-8POE-4SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4004t-8poe-4sfp-1026922?type=firmware_update) |
| 2891160 | FL SWITCH 4008T-2GT-3FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-3fx-sm-2891160?type=firmware_update) |
| 2891061 | FL SWITCH 4008T-2GT-4FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-4fx-sm-2891061?type=firmware_update) |
| 2891062 | FL SWITCH 4008T-2SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2sfp-2891062?type=firmware_update) |
| 2891063 | FL SWITCH 4012T-2GT-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-2891063?type=firmware_update) |
| 2891161 | FL SWITCH 4012T-2GT-2FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-st-2891161?type=firmware_update) |
| 2891104 | FL SWITCH 4800E-24FX SM-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-sm-4gc-2891104?type=firmware_update) |
| 2891102 | FL SWITCH 4800E-24FX-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-4gc-2891102?type=firmware_update) |
| 2891073 | FL SWITCH 4808E-16FX LC-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-lc-4gc-2891073?type=firmware_update) |
| 2891074 | FL SWITCH 4808E-16FX SM LC-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-lc-4gc-2891074?type=firmware_update) |
| 2891086 | FL SWITCH 4808E-16FX SM ST-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-st-4gc-2891086?type=firmware_update) |
The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is vulnerable to a denial-of-service attack by making more than 120 connections.
7.5 (High)
Vendor Fix
## Remediation for CWE-319 (CVE-2018-13992)
Customers using Phoenix Contact managed FL SWITCH devices are recommended to enable HTTP security.
## Remediation for Multiple CWEs:
(CWE-352 (CVE-2018-13993), CWE-307 (CVE-2018-13990), CWE-400 (CVE-2018-13994), CWE-922 (CVE-2018-13991), CWE-119 (CVE-2017-3735))
Customers using Phoenix Contact managed FL SWITCH devices with affected firmware versions are recommended to update the firmware to version **1.35 or higher**, which fixes these vulnerabilities.
The updated firmware may be downloaded from the managed switch product page on the Phoenix Contact website:
| Article No. | Model | Updated Firmware |
|-------------|--------------------------------|------------------|
| 2891033 | FL SWITCH 3004T-FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-2891033?type=firmware_update) |
| 2891034 | FL SWITCH 3004T-FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-st-2891034?type=firmware_update) |
| 2891030 | FL SWITCH 3005 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005-2891030?type=firmware_update) |
| 2891032 | FL SWITCH 3005T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005t-2891032?type=firmware_update) |
| 2891036 | FL SWITCH 3006T-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-2891036?type=firmware_update) |
| 2891060 | FL SWITCH 3006T-2FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-sm-2891060?type=firmware_update) |
| 2891037 | FL SWITCH 3006T-2FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-st-2891037?type=firmware_update) |
| 2891031 | FL SWITCH 3008 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008-2891031?type=firmware_update) |
| 2891035 | FL SWITCH 3008T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008t-2891035?type=firmware_update) |
| 2891120 | FL SWITCH 3012E-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-2891120?type=firmware_update) |
| 2891119 | FL SWITCH 3012E-2FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-sm-2891119?type=firmware_update) |
| 2891067 | FL SWITCH 3012E-2SFX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2sfx-2891067?type=firmware_update) |
| 2891058 | FL SWITCH 3016 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016-2891058?type=firmware_update) |
| 2891066 | FL SWITCH 3016E | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016e-2891066?type=firmware_update) |
| 2891059 | FL SWITCH 3016T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016t-2891059?type=firmware_update) |
| 1026924 | FL SWITCH 4000T-4POE-1SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-4poe-1sfp-1026924?type=firmware_update) |
| 1026923 | FL SWITCH 4000T-8POE-2SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-8poe-2sfp-1026923?type=firmware_update) |
| 1026922 | FL SWITCH 4004T-8POE-4SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4004t-8poe-4sfp-1026922?type=firmware_update) |
| 2891160 | FL SWITCH 4008T-2GT-3FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-3fx-sm-2891160?type=firmware_update) |
| 2891061 | FL SWITCH 4008T-2GT-4FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-4fx-sm-2891061?type=firmware_update) |
| 2891062 | FL SWITCH 4008T-2SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2sfp-2891062?type=firmware_update) |
| 2891063 | FL SWITCH 4012T-2GT-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-2891063?type=firmware_update) |
| 2891161 | FL SWITCH 4012T-2GT-2FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-st-2891161?type=firmware_update) |
| 2891104 | FL SWITCH 4800E-24FX SM-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-sm-4gc-2891104?type=firmware_update) |
| 2891102 | FL SWITCH 4800E-24FX-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-4gc-2891102?type=firmware_update) |
| 2891073 | FL SWITCH 4808E-16FX LC-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-lc-4gc-2891073?type=firmware_update) |
| 2891074 | FL SWITCH 4808E-16FX SM LC-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-lc-4gc-2891074?type=firmware_update) |
| 2891086 | FL SWITCH 4808E-16FX SM ST-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-st-4gc-2891086?type=firmware_update) |
The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 leaks private information in firmware images.
5.3 (Medium)
Vendor Fix
## Remediation for CWE-319 (CVE-2018-13992)
Customers using Phoenix Contact managed FL SWITCH devices are recommended to enable HTTP security.
## Remediation for Multiple CWEs:
(CWE-352 (CVE-2018-13993), CWE-307 (CVE-2018-13990), CWE-400 (CVE-2018-13994), CWE-922 (CVE-2018-13991), CWE-119 (CVE-2017-3735))
Customers using Phoenix Contact managed FL SWITCH devices with affected firmware versions are recommended to update the firmware to version **1.35 or higher**, which fixes these vulnerabilities.
The updated firmware may be downloaded from the managed switch product page on the Phoenix Contact website:
| Article No. | Model | Updated Firmware |
|-------------|--------------------------------|------------------|
| 2891033 | FL SWITCH 3004T-FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-2891033?type=firmware_update) |
| 2891034 | FL SWITCH 3004T-FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-st-2891034?type=firmware_update) |
| 2891030 | FL SWITCH 3005 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005-2891030?type=firmware_update) |
| 2891032 | FL SWITCH 3005T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005t-2891032?type=firmware_update) |
| 2891036 | FL SWITCH 3006T-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-2891036?type=firmware_update) |
| 2891060 | FL SWITCH 3006T-2FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-sm-2891060?type=firmware_update) |
| 2891037 | FL SWITCH 3006T-2FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-st-2891037?type=firmware_update) |
| 2891031 | FL SWITCH 3008 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008-2891031?type=firmware_update) |
| 2891035 | FL SWITCH 3008T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008t-2891035?type=firmware_update) |
| 2891120 | FL SWITCH 3012E-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-2891120?type=firmware_update) |
| 2891119 | FL SWITCH 3012E-2FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-sm-2891119?type=firmware_update) |
| 2891067 | FL SWITCH 3012E-2SFX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2sfx-2891067?type=firmware_update) |
| 2891058 | FL SWITCH 3016 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016-2891058?type=firmware_update) |
| 2891066 | FL SWITCH 3016E | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016e-2891066?type=firmware_update) |
| 2891059 | FL SWITCH 3016T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016t-2891059?type=firmware_update) |
| 1026924 | FL SWITCH 4000T-4POE-1SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-4poe-1sfp-1026924?type=firmware_update) |
| 1026923 | FL SWITCH 4000T-8POE-2SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-8poe-2sfp-1026923?type=firmware_update) |
| 1026922 | FL SWITCH 4004T-8POE-4SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4004t-8poe-4sfp-1026922?type=firmware_update) |
| 2891160 | FL SWITCH 4008T-2GT-3FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-3fx-sm-2891160?type=firmware_update) |
| 2891061 | FL SWITCH 4008T-2GT-4FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-4fx-sm-2891061?type=firmware_update) |
| 2891062 | FL SWITCH 4008T-2SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2sfp-2891062?type=firmware_update) |
| 2891063 | FL SWITCH 4012T-2GT-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-2891063?type=firmware_update) |
| 2891161 | FL SWITCH 4012T-2GT-2FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-st-2891161?type=firmware_update) |
| 2891104 | FL SWITCH 4800E-24FX SM-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-sm-4gc-2891104?type=firmware_update) |
| 2891102 | FL SWITCH 4800E-24FX-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-4gc-2891102?type=firmware_update) |
| 2891073 | FL SWITCH 4808E-16FX LC-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-lc-4gc-2891073?type=firmware_update) |
| 2891074 | FL SWITCH 4808E-16FX SM LC-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-lc-4gc-2891074?type=firmware_update) |
| 2891086 | FL SWITCH 4808E-16FX SM ST-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-st-4gc-2891086?type=firmware_update) |
While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.
5.3 (Medium)
Vendor Fix
## Remediation for CWE-319 (CVE-2018-13992)
Customers using Phoenix Contact managed FL SWITCH devices are recommended to enable HTTP security.
## Remediation for Multiple CWEs:
(CWE-352 (CVE-2018-13993), CWE-307 (CVE-2018-13990), CWE-400 (CVE-2018-13994), CWE-922 (CVE-2018-13991), CWE-119 (CVE-2017-3735))
Customers using Phoenix Contact managed FL SWITCH devices with affected firmware versions are recommended to update the firmware to version **1.35 or higher**, which fixes these vulnerabilities.
The updated firmware may be downloaded from the managed switch product page on the Phoenix Contact website:
| Article No. | Model | Updated Firmware |
|-------------|--------------------------------|------------------|
| 2891033 | FL SWITCH 3004T-FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-2891033?type=firmware_update) |
| 2891034 | FL SWITCH 3004T-FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-st-2891034?type=firmware_update) |
| 2891030 | FL SWITCH 3005 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005-2891030?type=firmware_update) |
| 2891032 | FL SWITCH 3005T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005t-2891032?type=firmware_update) |
| 2891036 | FL SWITCH 3006T-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-2891036?type=firmware_update) |
| 2891060 | FL SWITCH 3006T-2FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-sm-2891060?type=firmware_update) |
| 2891037 | FL SWITCH 3006T-2FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-st-2891037?type=firmware_update) |
| 2891031 | FL SWITCH 3008 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008-2891031?type=firmware_update) |
| 2891035 | FL SWITCH 3008T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008t-2891035?type=firmware_update) |
| 2891120 | FL SWITCH 3012E-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-2891120?type=firmware_update) |
| 2891119 | FL SWITCH 3012E-2FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-sm-2891119?type=firmware_update) |
| 2891067 | FL SWITCH 3012E-2SFX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2sfx-2891067?type=firmware_update) |
| 2891058 | FL SWITCH 3016 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016-2891058?type=firmware_update) |
| 2891066 | FL SWITCH 3016E | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016e-2891066?type=firmware_update) |
| 2891059 | FL SWITCH 3016T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016t-2891059?type=firmware_update) |
| 1026924 | FL SWITCH 4000T-4POE-1SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-4poe-1sfp-1026924?type=firmware_update) |
| 1026923 | FL SWITCH 4000T-8POE-2SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-8poe-2sfp-1026923?type=firmware_update) |
| 1026922 | FL SWITCH 4004T-8POE-4SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4004t-8poe-4sfp-1026922?type=firmware_update) |
| 2891160 | FL SWITCH 4008T-2GT-3FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-3fx-sm-2891160?type=firmware_update) |
| 2891061 | FL SWITCH 4008T-2GT-4FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-4fx-sm-2891061?type=firmware_update) |
| 2891062 | FL SWITCH 4008T-2SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2sfp-2891062?type=firmware_update) |
| 2891063 | FL SWITCH 4012T-2GT-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-2891063?type=firmware_update) |
| 2891161 | FL SWITCH 4012T-2GT-2FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-st-2891161?type=firmware_update) |
| 2891104 | FL SWITCH 4800E-24FX SM-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-sm-4gc-2891104?type=firmware_update) |
| 2891102 | FL SWITCH 4800E-24FX-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-4gc-2891102?type=firmware_update) |
| 2891073 | FL SWITCH 4808E-16FX LC-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-lc-4gc-2891073?type=firmware_update) |
| 2891074 | FL SWITCH 4808E-16FX SM LC-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-lc-4gc-2891074?type=firmware_update) |
| 2891086 | FL SWITCH 4808E-16FX SM ST-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-st-4gc-2891086?type=firmware_update) |
The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is prone to CSRF.
8.8 (High)
Vendor Fix
## Remediation for CWE-319 (CVE-2018-13992)
Customers using Phoenix Contact managed FL SWITCH devices are recommended to enable HTTP security.
## Remediation for Multiple CWEs:
(CWE-352 (CVE-2018-13993), CWE-307 (CVE-2018-13990), CWE-400 (CVE-2018-13994), CWE-922 (CVE-2018-13991), CWE-119 (CVE-2017-3735))
Customers using Phoenix Contact managed FL SWITCH devices with affected firmware versions are recommended to update the firmware to version **1.35 or higher**, which fixes these vulnerabilities.
The updated firmware may be downloaded from the managed switch product page on the Phoenix Contact website:
| Article No. | Model | Updated Firmware |
|-------------|--------------------------------|------------------|
| 2891033 | FL SWITCH 3004T-FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-2891033?type=firmware_update) |
| 2891034 | FL SWITCH 3004T-FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-st-2891034?type=firmware_update) |
| 2891030 | FL SWITCH 3005 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005-2891030?type=firmware_update) |
| 2891032 | FL SWITCH 3005T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005t-2891032?type=firmware_update) |
| 2891036 | FL SWITCH 3006T-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-2891036?type=firmware_update) |
| 2891060 | FL SWITCH 3006T-2FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-sm-2891060?type=firmware_update) |
| 2891037 | FL SWITCH 3006T-2FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-st-2891037?type=firmware_update) |
| 2891031 | FL SWITCH 3008 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008-2891031?type=firmware_update) |
| 2891035 | FL SWITCH 3008T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008t-2891035?type=firmware_update) |
| 2891120 | FL SWITCH 3012E-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-2891120?type=firmware_update) |
| 2891119 | FL SWITCH 3012E-2FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-sm-2891119?type=firmware_update) |
| 2891067 | FL SWITCH 3012E-2SFX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2sfx-2891067?type=firmware_update) |
| 2891058 | FL SWITCH 3016 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016-2891058?type=firmware_update) |
| 2891066 | FL SWITCH 3016E | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016e-2891066?type=firmware_update) |
| 2891059 | FL SWITCH 3016T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016t-2891059?type=firmware_update) |
| 1026924 | FL SWITCH 4000T-4POE-1SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-4poe-1sfp-1026924?type=firmware_update) |
| 1026923 | FL SWITCH 4000T-8POE-2SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-8poe-2sfp-1026923?type=firmware_update) |
| 1026922 | FL SWITCH 4004T-8POE-4SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4004t-8poe-4sfp-1026922?type=firmware_update) |
| 2891160 | FL SWITCH 4008T-2GT-3FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-3fx-sm-2891160?type=firmware_update) |
| 2891061 | FL SWITCH 4008T-2GT-4FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-4fx-sm-2891061?type=firmware_update) |
| 2891062 | FL SWITCH 4008T-2SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2sfp-2891062?type=firmware_update) |
| 2891063 | FL SWITCH 4012T-2GT-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-2891063?type=firmware_update) |
| 2891161 | FL SWITCH 4012T-2GT-2FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-st-2891161?type=firmware_update) |
| 2891104 | FL SWITCH 4800E-24FX SM-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-sm-4gc-2891104?type=firmware_update) |
| 2891102 | FL SWITCH 4800E-24FX-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-4gc-2891102?type=firmware_update) |
| 2891073 | FL SWITCH 4808E-16FX LC-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-lc-4gc-2891073?type=firmware_update) |
| 2891074 | FL SWITCH 4808E-16FX SM LC-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-lc-4gc-2891074?type=firmware_update) |
| 2891086 | FL SWITCH 4808E-16FX SM ST-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-st-4gc-2891086?type=firmware_update) |
The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions prior to 1.35 is vulnerable to brute-force attacks, because of Improper Restriction of Excessive Authentication Attempts.
9.8 (Critical)
Vendor Fix
## Remediation for CWE-319 (CVE-2018-13992)
Customers using Phoenix Contact managed FL SWITCH devices are recommended to enable HTTP security.
## Remediation for Multiple CWEs:
(CWE-352 (CVE-2018-13993), CWE-307 (CVE-2018-13990), CWE-400 (CVE-2018-13994), CWE-922 (CVE-2018-13991), CWE-119 (CVE-2017-3735))
Customers using Phoenix Contact managed FL SWITCH devices with affected firmware versions are recommended to update the firmware to version **1.35 or higher**, which fixes these vulnerabilities.
The updated firmware may be downloaded from the managed switch product page on the Phoenix Contact website:
| Article No. | Model | Updated Firmware |
|-------------|--------------------------------|------------------|
| 2891033 | FL SWITCH 3004T-FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-2891033?type=firmware_update) |
| 2891034 | FL SWITCH 3004T-FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-st-2891034?type=firmware_update) |
| 2891030 | FL SWITCH 3005 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005-2891030?type=firmware_update) |
| 2891032 | FL SWITCH 3005T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005t-2891032?type=firmware_update) |
| 2891036 | FL SWITCH 3006T-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-2891036?type=firmware_update) |
| 2891060 | FL SWITCH 3006T-2FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-sm-2891060?type=firmware_update) |
| 2891037 | FL SWITCH 3006T-2FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-st-2891037?type=firmware_update) |
| 2891031 | FL SWITCH 3008 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008-2891031?type=firmware_update) |
| 2891035 | FL SWITCH 3008T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008t-2891035?type=firmware_update) |
| 2891120 | FL SWITCH 3012E-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-2891120?type=firmware_update) |
| 2891119 | FL SWITCH 3012E-2FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-sm-2891119?type=firmware_update) |
| 2891067 | FL SWITCH 3012E-2SFX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2sfx-2891067?type=firmware_update) |
| 2891058 | FL SWITCH 3016 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016-2891058?type=firmware_update) |
| 2891066 | FL SWITCH 3016E | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016e-2891066?type=firmware_update) |
| 2891059 | FL SWITCH 3016T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016t-2891059?type=firmware_update) |
| 1026924 | FL SWITCH 4000T-4POE-1SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-4poe-1sfp-1026924?type=firmware_update) |
| 1026923 | FL SWITCH 4000T-8POE-2SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-8poe-2sfp-1026923?type=firmware_update) |
| 1026922 | FL SWITCH 4004T-8POE-4SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4004t-8poe-4sfp-1026922?type=firmware_update) |
| 2891160 | FL SWITCH 4008T-2GT-3FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-3fx-sm-2891160?type=firmware_update) |
| 2891061 | FL SWITCH 4008T-2GT-4FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-4fx-sm-2891061?type=firmware_update) |
| 2891062 | FL SWITCH 4008T-2SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2sfp-2891062?type=firmware_update) |
| 2891063 | FL SWITCH 4012T-2GT-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-2891063?type=firmware_update) |
| 2891161 | FL SWITCH 4012T-2GT-2FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-st-2891161?type=firmware_update) |
| 2891104 | FL SWITCH 4800E-24FX SM-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-sm-4gc-2891104?type=firmware_update) |
| 2891102 | FL SWITCH 4800E-24FX-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-4gc-2891102?type=firmware_update) |
| 2891073 | FL SWITCH 4808E-16FX LC-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-lc-4gc-2891073?type=firmware_update) |
| 2891074 | FL SWITCH 4808E-16FX SM LC-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-lc-4gc-2891074?type=firmware_update) |
| 2891086 | FL SWITCH 4808E-16FX SM ST-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-st-4gc-2891086?type=firmware_update) |
The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 allows for plaintext transmission (HTTP) of user credentials by default.
9.8 (Critical)
Vendor Fix
## Remediation for CWE-319 (CVE-2018-13992)
Customers using Phoenix Contact managed FL SWITCH devices are recommended to enable HTTP security.
## Remediation for Multiple CWEs:
(CWE-352 (CVE-2018-13993), CWE-307 (CVE-2018-13990), CWE-400 (CVE-2018-13994), CWE-922 (CVE-2018-13991), CWE-119 (CVE-2017-3735))
Customers using Phoenix Contact managed FL SWITCH devices with affected firmware versions are recommended to update the firmware to version **1.35 or higher**, which fixes these vulnerabilities.
The updated firmware may be downloaded from the managed switch product page on the Phoenix Contact website:
| Article No. | Model | Updated Firmware |
|-------------|--------------------------------|------------------|
| 2891033 | FL SWITCH 3004T-FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-2891033?type=firmware_update) |
| 2891034 | FL SWITCH 3004T-FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-st-2891034?type=firmware_update) |
| 2891030 | FL SWITCH 3005 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005-2891030?type=firmware_update) |
| 2891032 | FL SWITCH 3005T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005t-2891032?type=firmware_update) |
| 2891036 | FL SWITCH 3006T-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-2891036?type=firmware_update) |
| 2891060 | FL SWITCH 3006T-2FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-sm-2891060?type=firmware_update) |
| 2891037 | FL SWITCH 3006T-2FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-st-2891037?type=firmware_update) |
| 2891031 | FL SWITCH 3008 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008-2891031?type=firmware_update) |
| 2891035 | FL SWITCH 3008T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008t-2891035?type=firmware_update) |
| 2891120 | FL SWITCH 3012E-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-2891120?type=firmware_update) |
| 2891119 | FL SWITCH 3012E-2FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-sm-2891119?type=firmware_update) |
| 2891067 | FL SWITCH 3012E-2SFX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2sfx-2891067?type=firmware_update) |
| 2891058 | FL SWITCH 3016 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016-2891058?type=firmware_update) |
| 2891066 | FL SWITCH 3016E | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016e-2891066?type=firmware_update) |
| 2891059 | FL SWITCH 3016T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016t-2891059?type=firmware_update) |
| 1026924 | FL SWITCH 4000T-4POE-1SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-4poe-1sfp-1026924?type=firmware_update) |
| 1026923 | FL SWITCH 4000T-8POE-2SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-8poe-2sfp-1026923?type=firmware_update) |
| 1026922 | FL SWITCH 4004T-8POE-4SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4004t-8poe-4sfp-1026922?type=firmware_update) |
| 2891160 | FL SWITCH 4008T-2GT-3FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-3fx-sm-2891160?type=firmware_update) |
| 2891061 | FL SWITCH 4008T-2GT-4FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-4fx-sm-2891061?type=firmware_update) |
| 2891062 | FL SWITCH 4008T-2SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2sfp-2891062?type=firmware_update) |
| 2891063 | FL SWITCH 4012T-2GT-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-2891063?type=firmware_update) |
| 2891161 | FL SWITCH 4012T-2GT-2FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-st-2891161?type=firmware_update) |
| 2891104 | FL SWITCH 4800E-24FX SM-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-sm-4gc-2891104?type=firmware_update) |
| 2891102 | FL SWITCH 4800E-24FX-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-4gc-2891102?type=firmware_update) |
| 2891073 | FL SWITCH 4808E-16FX LC-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-lc-4gc-2891073?type=firmware_update) |
| 2891074 | FL SWITCH 4808E-16FX SM LC-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-lc-4gc-2891074?type=firmware_update) |
| 2891086 | FL SWITCH 4808E-16FX SM ST-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-st-4gc-2891086?type=firmware_update) |
References
Acknowledgments
CERT@VDE
certvde.com
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
},
{
"names": [
"Evgeniy Druzhinin",
"Ilya Karpov",
"Georgy Zaytsev"
],
"organization": "Positive Technologies",
"summary": "reporting",
"urls": [
"https://www.phoenixcontact.com"
]
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "Multiple vulnerabilities for FL SWITCH have been identified in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx version 1.0 to 1.34.",
"title": "Summary"
},
{
"category": "description",
"text": "[TODO]",
"title": "Impact"
},
{
"category": "description",
"text": "## Remediation for CWE-319 (CVE-2018-13992)\n\nCustomers using Phoenix Contact managed FL SWITCH devices are recommended to enable HTTP security.\n\n## Remediation for Multiple CWEs:\n(CWE-352 (CVE-2018-13993), CWE-307 (CVE-2018-13990), CWE-400 (CVE-2018-13994), CWE-922 (CVE-2018-13991), CWE-119 (CVE-2017-3735))\n\nCustomers using Phoenix Contact managed FL SWITCH devices with affected firmware versions are recommended to update the firmware to version **1.35 or higher**, which fixes these vulnerabilities. \nThe updated firmware may be downloaded from the managed switch product page on the Phoenix Contact website:\n\n| Article No. | Model | Updated Firmware |\n|-------------|--------------------------------|------------------|\n| 2891033 | FL SWITCH 3004T-FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-2891033?type=firmware_update) |\n| 2891034 | FL SWITCH 3004T-FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-st-2891034?type=firmware_update) |\n| 2891030 | FL SWITCH 3005 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005-2891030?type=firmware_update) |\n| 2891032 | FL SWITCH 3005T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005t-2891032?type=firmware_update) |\n| 2891036 | FL SWITCH 3006T-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-2891036?type=firmware_update) |\n| 2891060 | FL SWITCH 3006T-2FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-sm-2891060?type=firmware_update) |\n| 2891037 | FL SWITCH 3006T-2FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-st-2891037?type=firmware_update) |\n| 2891031 | FL SWITCH 3008 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008-2891031?type=firmware_update) |\n| 2891035 | FL SWITCH 3008T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008t-2891035?type=firmware_update) |\n| 2891120 | FL SWITCH 3012E-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-2891120?type=firmware_update) |\n| 2891119 | FL SWITCH 3012E-2FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-sm-2891119?type=firmware_update) |\n| 2891067 | FL SWITCH 3012E-2SFX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2sfx-2891067?type=firmware_update) |\n| 2891058 | FL SWITCH 3016 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016-2891058?type=firmware_update) |\n| 2891066 | FL SWITCH 3016E | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016e-2891066?type=firmware_update) |\n| 2891059 | FL SWITCH 3016T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016t-2891059?type=firmware_update) |\n| 1026924 | FL SWITCH 4000T-4POE-1SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-4poe-1sfp-1026924?type=firmware_update) |\n| 1026923 | FL SWITCH 4000T-8POE-2SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-8poe-2sfp-1026923?type=firmware_update) |\n| 1026922 | FL SWITCH 4004T-8POE-4SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4004t-8poe-4sfp-1026922?type=firmware_update) |\n| 2891160 | FL SWITCH 4008T-2GT-3FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-3fx-sm-2891160?type=firmware_update) |\n| 2891061 | FL SWITCH 4008T-2GT-4FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-4fx-sm-2891061?type=firmware_update) |\n| 2891062 | FL SWITCH 4008T-2SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2sfp-2891062?type=firmware_update) |\n| 2891063 | FL SWITCH 4012T-2GT-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-2891063?type=firmware_update) |\n| 2891161 | FL SWITCH 4012T-2GT-2FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-st-2891161?type=firmware_update) |\n| 2891104 | FL SWITCH 4800E-24FX SM-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-sm-4gc-2891104?type=firmware_update) |\n| 2891102 | FL SWITCH 4800E-24FX-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-4gc-2891102?type=firmware_update) |\n| 2891073 | FL SWITCH 4808E-16FX LC-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-lc-4gc-2891073?type=firmware_update) |\n| 2891074 | FL SWITCH 4808E-16FX SM LC-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-lc-4gc-2891074?type=firmware_update) |\n| 2891086 | FL SWITCH 4808E-16FX SM ST-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-st-4gc-2891086?type=firmware_update) |",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@phoenixcontact.com",
"name": "Phoenix Contact GmbH \u0026 Co. KG",
"namespace": "https://phoenixcontact.com/psirt"
},
"references": [
{
"category": "external",
"summary": "Phoenix Contact PSIRT ",
"url": "https://www.phoenixcontact.com/de-de/service-und-support/psirt"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for Phoenix Contact GmbH \u0026 Co. KG",
"url": "https://certvde.com/de/advisories/vendor/phoenixcontact/"
},
{
"category": "self",
"summary": "VDE-2019-001: PHOENIX CONTACT: Multiple Vulnerabilities in FL SWITCH 3xxx, 4xxx and 48xx - HTML",
"url": "https://certvde.com/en/advisories/VDE-2019-001/"
},
{
"category": "self",
"summary": "VDE-2019-001: PHOENIX CONTACT: Multiple Vulnerabilities in FL SWITCH 3xxx, 4xxx and 48xx - CSAF",
"url": "https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2019/vde-2019-001.json"
}
],
"title": "PHOENIX CONTACT: Multiple Vulnerabilities in FL SWITCH 3xxx, 4xxx and 48xx",
"tracking": {
"aliases": [
"VDE-2019-001"
],
"current_release_date": "2025-05-14T13:00:15.000Z",
"generator": {
"date": "2025-03-14T10:59:27.750Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.21"
}
},
"id": "VDE-2019-001",
"initial_release_date": "2019-01-23T12:02:00.000Z",
"revision_history": [
{
"date": "2019-01-23T12:02:00.000Z",
"number": "1",
"summary": "Initial revision."
},
{
"date": "2025-05-14T13:00:15.000Z",
"number": "2",
"summary": "Fix: added distribution, status to final"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.34",
"product": {
"name": "Firmware \u003c=1.34",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version",
"name": "1.35",
"product": {
"name": "Firmware 1.35",
"product_id": "CSAFPID-22001"
}
},
{
"category": "product_version_range",
"name": "\u003c1.0",
"product": {
"name": "Firmware \u003c1.0",
"product_id": "CSAFPID-22002"
}
}
],
"category": "product_family",
"name": "Firmware"
},
{
"branches": [
{
"category": "product_name",
"name": "FL SWITCH 3004T-FX",
"product": {
"name": "FL SWITCH 3004T-FX",
"product_id": "CSAFPID-11001",
"product_identification_helper": {
"model_numbers": [
"2891033"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 3004T-FX ST",
"product": {
"name": "FL SWITCH 3004T-FX ST",
"product_id": "CSAFPID-11002",
"product_identification_helper": {
"model_numbers": [
"2891034"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 3005",
"product": {
"name": "FL SWITCH 3005",
"product_id": "CSAFPID-11003",
"product_identification_helper": {
"model_numbers": [
"2891030"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 3005T",
"product": {
"name": "FL SWITCH 3005T",
"product_id": "CSAFPID-11004",
"product_identification_helper": {
"model_numbers": [
"2891032"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 3006T-2FX",
"product": {
"name": "FL SWITCH 3006T-2FX",
"product_id": "CSAFPID-11005",
"product_identification_helper": {
"model_numbers": [
"2891036"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 3006T-2FX SM",
"product": {
"name": "FL SWITCH 3006T-2FX SM",
"product_id": "CSAFPID-11006",
"product_identification_helper": {
"model_numbers": [
"2891060"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 3006T-2FX ST",
"product": {
"name": "FL SWITCH 3006T-2FX ST",
"product_id": "CSAFPID-11007",
"product_identification_helper": {
"model_numbers": [
"2891037"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 3008",
"product": {
"name": "FL SWITCH 3008",
"product_id": "CSAFPID-11008",
"product_identification_helper": {
"model_numbers": [
"2891031"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 3008T",
"product": {
"name": "FL SWITCH 3008T",
"product_id": "CSAFPID-11009",
"product_identification_helper": {
"model_numbers": [
"2891035"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 3012E-2FX",
"product": {
"name": "FL SWITCH 3012E-2FX",
"product_id": "CSAFPID-11010",
"product_identification_helper": {
"model_numbers": [
"2891120"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 3012E-2FX SM",
"product": {
"name": "FL SWITCH 3012E-2FX SM",
"product_id": "CSAFPID-11011",
"product_identification_helper": {
"model_numbers": [
"2891119"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 3012E-2SFX",
"product": {
"name": "FL SWITCH 3012E-2SFX",
"product_id": "CSAFPID-11012",
"product_identification_helper": {
"model_numbers": [
"2891067"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 3016",
"product": {
"name": "FL SWITCH 3016",
"product_id": "CSAFPID-11013",
"product_identification_helper": {
"model_numbers": [
"2891058"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 3016E",
"product": {
"name": "FL SWITCH 3016E",
"product_id": "CSAFPID-11014",
"product_identification_helper": {
"model_numbers": [
"2891066"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 3016T",
"product": {
"name": "FL SWITCH 3016T",
"product_id": "CSAFPID-11015",
"product_identification_helper": {
"model_numbers": [
"2891059"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 4000T-4POE-1SFP",
"product": {
"name": "FL SWITCH 4000T-4POE-1SFP",
"product_id": "CSAFPID-11016",
"product_identification_helper": {
"model_numbers": [
"1026924"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 4000T-8POE-2SFP",
"product": {
"name": "FL SWITCH 4000T-8POE-2SFP",
"product_id": "CSAFPID-11017",
"product_identification_helper": {
"model_numbers": [
"1026923"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 4004T-8POE-4SFP",
"product": {
"name": "FL SWITCH 4004T-8POE-4SFP",
"product_id": "CSAFPID-11018",
"product_identification_helper": {
"model_numbers": [
"1026922"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 4008T-2GT-3FX SM",
"product": {
"name": "FL SWITCH 4008T-2GT-3FX SM",
"product_id": "CSAFPID-11019",
"product_identification_helper": {
"model_numbers": [
"2891160"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 4008T-2GT-4FX SM",
"product": {
"name": "FL SWITCH 4008T-2GT-4FX SM",
"product_id": "CSAFPID-11020",
"product_identification_helper": {
"model_numbers": [
"2891061"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 4008T-2SFP",
"product": {
"name": "FL SWITCH 4008T-2SFP",
"product_id": "CSAFPID-11021",
"product_identification_helper": {
"model_numbers": [
"2891062"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 4012T-2GT-2FX",
"product": {
"name": "FL SWITCH 4012T-2GT-2FX",
"product_id": "CSAFPID-11022",
"product_identification_helper": {
"model_numbers": [
"2891063"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 4012T-2GT-2FX ST",
"product": {
"name": "FL SWITCH 4012T-2GT-2FX ST",
"product_id": "CSAFPID-11023",
"product_identification_helper": {
"model_numbers": [
"2891161"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 4800E-24FX-4GC",
"product": {
"name": "FL SWITCH 4800E-24FX-4GC",
"product_id": "CSAFPID-11024",
"product_identification_helper": {
"model_numbers": [
"2891102"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 4800E-24FX SM-4GC",
"product": {
"name": "FL SWITCH 4800E-24FX SM-4GC",
"product_id": "CSAFPID-11025",
"product_identification_helper": {
"model_numbers": [
"2891104"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 4808E-16FX-4GC",
"product": {
"name": "FL SWITCH 4808E-16FX-4GC",
"product_id": "CSAFPID-11026",
"product_identification_helper": {
"model_numbers": [
"2891079"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 4808E-16FX LC-4GC",
"product": {
"name": "FL SWITCH 4808E-16FX LC-4GC",
"product_id": "CSAFPID-11027",
"product_identification_helper": {
"model_numbers": [
"2891073"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 4808E-16FX SM-4GC",
"product": {
"name": "FL SWITCH 4808E-16FX SM-4GC",
"product_id": "CSAFPID-11028",
"product_identification_helper": {
"model_numbers": [
"2891080"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 4808E-16FX SM LC-4GC",
"product": {
"name": "FL SWITCH 4808E-16FX SM LC-4GC",
"product_id": "CSAFPID-11029",
"product_identification_helper": {
"model_numbers": [
"2891074"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 4808E-16FX SM ST-4GC",
"product": {
"name": "FL SWITCH 4808E-16FX SM ST-4GC",
"product_id": "CSAFPID-11030",
"product_identification_helper": {
"model_numbers": [
"2891086"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 4808E-16FX ST-4GC",
"product": {
"name": "FL SWITCH 4808E-16FX ST-4GC",
"product_id": "CSAFPID-11031",
"product_identification_helper": {
"model_numbers": [
"2891085"
]
}
}
},
{
"category": "product_name",
"name": "FL SWITCH 4824E-4GC",
"product": {
"name": "FL SWITCH 4824E-4GC",
"product_id": "CSAFPID-11032",
"product_identification_helper": {
"model_numbers": [
"2891072"
]
}
}
}
],
"category": "product_family",
"name": "Hardware"
}
],
"category": "vendor",
"name": "Phoenix Contact"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030",
"CSAFPID-31031",
"CSAFPID-31032"
],
"summary": "Affected Products."
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014",
"CSAFPID-32015",
"CSAFPID-32016",
"CSAFPID-32017",
"CSAFPID-32018",
"CSAFPID-32019",
"CSAFPID-32020",
"CSAFPID-32021",
"CSAFPID-32022",
"CSAFPID-32023",
"CSAFPID-32024",
"CSAFPID-32025",
"CSAFPID-32026",
"CSAFPID-32027",
"CSAFPID-32028",
"CSAFPID-32029",
"CSAFPID-32030",
"CSAFPID-32031",
"CSAFPID-32032"
],
"summary": "Fixed Products."
},
{
"group_id": "CSAFGID-0003",
"product_ids": [
"CSAFPID-32033",
"CSAFPID-32034",
"CSAFPID-32035",
"CSAFPID-32036",
"CSAFPID-32037",
"CSAFPID-32038",
"CSAFPID-32039",
"CSAFPID-32040",
"CSAFPID-32041",
"CSAFPID-32042",
"CSAFPID-32043",
"CSAFPID-32044",
"CSAFPID-32045",
"CSAFPID-32046",
"CSAFPID-32047",
"CSAFPID-32048",
"CSAFPID-32049",
"CSAFPID-32050",
"CSAFPID-32051",
"CSAFPID-32052",
"CSAFPID-32053",
"CSAFPID-32054",
"CSAFPID-32055",
"CSAFPID-32056",
"CSAFPID-32057",
"CSAFPID-32058",
"CSAFPID-32059",
"CSAFPID-32060",
"CSAFPID-32061",
"CSAFPID-32062",
"CSAFPID-32063",
"CSAFPID-32064"
],
"summary": "Not Affected Products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.0 \u003c= 1.34 installed on FL SWITCH 3004T-FX",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.34 installed on FL SWITCH 3004T-FX ST",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.34 installed on FL SWITCH 3005",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.34 installed on FL SWITCH 3005T",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.34 installed on FL SWITCH 3006T-2FX",
"product_id": "CSAFPID-31005"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.34 installed on FL SWITCH 3006T-2FX SM",
"product_id": "CSAFPID-31006"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.34 installed on FL SWITCH 3006T-2FX ST",
"product_id": "CSAFPID-31007"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.34 installed on FL SWITCH 3008",
"product_id": "CSAFPID-31008"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.34 installed on FL SWITCH 3008T",
"product_id": "CSAFPID-31009"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.34 installed on FL SWITCH 3012E-2FX",
"product_id": "CSAFPID-31010"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.34 installed on FL SWITCH 3012E-2FX SM",
"product_id": "CSAFPID-31011"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.34 installed on FL SWITCH 3012E-2SFX",
"product_id": "CSAFPID-31012"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11012"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.34 installed on FL SWITCH 3016",
"product_id": "CSAFPID-31013"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11013"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.34 installed on FL SWITCH 3016E",
"product_id": "CSAFPID-31014"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11014"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.34 installed on FL SWITCH 3016T",
"product_id": "CSAFPID-31015"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11015"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.34 installed on FL SWITCH 4000T-4POE-1SFP",
"product_id": "CSAFPID-31016"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11016"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.34 installed on FL SWITCH 4000T-8POE-2SFP",
"product_id": "CSAFPID-31017"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11017"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.34 installed on FL SWITCH 4004T-8POE-4SFP",
"product_id": "CSAFPID-31018"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11018"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.34 installed on FL SWITCH 4008T-2GT-3FX SM",
"product_id": "CSAFPID-31019"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11019"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.34 installed on FL SWITCH 4008T-2GT-4FX SM",
"product_id": "CSAFPID-31020"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11020"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.34 installed on FL SWITCH 4008T-2SFP",
"product_id": "CSAFPID-31021"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11021"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.34 installed on FL SWITCH 4012T-2GT-2FX",
"product_id": "CSAFPID-31022"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11022"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.34 installed on FL SWITCH 4012T-2GT-2FX ST",
"product_id": "CSAFPID-31023"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11023"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.34 installed on FL SWITCH 4800E-24FX-4GC",
"product_id": "CSAFPID-31024"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11024"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.34 installed on FL SWITCH 4800E-24FX SM-4GC",
"product_id": "CSAFPID-31025"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11025"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.34 installed on FL SWITCH 4808E-16FX-4GC",
"product_id": "CSAFPID-31026"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11026"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.34 installed on FL SWITCH 4808E-16FX LC-4GC",
"product_id": "CSAFPID-31027"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11027"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.34 installed on FL SWITCH 4808E-16FX SM-4GC",
"product_id": "CSAFPID-31028"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11028"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.34 installed on FL SWITCH 4808E-16FX SM LC-4GC",
"product_id": "CSAFPID-31029"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11029"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.34 installed on FL SWITCH 4808E-16FX SM ST-4GC",
"product_id": "CSAFPID-31030"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11030"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.34 installed on FL SWITCH 4808E-16FX ST-4GC",
"product_id": "CSAFPID-31031"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11031"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.34 installed on FL SWITCH 4824E-4GC",
"product_id": "CSAFPID-31032"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11032"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.35 installed on FL SWITCH 3004T-FX",
"product_id": "CSAFPID-32001"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.35 installed on FL SWITCH 3004T-FX ST",
"product_id": "CSAFPID-32002"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.35 installed on FL SWITCH 3005",
"product_id": "CSAFPID-32003"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.35 installed on FL SWITCH 3005T",
"product_id": "CSAFPID-32004"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.35 installed on FL SWITCH 3006T-2FX",
"product_id": "CSAFPID-32005"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.35 installed on FL SWITCH 3006T-2FX SM",
"product_id": "CSAFPID-32006"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.35 installed on FL SWITCH 3006T-2FX ST",
"product_id": "CSAFPID-32007"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.35 installed on FL SWITCH 3008",
"product_id": "CSAFPID-32008"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.35 installed on FL SWITCH 3008T",
"product_id": "CSAFPID-32009"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.35 installed on FL SWITCH 3012E-2FX",
"product_id": "CSAFPID-32010"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.35 installed on FL SWITCH 3012E-2FX SM",
"product_id": "CSAFPID-32011"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.35 installed on FL SWITCH 3012E-2SFX",
"product_id": "CSAFPID-32012"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11012"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.35 installed on FL SWITCH 3016",
"product_id": "CSAFPID-32013"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11013"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.35 installed on FL SWITCH 3016E",
"product_id": "CSAFPID-32014"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11014"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.35 installed on FL SWITCH 3016T",
"product_id": "CSAFPID-32015"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11015"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.35 installed on FL SWITCH 4000T-4POE-1SFP",
"product_id": "CSAFPID-32016"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11016"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.35 installed on FL SWITCH 4000T-8POE-2SFP",
"product_id": "CSAFPID-32017"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11017"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.35 installed on FL SWITCH 4004T-8POE-4SFP",
"product_id": "CSAFPID-32018"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11018"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.35 installed on FL SWITCH 4008T-2GT-3FX SM",
"product_id": "CSAFPID-32019"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11019"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.35 installed on FL SWITCH 4008T-2GT-4FX SM",
"product_id": "CSAFPID-32020"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11020"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.35 installed on FL SWITCH 4008T-2SFP",
"product_id": "CSAFPID-32021"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11021"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.35 installed on FL SWITCH 4012T-2GT-2FX",
"product_id": "CSAFPID-32022"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11022"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.35 installed on FL SWITCH 4012T-2GT-2FX ST",
"product_id": "CSAFPID-32023"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11023"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.35 installed on FL SWITCH 4800E-24FX-4GC",
"product_id": "CSAFPID-32024"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11024"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.35 installed on FL SWITCH 4800E-24FX SM-4GC",
"product_id": "CSAFPID-32025"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11025"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.35 installed on FL SWITCH 4808E-16FX-4GC",
"product_id": "CSAFPID-32026"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11026"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.35 installed on FL SWITCH 4808E-16FX LC-4GC",
"product_id": "CSAFPID-32027"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11027"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.35 installed on FL SWITCH 4808E-16FX SM-4GC",
"product_id": "CSAFPID-32028"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11028"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.35 installed on FL SWITCH 4808E-16FX SM LC-4GC",
"product_id": "CSAFPID-32029"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11029"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.35 installed on FL SWITCH 4808E-16FX SM ST-4GC",
"product_id": "CSAFPID-32030"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11030"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.35 installed on FL SWITCH 4808E-16FX ST-4GC",
"product_id": "CSAFPID-32031"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11031"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.35 installed on FL SWITCH 4824E-4GC",
"product_id": "CSAFPID-32032"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11032"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.0 installed on FL SWITCH 3004T-FX",
"product_id": "CSAFPID-32033"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.0 installed on FL SWITCH 3004T-FX ST",
"product_id": "CSAFPID-32034"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.0 installed on FL SWITCH 3005",
"product_id": "CSAFPID-32035"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.0 installed on FL SWITCH 3005T",
"product_id": "CSAFPID-32036"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.0 installed on FL SWITCH 3006T-2FX",
"product_id": "CSAFPID-32037"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.0 installed on FL SWITCH 3006T-2FX SM",
"product_id": "CSAFPID-32038"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.0 installed on FL SWITCH 3006T-2FX ST",
"product_id": "CSAFPID-32039"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.0 installed on FL SWITCH 3008",
"product_id": "CSAFPID-32040"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.0 installed on FL SWITCH 3008T",
"product_id": "CSAFPID-32041"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.0 installed on FL SWITCH 3012E-2FX",
"product_id": "CSAFPID-32042"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.0 installed on FL SWITCH 3012E-2FX SM",
"product_id": "CSAFPID-32043"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.0 installed on FL SWITCH 3012E-2SFX",
"product_id": "CSAFPID-32044"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11012"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.0 installed on FL SWITCH 3016",
"product_id": "CSAFPID-32045"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11013"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.0 installed on FL SWITCH 3016E",
"product_id": "CSAFPID-32046"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11014"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.0 installed on FL SWITCH 3016T",
"product_id": "CSAFPID-32047"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11015"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.0 installed on FL SWITCH 4000T-4POE-1SFP",
"product_id": "CSAFPID-32048"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11016"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.0 installed on FL SWITCH 4000T-8POE-2SFP",
"product_id": "CSAFPID-32049"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11017"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.0 installed on FL SWITCH 4004T-8POE-4SFP",
"product_id": "CSAFPID-32050"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11018"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.0 installed on FL SWITCH 4008T-2GT-3FX SM",
"product_id": "CSAFPID-32051"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11019"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.0 installed on FL SWITCH 4008T-2GT-4FX SM",
"product_id": "CSAFPID-32052"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11020"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.0 installed on FL SWITCH 4008T-2SFP",
"product_id": "CSAFPID-32053"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11021"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.0 installed on FL SWITCH 4012T-2GT-2FX",
"product_id": "CSAFPID-32054"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11022"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.0 installed on FL SWITCH 4012T-2GT-2FX ST",
"product_id": "CSAFPID-32055"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11023"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.0 installed on FL SWITCH 4800E-24FX-4GC",
"product_id": "CSAFPID-32056"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11024"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.0 installed on FL SWITCH 4800E-24FX SM-4GC",
"product_id": "CSAFPID-32057"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11025"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.0 installed on FL SWITCH 4808E-16FX-4GC",
"product_id": "CSAFPID-32058"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11026"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.0 installed on FL SWITCH 4808E-16FX LC-4GC",
"product_id": "CSAFPID-32059"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11027"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.0 installed on FL SWITCH 4808E-16FX SM-4GC",
"product_id": "CSAFPID-32060"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11028"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.0 installed on FL SWITCH 4808E-16FX SM LC-4GC",
"product_id": "CSAFPID-32061"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11029"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.0 installed on FL SWITCH 4808E-16FX SM ST-4GC",
"product_id": "CSAFPID-32062"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11030"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.0 installed on FL SWITCH 4808E-16FX ST-4GC",
"product_id": "CSAFPID-32063"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11031"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.0 installed on FL SWITCH 4824E-4GC",
"product_id": "CSAFPID-32064"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11032"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-13994",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is vulnerable to a denial-of-service attack by making more than 120 connections.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014",
"CSAFPID-32015",
"CSAFPID-32016",
"CSAFPID-32017",
"CSAFPID-32018",
"CSAFPID-32019",
"CSAFPID-32020",
"CSAFPID-32021",
"CSAFPID-32022",
"CSAFPID-32023",
"CSAFPID-32024",
"CSAFPID-32025",
"CSAFPID-32026",
"CSAFPID-32027",
"CSAFPID-32028",
"CSAFPID-32029",
"CSAFPID-32030",
"CSAFPID-32031",
"CSAFPID-32032"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030",
"CSAFPID-31031",
"CSAFPID-31032"
],
"known_not_affected": [
"CSAFPID-32033",
"CSAFPID-32034",
"CSAFPID-32035",
"CSAFPID-32036",
"CSAFPID-32037",
"CSAFPID-32038",
"CSAFPID-32039",
"CSAFPID-32040",
"CSAFPID-32041",
"CSAFPID-32042",
"CSAFPID-32043",
"CSAFPID-32044",
"CSAFPID-32045",
"CSAFPID-32046",
"CSAFPID-32047",
"CSAFPID-32048",
"CSAFPID-32049",
"CSAFPID-32050",
"CSAFPID-32051",
"CSAFPID-32052",
"CSAFPID-32053",
"CSAFPID-32054",
"CSAFPID-32055",
"CSAFPID-32056",
"CSAFPID-32057",
"CSAFPID-32058",
"CSAFPID-32059",
"CSAFPID-32060",
"CSAFPID-32061",
"CSAFPID-32062",
"CSAFPID-32063",
"CSAFPID-32064"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "## Remediation for CWE-319 (CVE-2018-13992)\n\nCustomers using Phoenix Contact managed FL SWITCH devices are recommended to enable HTTP security.\n\n## Remediation for Multiple CWEs:\n(CWE-352 (CVE-2018-13993), CWE-307 (CVE-2018-13990), CWE-400 (CVE-2018-13994), CWE-922 (CVE-2018-13991), CWE-119 (CVE-2017-3735))\n\nCustomers using Phoenix Contact managed FL SWITCH devices with affected firmware versions are recommended to update the firmware to version **1.35 or higher**, which fixes these vulnerabilities. \nThe updated firmware may be downloaded from the managed switch product page on the Phoenix Contact website:\n\n| Article No. | Model | Updated Firmware |\n|-------------|--------------------------------|------------------|\n| 2891033 | FL SWITCH 3004T-FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-2891033?type=firmware_update) |\n| 2891034 | FL SWITCH 3004T-FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-st-2891034?type=firmware_update) |\n| 2891030 | FL SWITCH 3005 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005-2891030?type=firmware_update) |\n| 2891032 | FL SWITCH 3005T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005t-2891032?type=firmware_update) |\n| 2891036 | FL SWITCH 3006T-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-2891036?type=firmware_update) |\n| 2891060 | FL SWITCH 3006T-2FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-sm-2891060?type=firmware_update) |\n| 2891037 | FL SWITCH 3006T-2FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-st-2891037?type=firmware_update) |\n| 2891031 | FL SWITCH 3008 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008-2891031?type=firmware_update) |\n| 2891035 | FL SWITCH 3008T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008t-2891035?type=firmware_update) |\n| 2891120 | FL SWITCH 3012E-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-2891120?type=firmware_update) |\n| 2891119 | FL SWITCH 3012E-2FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-sm-2891119?type=firmware_update) |\n| 2891067 | FL SWITCH 3012E-2SFX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2sfx-2891067?type=firmware_update) |\n| 2891058 | FL SWITCH 3016 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016-2891058?type=firmware_update) |\n| 2891066 | FL SWITCH 3016E | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016e-2891066?type=firmware_update) |\n| 2891059 | FL SWITCH 3016T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016t-2891059?type=firmware_update) |\n| 1026924 | FL SWITCH 4000T-4POE-1SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-4poe-1sfp-1026924?type=firmware_update) |\n| 1026923 | FL SWITCH 4000T-8POE-2SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-8poe-2sfp-1026923?type=firmware_update) |\n| 1026922 | FL SWITCH 4004T-8POE-4SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4004t-8poe-4sfp-1026922?type=firmware_update) |\n| 2891160 | FL SWITCH 4008T-2GT-3FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-3fx-sm-2891160?type=firmware_update) |\n| 2891061 | FL SWITCH 4008T-2GT-4FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-4fx-sm-2891061?type=firmware_update) |\n| 2891062 | FL SWITCH 4008T-2SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2sfp-2891062?type=firmware_update) |\n| 2891063 | FL SWITCH 4012T-2GT-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-2891063?type=firmware_update) |\n| 2891161 | FL SWITCH 4012T-2GT-2FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-st-2891161?type=firmware_update) |\n| 2891104 | FL SWITCH 4800E-24FX SM-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-sm-4gc-2891104?type=firmware_update) |\n| 2891102 | FL SWITCH 4800E-24FX-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-4gc-2891102?type=firmware_update) |\n| 2891073 | FL SWITCH 4808E-16FX LC-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-lc-4gc-2891073?type=firmware_update) |\n| 2891074 | FL SWITCH 4808E-16FX SM LC-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-lc-4gc-2891074?type=firmware_update) |\n| 2891086 | FL SWITCH 4808E-16FX SM ST-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-st-4gc-2891086?type=firmware_update) |",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030",
"CSAFPID-31031",
"CSAFPID-31032"
]
}
],
"title": "CVE-2018-13994"
},
{
"cve": "CVE-2018-13991",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 leaks private information in firmware images.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014",
"CSAFPID-32015",
"CSAFPID-32016",
"CSAFPID-32017",
"CSAFPID-32018",
"CSAFPID-32019",
"CSAFPID-32020",
"CSAFPID-32021",
"CSAFPID-32022",
"CSAFPID-32023",
"CSAFPID-32024",
"CSAFPID-32025",
"CSAFPID-32026",
"CSAFPID-32027",
"CSAFPID-32028",
"CSAFPID-32029",
"CSAFPID-32030",
"CSAFPID-32031",
"CSAFPID-32032"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030",
"CSAFPID-31031",
"CSAFPID-31032"
],
"known_not_affected": [
"CSAFPID-32033",
"CSAFPID-32034",
"CSAFPID-32035",
"CSAFPID-32036",
"CSAFPID-32037",
"CSAFPID-32038",
"CSAFPID-32039",
"CSAFPID-32040",
"CSAFPID-32041",
"CSAFPID-32042",
"CSAFPID-32043",
"CSAFPID-32044",
"CSAFPID-32045",
"CSAFPID-32046",
"CSAFPID-32047",
"CSAFPID-32048",
"CSAFPID-32049",
"CSAFPID-32050",
"CSAFPID-32051",
"CSAFPID-32052",
"CSAFPID-32053",
"CSAFPID-32054",
"CSAFPID-32055",
"CSAFPID-32056",
"CSAFPID-32057",
"CSAFPID-32058",
"CSAFPID-32059",
"CSAFPID-32060",
"CSAFPID-32061",
"CSAFPID-32062",
"CSAFPID-32063",
"CSAFPID-32064"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "## Remediation for CWE-319 (CVE-2018-13992)\n\nCustomers using Phoenix Contact managed FL SWITCH devices are recommended to enable HTTP security.\n\n## Remediation for Multiple CWEs:\n(CWE-352 (CVE-2018-13993), CWE-307 (CVE-2018-13990), CWE-400 (CVE-2018-13994), CWE-922 (CVE-2018-13991), CWE-119 (CVE-2017-3735))\n\nCustomers using Phoenix Contact managed FL SWITCH devices with affected firmware versions are recommended to update the firmware to version **1.35 or higher**, which fixes these vulnerabilities. \nThe updated firmware may be downloaded from the managed switch product page on the Phoenix Contact website:\n\n| Article No. | Model | Updated Firmware |\n|-------------|--------------------------------|------------------|\n| 2891033 | FL SWITCH 3004T-FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-2891033?type=firmware_update) |\n| 2891034 | FL SWITCH 3004T-FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-st-2891034?type=firmware_update) |\n| 2891030 | FL SWITCH 3005 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005-2891030?type=firmware_update) |\n| 2891032 | FL SWITCH 3005T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005t-2891032?type=firmware_update) |\n| 2891036 | FL SWITCH 3006T-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-2891036?type=firmware_update) |\n| 2891060 | FL SWITCH 3006T-2FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-sm-2891060?type=firmware_update) |\n| 2891037 | FL SWITCH 3006T-2FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-st-2891037?type=firmware_update) |\n| 2891031 | FL SWITCH 3008 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008-2891031?type=firmware_update) |\n| 2891035 | FL SWITCH 3008T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008t-2891035?type=firmware_update) |\n| 2891120 | FL SWITCH 3012E-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-2891120?type=firmware_update) |\n| 2891119 | FL SWITCH 3012E-2FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-sm-2891119?type=firmware_update) |\n| 2891067 | FL SWITCH 3012E-2SFX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2sfx-2891067?type=firmware_update) |\n| 2891058 | FL SWITCH 3016 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016-2891058?type=firmware_update) |\n| 2891066 | FL SWITCH 3016E | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016e-2891066?type=firmware_update) |\n| 2891059 | FL SWITCH 3016T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016t-2891059?type=firmware_update) |\n| 1026924 | FL SWITCH 4000T-4POE-1SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-4poe-1sfp-1026924?type=firmware_update) |\n| 1026923 | FL SWITCH 4000T-8POE-2SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-8poe-2sfp-1026923?type=firmware_update) |\n| 1026922 | FL SWITCH 4004T-8POE-4SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4004t-8poe-4sfp-1026922?type=firmware_update) |\n| 2891160 | FL SWITCH 4008T-2GT-3FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-3fx-sm-2891160?type=firmware_update) |\n| 2891061 | FL SWITCH 4008T-2GT-4FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-4fx-sm-2891061?type=firmware_update) |\n| 2891062 | FL SWITCH 4008T-2SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2sfp-2891062?type=firmware_update) |\n| 2891063 | FL SWITCH 4012T-2GT-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-2891063?type=firmware_update) |\n| 2891161 | FL SWITCH 4012T-2GT-2FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-st-2891161?type=firmware_update) |\n| 2891104 | FL SWITCH 4800E-24FX SM-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-sm-4gc-2891104?type=firmware_update) |\n| 2891102 | FL SWITCH 4800E-24FX-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-4gc-2891102?type=firmware_update) |\n| 2891073 | FL SWITCH 4808E-16FX LC-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-lc-4gc-2891073?type=firmware_update) |\n| 2891074 | FL SWITCH 4808E-16FX SM LC-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-lc-4gc-2891074?type=firmware_update) |\n| 2891086 | FL SWITCH 4808E-16FX SM ST-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-st-4gc-2891086?type=firmware_update) |",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030",
"CSAFPID-31031",
"CSAFPID-31032"
]
}
],
"title": "CVE-2018-13991"
},
{
"cve": "CVE-2017-3735",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014",
"CSAFPID-32015",
"CSAFPID-32016",
"CSAFPID-32017",
"CSAFPID-32018",
"CSAFPID-32019",
"CSAFPID-32020",
"CSAFPID-32021",
"CSAFPID-32022",
"CSAFPID-32023",
"CSAFPID-32024",
"CSAFPID-32025",
"CSAFPID-32026",
"CSAFPID-32027",
"CSAFPID-32028",
"CSAFPID-32029",
"CSAFPID-32030",
"CSAFPID-32031",
"CSAFPID-32032"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030",
"CSAFPID-31031",
"CSAFPID-31032"
],
"known_not_affected": [
"CSAFPID-32033",
"CSAFPID-32034",
"CSAFPID-32035",
"CSAFPID-32036",
"CSAFPID-32037",
"CSAFPID-32038",
"CSAFPID-32039",
"CSAFPID-32040",
"CSAFPID-32041",
"CSAFPID-32042",
"CSAFPID-32043",
"CSAFPID-32044",
"CSAFPID-32045",
"CSAFPID-32046",
"CSAFPID-32047",
"CSAFPID-32048",
"CSAFPID-32049",
"CSAFPID-32050",
"CSAFPID-32051",
"CSAFPID-32052",
"CSAFPID-32053",
"CSAFPID-32054",
"CSAFPID-32055",
"CSAFPID-32056",
"CSAFPID-32057",
"CSAFPID-32058",
"CSAFPID-32059",
"CSAFPID-32060",
"CSAFPID-32061",
"CSAFPID-32062",
"CSAFPID-32063",
"CSAFPID-32064"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "## Remediation for CWE-319 (CVE-2018-13992)\n\nCustomers using Phoenix Contact managed FL SWITCH devices are recommended to enable HTTP security.\n\n## Remediation for Multiple CWEs:\n(CWE-352 (CVE-2018-13993), CWE-307 (CVE-2018-13990), CWE-400 (CVE-2018-13994), CWE-922 (CVE-2018-13991), CWE-119 (CVE-2017-3735))\n\nCustomers using Phoenix Contact managed FL SWITCH devices with affected firmware versions are recommended to update the firmware to version **1.35 or higher**, which fixes these vulnerabilities. \nThe updated firmware may be downloaded from the managed switch product page on the Phoenix Contact website:\n\n| Article No. | Model | Updated Firmware |\n|-------------|--------------------------------|------------------|\n| 2891033 | FL SWITCH 3004T-FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-2891033?type=firmware_update) |\n| 2891034 | FL SWITCH 3004T-FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-st-2891034?type=firmware_update) |\n| 2891030 | FL SWITCH 3005 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005-2891030?type=firmware_update) |\n| 2891032 | FL SWITCH 3005T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005t-2891032?type=firmware_update) |\n| 2891036 | FL SWITCH 3006T-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-2891036?type=firmware_update) |\n| 2891060 | FL SWITCH 3006T-2FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-sm-2891060?type=firmware_update) |\n| 2891037 | FL SWITCH 3006T-2FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-st-2891037?type=firmware_update) |\n| 2891031 | FL SWITCH 3008 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008-2891031?type=firmware_update) |\n| 2891035 | FL SWITCH 3008T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008t-2891035?type=firmware_update) |\n| 2891120 | FL SWITCH 3012E-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-2891120?type=firmware_update) |\n| 2891119 | FL SWITCH 3012E-2FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-sm-2891119?type=firmware_update) |\n| 2891067 | FL SWITCH 3012E-2SFX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2sfx-2891067?type=firmware_update) |\n| 2891058 | FL SWITCH 3016 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016-2891058?type=firmware_update) |\n| 2891066 | FL SWITCH 3016E | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016e-2891066?type=firmware_update) |\n| 2891059 | FL SWITCH 3016T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016t-2891059?type=firmware_update) |\n| 1026924 | FL SWITCH 4000T-4POE-1SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-4poe-1sfp-1026924?type=firmware_update) |\n| 1026923 | FL SWITCH 4000T-8POE-2SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-8poe-2sfp-1026923?type=firmware_update) |\n| 1026922 | FL SWITCH 4004T-8POE-4SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4004t-8poe-4sfp-1026922?type=firmware_update) |\n| 2891160 | FL SWITCH 4008T-2GT-3FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-3fx-sm-2891160?type=firmware_update) |\n| 2891061 | FL SWITCH 4008T-2GT-4FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-4fx-sm-2891061?type=firmware_update) |\n| 2891062 | FL SWITCH 4008T-2SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2sfp-2891062?type=firmware_update) |\n| 2891063 | FL SWITCH 4012T-2GT-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-2891063?type=firmware_update) |\n| 2891161 | FL SWITCH 4012T-2GT-2FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-st-2891161?type=firmware_update) |\n| 2891104 | FL SWITCH 4800E-24FX SM-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-sm-4gc-2891104?type=firmware_update) |\n| 2891102 | FL SWITCH 4800E-24FX-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-4gc-2891102?type=firmware_update) |\n| 2891073 | FL SWITCH 4808E-16FX LC-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-lc-4gc-2891073?type=firmware_update) |\n| 2891074 | FL SWITCH 4808E-16FX SM LC-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-lc-4gc-2891074?type=firmware_update) |\n| 2891086 | FL SWITCH 4808E-16FX SM ST-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-st-4gc-2891086?type=firmware_update) |",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030",
"CSAFPID-31031",
"CSAFPID-31032"
]
}
],
"title": "CVE-2017-3735"
},
{
"cve": "CVE-2018-13993",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is prone to CSRF.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014",
"CSAFPID-32015",
"CSAFPID-32016",
"CSAFPID-32017",
"CSAFPID-32018",
"CSAFPID-32019",
"CSAFPID-32020",
"CSAFPID-32021",
"CSAFPID-32022",
"CSAFPID-32023",
"CSAFPID-32024",
"CSAFPID-32025",
"CSAFPID-32026",
"CSAFPID-32027",
"CSAFPID-32028",
"CSAFPID-32029",
"CSAFPID-32030",
"CSAFPID-32031",
"CSAFPID-32032"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030",
"CSAFPID-31031",
"CSAFPID-31032"
],
"known_not_affected": [
"CSAFPID-32033",
"CSAFPID-32034",
"CSAFPID-32035",
"CSAFPID-32036",
"CSAFPID-32037",
"CSAFPID-32038",
"CSAFPID-32039",
"CSAFPID-32040",
"CSAFPID-32041",
"CSAFPID-32042",
"CSAFPID-32043",
"CSAFPID-32044",
"CSAFPID-32045",
"CSAFPID-32046",
"CSAFPID-32047",
"CSAFPID-32048",
"CSAFPID-32049",
"CSAFPID-32050",
"CSAFPID-32051",
"CSAFPID-32052",
"CSAFPID-32053",
"CSAFPID-32054",
"CSAFPID-32055",
"CSAFPID-32056",
"CSAFPID-32057",
"CSAFPID-32058",
"CSAFPID-32059",
"CSAFPID-32060",
"CSAFPID-32061",
"CSAFPID-32062",
"CSAFPID-32063",
"CSAFPID-32064"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "## Remediation for CWE-319 (CVE-2018-13992)\n\nCustomers using Phoenix Contact managed FL SWITCH devices are recommended to enable HTTP security.\n\n## Remediation for Multiple CWEs:\n(CWE-352 (CVE-2018-13993), CWE-307 (CVE-2018-13990), CWE-400 (CVE-2018-13994), CWE-922 (CVE-2018-13991), CWE-119 (CVE-2017-3735))\n\nCustomers using Phoenix Contact managed FL SWITCH devices with affected firmware versions are recommended to update the firmware to version **1.35 or higher**, which fixes these vulnerabilities. \nThe updated firmware may be downloaded from the managed switch product page on the Phoenix Contact website:\n\n| Article No. | Model | Updated Firmware |\n|-------------|--------------------------------|------------------|\n| 2891033 | FL SWITCH 3004T-FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-2891033?type=firmware_update) |\n| 2891034 | FL SWITCH 3004T-FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-st-2891034?type=firmware_update) |\n| 2891030 | FL SWITCH 3005 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005-2891030?type=firmware_update) |\n| 2891032 | FL SWITCH 3005T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005t-2891032?type=firmware_update) |\n| 2891036 | FL SWITCH 3006T-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-2891036?type=firmware_update) |\n| 2891060 | FL SWITCH 3006T-2FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-sm-2891060?type=firmware_update) |\n| 2891037 | FL SWITCH 3006T-2FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-st-2891037?type=firmware_update) |\n| 2891031 | FL SWITCH 3008 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008-2891031?type=firmware_update) |\n| 2891035 | FL SWITCH 3008T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008t-2891035?type=firmware_update) |\n| 2891120 | FL SWITCH 3012E-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-2891120?type=firmware_update) |\n| 2891119 | FL SWITCH 3012E-2FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-sm-2891119?type=firmware_update) |\n| 2891067 | FL SWITCH 3012E-2SFX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2sfx-2891067?type=firmware_update) |\n| 2891058 | FL SWITCH 3016 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016-2891058?type=firmware_update) |\n| 2891066 | FL SWITCH 3016E | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016e-2891066?type=firmware_update) |\n| 2891059 | FL SWITCH 3016T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016t-2891059?type=firmware_update) |\n| 1026924 | FL SWITCH 4000T-4POE-1SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-4poe-1sfp-1026924?type=firmware_update) |\n| 1026923 | FL SWITCH 4000T-8POE-2SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-8poe-2sfp-1026923?type=firmware_update) |\n| 1026922 | FL SWITCH 4004T-8POE-4SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4004t-8poe-4sfp-1026922?type=firmware_update) |\n| 2891160 | FL SWITCH 4008T-2GT-3FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-3fx-sm-2891160?type=firmware_update) |\n| 2891061 | FL SWITCH 4008T-2GT-4FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-4fx-sm-2891061?type=firmware_update) |\n| 2891062 | FL SWITCH 4008T-2SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2sfp-2891062?type=firmware_update) |\n| 2891063 | FL SWITCH 4012T-2GT-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-2891063?type=firmware_update) |\n| 2891161 | FL SWITCH 4012T-2GT-2FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-st-2891161?type=firmware_update) |\n| 2891104 | FL SWITCH 4800E-24FX SM-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-sm-4gc-2891104?type=firmware_update) |\n| 2891102 | FL SWITCH 4800E-24FX-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-4gc-2891102?type=firmware_update) |\n| 2891073 | FL SWITCH 4808E-16FX LC-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-lc-4gc-2891073?type=firmware_update) |\n| 2891074 | FL SWITCH 4808E-16FX SM LC-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-lc-4gc-2891074?type=firmware_update) |\n| 2891086 | FL SWITCH 4808E-16FX SM ST-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-st-4gc-2891086?type=firmware_update) |",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030",
"CSAFPID-31031",
"CSAFPID-31032"
]
}
],
"title": "CVE-2018-13993"
},
{
"cve": "CVE-2018-13990",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions prior to 1.35 is vulnerable to brute-force attacks, because of Improper Restriction of Excessive Authentication Attempts.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014",
"CSAFPID-32015",
"CSAFPID-32016",
"CSAFPID-32017",
"CSAFPID-32018",
"CSAFPID-32019",
"CSAFPID-32020",
"CSAFPID-32021",
"CSAFPID-32022",
"CSAFPID-32023",
"CSAFPID-32024",
"CSAFPID-32025",
"CSAFPID-32026",
"CSAFPID-32027",
"CSAFPID-32028",
"CSAFPID-32029",
"CSAFPID-32030",
"CSAFPID-32031",
"CSAFPID-32032"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030",
"CSAFPID-31031",
"CSAFPID-31032"
],
"known_not_affected": [
"CSAFPID-32033",
"CSAFPID-32034",
"CSAFPID-32035",
"CSAFPID-32036",
"CSAFPID-32037",
"CSAFPID-32038",
"CSAFPID-32039",
"CSAFPID-32040",
"CSAFPID-32041",
"CSAFPID-32042",
"CSAFPID-32043",
"CSAFPID-32044",
"CSAFPID-32045",
"CSAFPID-32046",
"CSAFPID-32047",
"CSAFPID-32048",
"CSAFPID-32049",
"CSAFPID-32050",
"CSAFPID-32051",
"CSAFPID-32052",
"CSAFPID-32053",
"CSAFPID-32054",
"CSAFPID-32055",
"CSAFPID-32056",
"CSAFPID-32057",
"CSAFPID-32058",
"CSAFPID-32059",
"CSAFPID-32060",
"CSAFPID-32061",
"CSAFPID-32062",
"CSAFPID-32063",
"CSAFPID-32064"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "## Remediation for CWE-319 (CVE-2018-13992)\n\nCustomers using Phoenix Contact managed FL SWITCH devices are recommended to enable HTTP security.\n\n## Remediation for Multiple CWEs:\n(CWE-352 (CVE-2018-13993), CWE-307 (CVE-2018-13990), CWE-400 (CVE-2018-13994), CWE-922 (CVE-2018-13991), CWE-119 (CVE-2017-3735))\n\nCustomers using Phoenix Contact managed FL SWITCH devices with affected firmware versions are recommended to update the firmware to version **1.35 or higher**, which fixes these vulnerabilities. \nThe updated firmware may be downloaded from the managed switch product page on the Phoenix Contact website:\n\n| Article No. | Model | Updated Firmware |\n|-------------|--------------------------------|------------------|\n| 2891033 | FL SWITCH 3004T-FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-2891033?type=firmware_update) |\n| 2891034 | FL SWITCH 3004T-FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-st-2891034?type=firmware_update) |\n| 2891030 | FL SWITCH 3005 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005-2891030?type=firmware_update) |\n| 2891032 | FL SWITCH 3005T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005t-2891032?type=firmware_update) |\n| 2891036 | FL SWITCH 3006T-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-2891036?type=firmware_update) |\n| 2891060 | FL SWITCH 3006T-2FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-sm-2891060?type=firmware_update) |\n| 2891037 | FL SWITCH 3006T-2FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-st-2891037?type=firmware_update) |\n| 2891031 | FL SWITCH 3008 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008-2891031?type=firmware_update) |\n| 2891035 | FL SWITCH 3008T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008t-2891035?type=firmware_update) |\n| 2891120 | FL SWITCH 3012E-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-2891120?type=firmware_update) |\n| 2891119 | FL SWITCH 3012E-2FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-sm-2891119?type=firmware_update) |\n| 2891067 | FL SWITCH 3012E-2SFX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2sfx-2891067?type=firmware_update) |\n| 2891058 | FL SWITCH 3016 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016-2891058?type=firmware_update) |\n| 2891066 | FL SWITCH 3016E | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016e-2891066?type=firmware_update) |\n| 2891059 | FL SWITCH 3016T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016t-2891059?type=firmware_update) |\n| 1026924 | FL SWITCH 4000T-4POE-1SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-4poe-1sfp-1026924?type=firmware_update) |\n| 1026923 | FL SWITCH 4000T-8POE-2SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-8poe-2sfp-1026923?type=firmware_update) |\n| 1026922 | FL SWITCH 4004T-8POE-4SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4004t-8poe-4sfp-1026922?type=firmware_update) |\n| 2891160 | FL SWITCH 4008T-2GT-3FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-3fx-sm-2891160?type=firmware_update) |\n| 2891061 | FL SWITCH 4008T-2GT-4FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-4fx-sm-2891061?type=firmware_update) |\n| 2891062 | FL SWITCH 4008T-2SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2sfp-2891062?type=firmware_update) |\n| 2891063 | FL SWITCH 4012T-2GT-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-2891063?type=firmware_update) |\n| 2891161 | FL SWITCH 4012T-2GT-2FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-st-2891161?type=firmware_update) |\n| 2891104 | FL SWITCH 4800E-24FX SM-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-sm-4gc-2891104?type=firmware_update) |\n| 2891102 | FL SWITCH 4800E-24FX-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-4gc-2891102?type=firmware_update) |\n| 2891073 | FL SWITCH 4808E-16FX LC-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-lc-4gc-2891073?type=firmware_update) |\n| 2891074 | FL SWITCH 4808E-16FX SM LC-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-lc-4gc-2891074?type=firmware_update) |\n| 2891086 | FL SWITCH 4808E-16FX SM ST-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-st-4gc-2891086?type=firmware_update) |",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030",
"CSAFPID-31031",
"CSAFPID-31032"
]
}
],
"title": "CVE-2018-13990"
},
{
"cve": "CVE-2018-13992",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 allows for plaintext transmission (HTTP) of user credentials by default.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014",
"CSAFPID-32015",
"CSAFPID-32016",
"CSAFPID-32017",
"CSAFPID-32018",
"CSAFPID-32019",
"CSAFPID-32020",
"CSAFPID-32021",
"CSAFPID-32022",
"CSAFPID-32023",
"CSAFPID-32024",
"CSAFPID-32025",
"CSAFPID-32026",
"CSAFPID-32027",
"CSAFPID-32028",
"CSAFPID-32029",
"CSAFPID-32030",
"CSAFPID-32031",
"CSAFPID-32032"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030",
"CSAFPID-31031",
"CSAFPID-31032"
],
"known_not_affected": [
"CSAFPID-32033",
"CSAFPID-32034",
"CSAFPID-32035",
"CSAFPID-32036",
"CSAFPID-32037",
"CSAFPID-32038",
"CSAFPID-32039",
"CSAFPID-32040",
"CSAFPID-32041",
"CSAFPID-32042",
"CSAFPID-32043",
"CSAFPID-32044",
"CSAFPID-32045",
"CSAFPID-32046",
"CSAFPID-32047",
"CSAFPID-32048",
"CSAFPID-32049",
"CSAFPID-32050",
"CSAFPID-32051",
"CSAFPID-32052",
"CSAFPID-32053",
"CSAFPID-32054",
"CSAFPID-32055",
"CSAFPID-32056",
"CSAFPID-32057",
"CSAFPID-32058",
"CSAFPID-32059",
"CSAFPID-32060",
"CSAFPID-32061",
"CSAFPID-32062",
"CSAFPID-32063",
"CSAFPID-32064"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "## Remediation for CWE-319 (CVE-2018-13992)\n\nCustomers using Phoenix Contact managed FL SWITCH devices are recommended to enable HTTP security.\n\n## Remediation for Multiple CWEs:\n(CWE-352 (CVE-2018-13993), CWE-307 (CVE-2018-13990), CWE-400 (CVE-2018-13994), CWE-922 (CVE-2018-13991), CWE-119 (CVE-2017-3735))\n\nCustomers using Phoenix Contact managed FL SWITCH devices with affected firmware versions are recommended to update the firmware to version **1.35 or higher**, which fixes these vulnerabilities. \nThe updated firmware may be downloaded from the managed switch product page on the Phoenix Contact website:\n\n| Article No. | Model | Updated Firmware |\n|-------------|--------------------------------|------------------|\n| 2891033 | FL SWITCH 3004T-FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-2891033?type=firmware_update) |\n| 2891034 | FL SWITCH 3004T-FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-st-2891034?type=firmware_update) |\n| 2891030 | FL SWITCH 3005 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005-2891030?type=firmware_update) |\n| 2891032 | FL SWITCH 3005T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005t-2891032?type=firmware_update) |\n| 2891036 | FL SWITCH 3006T-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-2891036?type=firmware_update) |\n| 2891060 | FL SWITCH 3006T-2FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-sm-2891060?type=firmware_update) |\n| 2891037 | FL SWITCH 3006T-2FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-st-2891037?type=firmware_update) |\n| 2891031 | FL SWITCH 3008 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008-2891031?type=firmware_update) |\n| 2891035 | FL SWITCH 3008T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008t-2891035?type=firmware_update) |\n| 2891120 | FL SWITCH 3012E-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-2891120?type=firmware_update) |\n| 2891119 | FL SWITCH 3012E-2FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-sm-2891119?type=firmware_update) |\n| 2891067 | FL SWITCH 3012E-2SFX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2sfx-2891067?type=firmware_update) |\n| 2891058 | FL SWITCH 3016 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016-2891058?type=firmware_update) |\n| 2891066 | FL SWITCH 3016E | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016e-2891066?type=firmware_update) |\n| 2891059 | FL SWITCH 3016T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016t-2891059?type=firmware_update) |\n| 1026924 | FL SWITCH 4000T-4POE-1SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-4poe-1sfp-1026924?type=firmware_update) |\n| 1026923 | FL SWITCH 4000T-8POE-2SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-8poe-2sfp-1026923?type=firmware_update) |\n| 1026922 | FL SWITCH 4004T-8POE-4SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4004t-8poe-4sfp-1026922?type=firmware_update) |\n| 2891160 | FL SWITCH 4008T-2GT-3FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-3fx-sm-2891160?type=firmware_update) |\n| 2891061 | FL SWITCH 4008T-2GT-4FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-4fx-sm-2891061?type=firmware_update) |\n| 2891062 | FL SWITCH 4008T-2SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2sfp-2891062?type=firmware_update) |\n| 2891063 | FL SWITCH 4012T-2GT-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-2891063?type=firmware_update) |\n| 2891161 | FL SWITCH 4012T-2GT-2FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-st-2891161?type=firmware_update) |\n| 2891104 | FL SWITCH 4800E-24FX SM-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-sm-4gc-2891104?type=firmware_update) |\n| 2891102 | FL SWITCH 4800E-24FX-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-4gc-2891102?type=firmware_update) |\n| 2891073 | FL SWITCH 4808E-16FX LC-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-lc-4gc-2891073?type=firmware_update) |\n| 2891074 | FL SWITCH 4808E-16FX SM LC-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-lc-4gc-2891074?type=firmware_update) |\n| 2891086 | FL SWITCH 4808E-16FX SM ST-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-st-4gc-2891086?type=firmware_update) |",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021",
"CSAFPID-31022",
"CSAFPID-31023",
"CSAFPID-31024",
"CSAFPID-31025",
"CSAFPID-31026",
"CSAFPID-31027",
"CSAFPID-31028",
"CSAFPID-31029",
"CSAFPID-31030",
"CSAFPID-31031",
"CSAFPID-31032"
]
}
],
"title": "CVE-2018-13992"
}
]
}
FKIE_CVE-2018-13994
Vulnerability from fkie_nvd - Published: 2019-05-07 18:29 - Updated: 2024-11-21 03:48
Severity ?
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is vulnerable to a denial-of-service attack by making more than 120 connections.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/106737 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://ics-cert.us-cert.gov/advisories/ICSA-19-024-02 | Third Party Advisory, US Government Resource, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106737 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-19-024-02 | Third Party Advisory, US Government Resource, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phoenixcontact | fl_switch_3005_firmware | * | |
| phoenixcontact | fl_switch_3005 | - | |
| phoenixcontact | fl_switch_3005t_firmware | * | |
| phoenixcontact | fl_switch_3005t | - | |
| phoenixcontact | fl_switch_3004t-fx_firmware | * | |
| phoenixcontact | fl_switch_3004t-fx | - | |
| phoenixcontact | fl_switch_3004t-fx_st_firmware | * | |
| phoenixcontact | fl_switch_3004t-fx_st | - | |
| phoenixcontact | fl_switch_3008_firmware | * | |
| phoenixcontact | fl_switch_3008 | - | |
| phoenixcontact | fl_switch_3008t_firmware | * | |
| phoenixcontact | fl_switch_3008t | - | |
| phoenixcontact | fl_switch_3006t-2fx_firmware | * | |
| phoenixcontact | fl_switch_3006t-2fx | - | |
| phoenixcontact | fl_switch_3006t-2fx_st_firmware | * | |
| phoenixcontact | fl_switch_3006t-2fx_st | - | |
| phoenixcontact | fl_switch_3012e-2sfx_firmware | * | |
| phoenixcontact | fl_switch_3012e-2sfx | - | |
| phoenixcontact | fl_switch_3016e_firmware | * | |
| phoenixcontact | fl_switch_3016e | - | |
| phoenixcontact | fl_switch_3016_firmware | * | |
| phoenixcontact | fl_switch_3016 | - | |
| phoenixcontact | fl_switch_3016t_firmware | * | |
| phoenixcontact | fl_switch_3016t | - | |
| phoenixcontact | fl_switch_3006t-2fx_sm_firmware | * | |
| phoenixcontact | fl_switch_3006t-2fx_sm | - | |
| phoenixcontact | fl_switch_4008t-2sfp_firmware | * | |
| phoenixcontact | fl_switch_4008t-2sfp | - | |
| phoenixcontact | fl_switch_4008t-2gt-4fx_sm_firmware | * | |
| phoenixcontact | fl_switch_4008t-2gt-4fx_sm | - | |
| phoenixcontact | fl_switch_4008t-2gt-3fx_sm_firmware | * | |
| phoenixcontact | fl_switch_4008t-2gt-3fx_sm | - | |
| phoenixcontact | fl_switch_4808e-16fx_lc-4gc_firmware | * | |
| phoenixcontact | fl_switch_4808e-16fx_lc-4gc | - | |
| phoenixcontact | fl_switch_4808e-16fx_sm-4gc_firmware | * | |
| phoenixcontact | fl_switch_4808e-16fx_sm-4gc | - | |
| phoenixcontact | fl_switch_4808e-16fx_sm_st-4gc_firmware | * | |
| phoenixcontact | fl_switch_4808e-16fx_sm_st-4gc | - | |
| phoenixcontact | fl_switch_4808e-16fx_st-4gc_firmware | * | |
| phoenixcontact | fl_switch_4808e-16fx_st-4gc | - | |
| phoenixcontact | fl_switch_4808e-16fx-4gc_firmware | * | |
| phoenixcontact | fl_switch_4808e-16fx-4gc | - | |
| phoenixcontact | fl_switch_4808e-16fx_sm_lc-4gc_firmware | * | |
| phoenixcontact | fl_switch_4808e-16fx_sm_lc-4gc | - | |
| phoenixcontact | fl_switch_4012t_2gt_2fx_firmware | * | |
| phoenixcontact | fl_switch_4012t_2gt_2fx | - | |
| phoenixcontact | fl_switch_4012t-2gt-2fx_st_firmware | * | |
| phoenixcontact | fl_switch_4012t-2gt-2fx_st | - | |
| phoenixcontact | fl_switch_4824e-4gc_firmware | * | |
| phoenixcontact | fl_switch_4824e-4gc | - | |
| phoenixcontact | fl_switch_4800e-24fx-4gc_firmware | * | |
| phoenixcontact | fl_switch_4800e-24fx-4gc | - | |
| phoenixcontact | fl_switch_4800e-24fx_sm-4gc_firmware | * | |
| phoenixcontact | fl_switch_4800e-24fx_sm-4gc | - | |
| phoenixcontact | fl_switch_3012e-2fx_sm_firmware | * | |
| phoenixcontact | fl_switch_3012e-2fx_sm | - | |
| phoenixcontact | fl_switch_4000t-8poe-2sfp-r_firmware | * | |
| phoenixcontact | fl_switch_4000t-8poe-2sfp-r | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:fl_switch_3005_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04A47D70-E559-4D83-8BC5-0A5A99BBE046",
"versionEndIncluding": "1.34",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:fl_switch_3005:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDD6E20C-23E3-4D04-879B-2AC6EF428947",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:fl_switch_3005t_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A044EFDC-2F7F-4B07-AD3F-2C3085AD499B",
"versionEndIncluding": "1.34",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:fl_switch_3005t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "378D94CF-D885-42D4-8A0E-21CD748F6807",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:fl_switch_3004t-fx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17E9343C-8760-439D-9E4B-3D6CCA4E2819",
"versionEndIncluding": "1.34",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:fl_switch_3004t-fx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA9C98D8-21D3-45C1-B060-A9A9E2F3C097",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:fl_switch_3004t-fx_st_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C63BBDE7-162C-4E1F-B95C-A96D75B6534D",
"versionEndIncluding": "1.34",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:fl_switch_3004t-fx_st:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7741E125-4A42-49D9-B042-F9CE55635AAC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:fl_switch_3008_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC486493-C679-491D-85C3-65778974F619",
"versionEndIncluding": "1.34",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:fl_switch_3008:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5B6CE354-013E-4F95-BC30-1C9B319EBED2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:fl_switch_3008t_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F287862-E23E-4A75-A678-7498C5319C67",
"versionEndIncluding": "1.34",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:fl_switch_3008t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9AABEF33-10A0-4799-B838-56EDD19DA0C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:fl_switch_3006t-2fx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "066EBCFD-A38E-4CC1-874C-76438F2BBFD2",
"versionEndIncluding": "1.34",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:fl_switch_3006t-2fx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "183345F0-1A43-4721-99C1-6F1A7DF951C5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:fl_switch_3006t-2fx_st_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A709134E-8108-46D5-87B6-B8EFAFC46A57",
"versionEndIncluding": "1.34",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:fl_switch_3006t-2fx_st:-:*:*:*:*:*:*:*",
"matchCriteriaId": "745B393D-B1D4-49B3-B869-54B103DDC09E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:fl_switch_3012e-2sfx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6F59B4-D27B-47BD-9245-113AE40975D4",
"versionEndIncluding": "1.34",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:fl_switch_3012e-2sfx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E73E8DE-CCC4-43EC-8DD5-B8F75EA06A79",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:fl_switch_3016e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA7DFECE-5FD0-426C-A8AD-8FD76DF2686C",
"versionEndIncluding": "1.34",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:fl_switch_3016e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AAE50CC4-384B-499F-BC7D-E66AB2B8D42F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:fl_switch_3016_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F332F2A6-4ADC-44E1-8992-E8EA6439C1F7",
"versionEndIncluding": "1.34",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:fl_switch_3016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE5BBAFE-2229-4472-BED8-30A5A2547746",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:fl_switch_3016t_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB5CA5AA-1388-4718-8A1E-7A84A015A3C9",
"versionEndIncluding": "1.34",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:fl_switch_3016t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "20E4B7B8-0BCF-4A6D-A1D6-D76D7B67277D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:fl_switch_3006t-2fx_sm_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2304E00B-6927-47CD-B8F9-5737C4DFEE0F",
"versionEndIncluding": "1.34",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:fl_switch_3006t-2fx_sm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "94001A55-C569-4FD3-BB74-9EC7D85C1473",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:fl_switch_4008t-2sfp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AFB27CA8-DD29-47D0-ABF8-0749CCD54C1B",
"versionEndIncluding": "1.34",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:fl_switch_4008t-2sfp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8BDDB1D7-3E0C-4C06-B19F-A2FE8F6CC541",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:fl_switch_4008t-2gt-4fx_sm_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5425DCC2-8DFA-45E4-B772-B86787D1D84E",
"versionEndIncluding": "1.34",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:fl_switch_4008t-2gt-4fx_sm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB83F75C-61AD-4161-B7FC-815BB79DD84C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:fl_switch_4008t-2gt-3fx_sm_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "473466B5-3D67-497B-8AB5-39987B5A5D88",
"versionEndIncluding": "1.34",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:fl_switch_4008t-2gt-3fx_sm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59A8884E-A04E-4A52-9CE6-8EE210F6CA8A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:fl_switch_4808e-16fx_lc-4gc_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC53950-9BEF-4DF8-9C38-4424AC38BDC1",
"versionEndIncluding": "1.34",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:fl_switch_4808e-16fx_lc-4gc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D2ACFB7-4685-48F2-8741-AD0ECFC8804E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:fl_switch_4808e-16fx_sm-4gc_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C284DB89-C9FD-489D-A705-85DFAAEB2661",
"versionEndIncluding": "1.34",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:fl_switch_4808e-16fx_sm-4gc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "640ECB9C-3D8C-4BCD-A0AF-AA79DE508FD0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:fl_switch_4808e-16fx_sm_st-4gc_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC4FBE69-214A-4B71-9573-FCCAA9F296F9",
"versionEndIncluding": "1.34",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:fl_switch_4808e-16fx_sm_st-4gc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24767260-220D-40D2-82D4-944DD1557C68",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:fl_switch_4808e-16fx_st-4gc_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7E77B1A-9A78-423B-ADB1-0DE5105012DC",
"versionEndIncluding": "1.34",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:fl_switch_4808e-16fx_st-4gc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D1D7163-5489-47A3-B6DF-13C2C137CD39",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:fl_switch_4808e-16fx-4gc_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3CA8093-6C61-4E0F-89F2-83008B6A3047",
"versionEndIncluding": "1.34",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:fl_switch_4808e-16fx-4gc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA4CF1D6-AEB2-4A75-959A-81F70FE7A634",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:fl_switch_4808e-16fx_sm_lc-4gc_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64552653-D5D2-4002-A255-68080BA13820",
"versionEndIncluding": "1.34",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:fl_switch_4808e-16fx_sm_lc-4gc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A11C522-B022-4F38-9DE9-189BAB367CA6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:fl_switch_4012t_2gt_2fx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F3F0F169-2BA8-48B7-9017-49993D1B1046",
"versionEndIncluding": "1.34",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:fl_switch_4012t_2gt_2fx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BF8A0E7B-0B6D-496C-81A4-077C4D1BA2BA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:fl_switch_4012t-2gt-2fx_st_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA7D5CCD-A27A-47B9-898F-D2C605A7E02F",
"versionEndIncluding": "1.34",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:fl_switch_4012t-2gt-2fx_st:-:*:*:*:*:*:*:*",
"matchCriteriaId": "67F3A41E-72FA-4876-B29C-810A83237E74",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:fl_switch_4824e-4gc_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12C5D49B-B36E-44CE-BDEF-6D092F9F98CC",
"versionEndIncluding": "1.34",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:fl_switch_4824e-4gc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0AF48CE-231F-42F9-BF50-B3E8FB49D0F0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:fl_switch_4800e-24fx-4gc_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D629743-D62B-446F-9365-9CD4F8D4C7C0",
"versionEndIncluding": "1.34",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:fl_switch_4800e-24fx-4gc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5516A419-3B65-4866-91AD-7824C7D93A1E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:fl_switch_4800e-24fx_sm-4gc_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "045FA39D-54C2-4A14-BAE2-4100BE2B9DC9",
"versionEndIncluding": "1.34",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:fl_switch_4800e-24fx_sm-4gc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E9D8EBCA-D4C9-4698-B0A6-78796228ABD7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:fl_switch_3012e-2fx_sm_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31B73742-90A2-412E-B31B-0C3968C66735",
"versionEndIncluding": "1.34",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:fl_switch_3012e-2fx_sm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E13750CC-A1ED-4AC5-BE05-C70B0A8E697D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:fl_switch_4000t-8poe-2sfp-r_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE523BC5-9A74-45D1-8054-5AF8E8DC7C6F",
"versionEndIncluding": "1.34",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:fl_switch_4000t-8poe-2sfp-r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F5C8DB2C-0647-42FC-A401-264A6A00621E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is vulnerable to a denial-of-service attack by making more than 120 connections."
},
{
"lang": "es",
"value": "La interfaz web de usuario de PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versiones desde 1.0 hasta 1.34, es vulnerable a un ataque de denegaci\u00f3n de servicio al realizar mas de 120 conexiones."
}
],
"id": "CVE-2018-13994",
"lastModified": "2024-11-21T03:48:23.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-07T18:29:00.583",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106737"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource",
"VDB Entry"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-024-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106737"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource",
"VDB Entry"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-024-02"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CNVD-2019-03261
Vulnerability from cnvd - Published: 2019-01-28
VLAI Severity ?
Title
Phoenix Contact FL SWITCH拒绝服务漏洞
Description
Phoenix Contact FL SWITCH是德国菲尼克斯电气(Phoenix Contact)集团的一款工业级以太网交换机。
Phoenix Contact FL SWITCH 3xxx 1.35之前版本、4xxx 1.35之前版本和48xx 1.35之前版本中存在拒绝服务漏洞,攻击者可通过进行大量的Web UI连接利用该漏洞造成拒绝服务。
Severity
高
Patch Name
Phoenix Contact FL SWITCH拒绝服务漏洞的补丁
Patch Description
Phoenix Contact FL SWITCH是德国菲尼克斯电气(Phoenix Contact)集团的一款工业级以太网交换机。
Phoenix Contact FL SWITCH 3xxx 1.35之前版本、4xxx 1.35之前版本和48xx 1.35之前版本中存在拒绝服务漏洞,攻击者可通过进行大量的Web UI连接利用该漏洞造成拒绝服务。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://www.phoenixcontact.com
Reference
https://ics-cert.us-cert.gov/advisories/ICSA-19-024-02
Impacted products
| Name | ['PHOENIX CONTACT FL SWITCH 3xxx <1.35', 'PHOENIX CONTACT FL SWITCH 4xxx <1.35', 'PHOENIX CONTACT FL SWITCH 48xx <1.35'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2018-13994"
}
},
"description": "Phoenix Contact FL SWITCH\u662f\u5fb7\u56fd\u83f2\u5c3c\u514b\u65af\u7535\u6c14\uff08Phoenix Contact\uff09\u96c6\u56e2\u7684\u4e00\u6b3e\u5de5\u4e1a\u7ea7\u4ee5\u592a\u7f51\u4ea4\u6362\u673a\u3002\n\nPhoenix Contact FL SWITCH 3xxx 1.35\u4e4b\u524d\u7248\u672c\u30014xxx 1.35\u4e4b\u524d\u7248\u672c\u548c48xx 1.35\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8fdb\u884c\u5927\u91cf\u7684Web UI\u8fde\u63a5\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
"discovererName": "Phoenix Contact",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.phoenixcontact.com",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2019-03261",
"openTime": "2019-01-28",
"patchDescription": "Phoenix Contact FL SWITCH\u662f\u5fb7\u56fd\u83f2\u5c3c\u514b\u65af\u7535\u6c14\uff08Phoenix Contact\uff09\u96c6\u56e2\u7684\u4e00\u6b3e\u5de5\u4e1a\u7ea7\u4ee5\u592a\u7f51\u4ea4\u6362\u673a\u3002\r\n\r\nPhoenix Contact FL SWITCH 3xxx 1.35\u4e4b\u524d\u7248\u672c\u30014xxx 1.35\u4e4b\u524d\u7248\u672c\u548c48xx 1.35\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8fdb\u884c\u5927\u91cf\u7684Web UI\u8fde\u63a5\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Phoenix Contact FL SWITCH\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"PHOENIX CONTACT FL SWITCH 3xxx \u003c1.35",
"PHOENIX CONTACT FL SWITCH 4xxx \u003c1.35",
"PHOENIX CONTACT FL SWITCH 48xx \u003c1.35"
]
},
"referenceLink": "https://ics-cert.us-cert.gov/advisories/ICSA-19-024-02",
"serverity": "\u9ad8",
"submitTime": "2019-01-28",
"title": "Phoenix Contact FL SWITCH\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}
GSD-2018-13994
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is vulnerable to a denial-of-service attack by making more than 120 connections.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-13994",
"description": "The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is vulnerable to a denial-of-service attack by making more than 120 connections.",
"id": "GSD-2018-13994"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-13994"
],
"details": "The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is vulnerable to a denial-of-service attack by making more than 120 connections.",
"id": "GSD-2018-13994",
"modified": "2023-12-13T01:22:27.044169Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13994",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is vulnerable to a denial-of-service attack by making more than 120 connections."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-024-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-024-02"
},
{
"name": "http://www.securityfocus.com/bid/106737",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/106737"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_3005_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.34",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_3005:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_3005t_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.34",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_3005t:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_3004t-fx_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.34",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_3004t-fx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_3004t-fx_st_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.34",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_3004t-fx_st:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_3008_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.34",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_3008:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_3008t_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.34",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_3008t:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_3006t-2fx_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.34",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_3006t-2fx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_3006t-2fx_st_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.34",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_3006t-2fx_st:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_3012e-2sfx_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.34",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_3012e-2sfx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_3016e_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.34",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_3016e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_3016_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.34",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_3016:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_3016t_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.34",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_3016t:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_3006t-2fx_sm_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.34",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_3006t-2fx_sm:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_4008t-2sfp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.34",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_4008t-2sfp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_4008t-2gt-4fx_sm_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.34",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_4008t-2gt-4fx_sm:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_4008t-2gt-3fx_sm_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.34",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_4008t-2gt-3fx_sm:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_4808e-16fx_lc-4gc_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.34",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_4808e-16fx_lc-4gc:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_4808e-16fx_sm-4gc_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.34",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_4808e-16fx_sm-4gc:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_4808e-16fx_sm_st-4gc_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.34",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_4808e-16fx_sm_st-4gc:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_4808e-16fx_st-4gc_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.34",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_4808e-16fx_st-4gc:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_4808e-16fx-4gc_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.34",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_4808e-16fx-4gc:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_4808e-16fx_sm_lc-4gc_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.34",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_4808e-16fx_sm_lc-4gc:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_4012t_2gt_2fx_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.34",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_4012t_2gt_2fx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_4012t-2gt-2fx_st_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.34",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_4012t-2gt-2fx_st:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_4824e-4gc_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.34",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_4824e-4gc:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_4800e-24fx-4gc_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.34",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_4800e-24fx-4gc:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_4800e-24fx_sm-4gc_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.34",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_4800e-24fx_sm-4gc:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_3012e-2fx_sm_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.34",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_3012e-2fx_sm:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_4000t-8poe-2sfp-r_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.34",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_4000t-8poe-2sfp-r:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13994"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is vulnerable to a denial-of-service attack by making more than 120 connections."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-024-02",
"refsource": "MISC",
"tags": [
"US Government Resource",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-024-02"
},
{
"name": "http://www.securityfocus.com/bid/106737",
"refsource": "MISC",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106737"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2019-10-09T23:34Z",
"publishedDate": "2019-05-07T18:29Z"
}
}
}
GHSA-9XC9-7QCM-99R9
Vulnerability from github – Published: 2022-05-24 16:45 – Updated: 2024-04-04 00:32
VLAI?
Details
The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is vulnerable to a denial-of-service attack by making more than 120 connections.
Severity ?
7.5 (High)
{
"affected": [],
"aliases": [
"CVE-2018-13994"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-05-07T18:29:00Z",
"severity": "HIGH"
},
"details": "The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is vulnerable to a denial-of-service attack by making more than 120 connections.",
"id": "GHSA-9xc9-7qcm-99r9",
"modified": "2024-04-04T00:32:11Z",
"published": "2022-05-24T16:45:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13994"
},
{
"type": "WEB",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-024-02"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/106737"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…