Vulnerability-Lookup

VDE-2019-001

Vulnerability from csaf_phoenixcontactgmbhcokg - Published: 2019-01-23 12:02 - Updated: 2025-05-14 13:00

Summary

PHOENIX CONTACT: Multiple Vulnerabilities in FL SWITCH 3xxx, 4xxx and 48xx

Notes

Summary: Multiple vulnerabilities for FL SWITCH have been identified in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx version 1.0 to 1.34.

Impact: [TODO]

Remediation: ## Remediation for CWE-319 (CVE-2018-13992) Customers using Phoenix Contact managed FL SWITCH devices are recommended to enable HTTP security. ## Remediation for Multiple CWEs: (CWE-352 (CVE-2018-13993), CWE-307 (CVE-2018-13990), CWE-400 (CVE-2018-13994), CWE-922 (CVE-2018-13991), CWE-119 (CVE-2017-3735)) Customers using Phoenix Contact managed FL SWITCH devices with affected firmware versions are recommended to update the firmware to version **1.35 or higher**, which fixes these vulnerabilities. The updated firmware may be downloaded from the managed switch product page on the Phoenix Contact website: | Article No. | Model | Updated Firmware | |-------------|--------------------------------|------------------| | 2891033 | FL SWITCH 3004T-FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-2891033?type=firmware_update) | | 2891034 | FL SWITCH 3004T-FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-st-2891034?type=firmware_update) | | 2891030 | FL SWITCH 3005 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005-2891030?type=firmware_update) | | 2891032 | FL SWITCH 3005T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005t-2891032?type=firmware_update) | | 2891036 | FL SWITCH 3006T-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-2891036?type=firmware_update) | | 2891060 | FL SWITCH 3006T-2FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-sm-2891060?type=firmware_update) | | 2891037 | FL SWITCH 3006T-2FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-st-2891037?type=firmware_update) | | 2891031 | FL SWITCH 3008 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008-2891031?type=firmware_update) | | 2891035 | FL SWITCH 3008T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008t-2891035?type=firmware_update) | | 2891120 | FL SWITCH 3012E-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-2891120?type=firmware_update) | | 2891119 | FL SWITCH 3012E-2FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-sm-2891119?type=firmware_update) | | 2891067 | FL SWITCH 3012E-2SFX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2sfx-2891067?type=firmware_update) | | 2891058 | FL SWITCH 3016 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016-2891058?type=firmware_update) | | 2891066 | FL SWITCH 3016E | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016e-2891066?type=firmware_update) | | 2891059 | FL SWITCH 3016T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016t-2891059?type=firmware_update) | | 1026924 | FL SWITCH 4000T-4POE-1SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-4poe-1sfp-1026924?type=firmware_update) | | 1026923 | FL SWITCH 4000T-8POE-2SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-8poe-2sfp-1026923?type=firmware_update) | | 1026922 | FL SWITCH 4004T-8POE-4SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4004t-8poe-4sfp-1026922?type=firmware_update) | | 2891160 | FL SWITCH 4008T-2GT-3FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-3fx-sm-2891160?type=firmware_update) | | 2891061 | FL SWITCH 4008T-2GT-4FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-4fx-sm-2891061?type=firmware_update) | | 2891062 | FL SWITCH 4008T-2SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2sfp-2891062?type=firmware_update) | | 2891063 | FL SWITCH 4012T-2GT-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-2891063?type=firmware_update) | | 2891161 | FL SWITCH 4012T-2GT-2FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-st-2891161?type=firmware_update) | | 2891104 | FL SWITCH 4800E-24FX SM-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-sm-4gc-2891104?type=firmware_update) | | 2891102 | FL SWITCH 4800E-24FX-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-4gc-2891102?type=firmware_update) | | 2891073 | FL SWITCH 4808E-16FX LC-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-lc-4gc-2891073?type=firmware_update) | | 2891074 | FL SWITCH 4808E-16FX SM LC-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-lc-4gc-2891074?type=firmware_update) | | 2891086 | FL SWITCH 4808E-16FX SM ST-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-st-4gc-2891086?type=firmware_update) |

CVE-2018-13994

The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is vulnerable to a denial-of-service attack by making more than 120 connections.

7.5 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Vendor Fix ## Remediation for CWE-319 (CVE-2018-13992) Customers using Phoenix Contact managed FL SWITCH devices are recommended to enable HTTP security. ## Remediation for Multiple CWEs: (CWE-352 (CVE-2018-13993), CWE-307 (CVE-2018-13990), CWE-400 (CVE-2018-13994), CWE-922 (CVE-2018-13991), CWE-119 (CVE-2017-3735)) Customers using Phoenix Contact managed FL SWITCH devices with affected firmware versions are recommended to update the firmware to version **1.35 or higher**, which fixes these vulnerabilities. The updated firmware may be downloaded from the managed switch product page on the Phoenix Contact website: | Article No. | Model | Updated Firmware | |-------------|--------------------------------|------------------| | 2891033 | FL SWITCH 3004T-FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-2891033?type=firmware_update) | | 2891034 | FL SWITCH 3004T-FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-st-2891034?type=firmware_update) | | 2891030 | FL SWITCH 3005 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005-2891030?type=firmware_update) | | 2891032 | FL SWITCH 3005T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005t-2891032?type=firmware_update) | | 2891036 | FL SWITCH 3006T-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-2891036?type=firmware_update) | | 2891060 | FL SWITCH 3006T-2FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-sm-2891060?type=firmware_update) | | 2891037 | FL SWITCH 3006T-2FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-st-2891037?type=firmware_update) | | 2891031 | FL SWITCH 3008 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008-2891031?type=firmware_update) | | 2891035 | FL SWITCH 3008T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008t-2891035?type=firmware_update) | | 2891120 | FL SWITCH 3012E-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-2891120?type=firmware_update) | | 2891119 | FL SWITCH 3012E-2FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-sm-2891119?type=firmware_update) | | 2891067 | FL SWITCH 3012E-2SFX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2sfx-2891067?type=firmware_update) | | 2891058 | FL SWITCH 3016 | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016-2891058?type=firmware_update) | | 2891066 | FL SWITCH 3016E | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016e-2891066?type=firmware_update) | | 2891059 | FL SWITCH 3016T | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016t-2891059?type=firmware_update) | | 1026924 | FL SWITCH 4000T-4POE-1SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-4poe-1sfp-1026924?type=firmware_update) | | 1026923 | FL SWITCH 4000T-8POE-2SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-8poe-2sfp-1026923?type=firmware_update) | | 1026922 | FL SWITCH 4004T-8POE-4SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4004t-8poe-4sfp-1026922?type=firmware_update) | | 2891160 | FL SWITCH 4008T-2GT-3FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-3fx-sm-2891160?type=firmware_update) | | 2891061 | FL SWITCH 4008T-2GT-4FX SM | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-4fx-sm-2891061?type=firmware_update) | | 2891062 | FL SWITCH 4008T-2SFP | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2sfp-2891062?type=firmware_update) | | 2891063 | FL SWITCH 4012T-2GT-2FX | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-2891063?type=firmware_update) | | 2891161 | FL SWITCH 4012T-2GT-2FX ST | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-st-2891161?type=firmware_update) | | 2891104 | FL SWITCH 4800E-24FX SM-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-sm-4gc-2891104?type=firmware_update) | | 2891102 | FL SWITCH 4800E-24FX-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-4gc-2891102?type=firmware_update) | | 2891073 | FL SWITCH 4808E-16FX LC-4GC | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-lc-4gc-2891073?type=firmware_update) | | 2891074 | FL SWITCH 4808E-16FX SM LC-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-lc-4gc-2891074?type=firmware_update) | | 2891086 | FL SWITCH 4808E-16FX SM ST-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-st-4gc-2891086?type=firmware_update) |

CVE-2018-13991

The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 leaks private information in firmware images.

5.3 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

CVE-2017-3735

While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.

5.3 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2018-13993

The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is prone to CSRF.

8.8 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-352 - Cross-Site Request Forgery (CSRF)

CVE-2018-13990

The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions prior to 1.35 is vulnerable to brute-force attacks, because of Improper Restriction of Excessive Authentication Attempts.

9.8 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-287 - Improper Authentication

CVE-2018-13992

The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 allows for plaintext transmission (HTTP) of user credentials by default.

9.8 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-311 - Missing Encryption of Sensitive Data

References

URL

Category

	https://www.phoenixcontact.com/de-de/service-und-…	external
	https://certvde.com/de/advisories/vendor/phoenixc…	external
	https://certvde.com/en/advisories/VDE-2019-001/	self
	https://phoenixcontact.csaf-tp.certvde.com/.well-…	self

Acknowledgments

CERT@VDE certvde.com

Positive Technologies Evgeniy Druzhinin Ilya Karpov Georgy Zaytsev www.phoenixcontact.com

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "organization": "CERT@VDE",
        "summary": "coordination",
        "urls": [
          "https://certvde.com"
        ]
      },
      {
        "names": [
          "Evgeniy Druzhinin",
          "Ilya Karpov",
          "Georgy Zaytsev"
        ],
        "organization": "Positive Technologies",
        "summary": "reporting",
        "urls": [
          "https://www.phoenixcontact.com"
        ]
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-GB",
    "notes": [
      {
        "category": "summary",
        "text": "Multiple vulnerabilities for FL SWITCH have been identified in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx version 1.0 to 1.34.",
        "title": "Summary"
      },
      {
        "category": "description",
        "text": "[TODO]",
        "title": "Impact"
      },
      {
        "category": "description",
        "text": "## Remediation for CWE-319 (CVE-2018-13992)\n\nCustomers using Phoenix Contact managed FL SWITCH devices are recommended to enable HTTP security.\n\n## Remediation for Multiple CWEs:\n(CWE-352 (CVE-2018-13993), CWE-307 (CVE-2018-13990), CWE-400 (CVE-2018-13994), CWE-922 (CVE-2018-13991), CWE-119 (CVE-2017-3735))\n\nCustomers using Phoenix Contact managed FL SWITCH devices with affected firmware versions are recommended to update the firmware to version **1.35 or higher**, which fixes these vulnerabilities.  \nThe updated firmware may be downloaded from the managed switch product page on the Phoenix Contact website:\n\n| Article No. | Model                           | Updated Firmware |\n|-------------|--------------------------------|------------------|\n| 2891033     | FL SWITCH 3004T-FX            | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-2891033?type=firmware_update) |\n| 2891034     | FL SWITCH 3004T-FX ST         | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-st-2891034?type=firmware_update) |\n| 2891030     | FL SWITCH 3005                | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005-2891030?type=firmware_update) |\n| 2891032     | FL SWITCH 3005T               | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005t-2891032?type=firmware_update) |\n| 2891036     | FL SWITCH 3006T-2FX           | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-2891036?type=firmware_update) |\n| 2891060     | FL SWITCH 3006T-2FX SM        | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-sm-2891060?type=firmware_update) |\n| 2891037     | FL SWITCH 3006T-2FX ST        | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-st-2891037?type=firmware_update) |\n| 2891031     | FL SWITCH 3008                | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008-2891031?type=firmware_update) |\n| 2891035     | FL SWITCH 3008T               | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008t-2891035?type=firmware_update) |\n| 2891120     | FL SWITCH 3012E-2FX           | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-2891120?type=firmware_update) |\n| 2891119     | FL SWITCH 3012E-2FX SM        | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-sm-2891119?type=firmware_update) |\n| 2891067     | FL SWITCH 3012E-2SFX          | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2sfx-2891067?type=firmware_update) |\n| 2891058     | FL SWITCH 3016                | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016-2891058?type=firmware_update) |\n| 2891066     | FL SWITCH 3016E               | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016e-2891066?type=firmware_update) |\n| 2891059     | FL SWITCH 3016T               | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016t-2891059?type=firmware_update) |\n| 1026924     | FL SWITCH 4000T-4POE-1SFP     | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-4poe-1sfp-1026924?type=firmware_update) |\n| 1026923     | FL SWITCH 4000T-8POE-2SFP     | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-8poe-2sfp-1026923?type=firmware_update) |\n| 1026922     | FL SWITCH 4004T-8POE-4SFP     | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4004t-8poe-4sfp-1026922?type=firmware_update) |\n| 2891160     | FL SWITCH 4008T-2GT-3FX SM    | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-3fx-sm-2891160?type=firmware_update) |\n| 2891061     | FL SWITCH 4008T-2GT-4FX SM    | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-4fx-sm-2891061?type=firmware_update) |\n| 2891062     | FL SWITCH 4008T-2SFP          | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2sfp-2891062?type=firmware_update) |\n| 2891063     | FL SWITCH 4012T-2GT-2FX       | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-2891063?type=firmware_update) |\n| 2891161     | FL SWITCH 4012T-2GT-2FX ST    | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-st-2891161?type=firmware_update) |\n| 2891104     | FL SWITCH 4800E-24FX SM-4GC   | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-sm-4gc-2891104?type=firmware_update) |\n| 2891102     | FL SWITCH 4800E-24FX-4GC      | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-4gc-2891102?type=firmware_update) |\n| 2891073     | FL SWITCH 4808E-16FX LC-4GC   | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-lc-4gc-2891073?type=firmware_update) |\n| 2891074     | FL SWITCH 4808E-16FX SM LC-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-lc-4gc-2891074?type=firmware_update) |\n| 2891086     | FL SWITCH 4808E-16FX SM ST-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-st-4gc-2891086?type=firmware_update) |",
        "title": "Remediation"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@phoenixcontact.com",
      "name": "Phoenix Contact GmbH \u0026 Co. KG",
      "namespace": "https://phoenixcontact.com/psirt"
    },
    "references": [
      {
        "category": "external",
        "summary": "Phoenix Contact PSIRT ",
        "url": "https://www.phoenixcontact.com/de-de/service-und-support/psirt"
      },
      {
        "category": "external",
        "summary": "CERT@VDE Security Advisories for Phoenix Contact GmbH \u0026 Co. KG",
        "url": "https://certvde.com/de/advisories/vendor/phoenixcontact/"
      },
      {
        "category": "self",
        "summary": "VDE-2019-001: PHOENIX CONTACT: Multiple Vulnerabilities in FL SWITCH 3xxx, 4xxx and 48xx - HTML",
        "url": "https://certvde.com/en/advisories/VDE-2019-001/"
      },
      {
        "category": "self",
        "summary": "VDE-2019-001: PHOENIX CONTACT: Multiple Vulnerabilities in FL SWITCH 3xxx, 4xxx and 48xx - CSAF",
        "url": "https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2019/vde-2019-001.json"
      }
    ],
    "title": "PHOENIX CONTACT: Multiple Vulnerabilities in FL SWITCH 3xxx, 4xxx and 48xx",
    "tracking": {
      "aliases": [
        "VDE-2019-001"
      ],
      "current_release_date": "2025-05-14T13:00:15.000Z",
      "generator": {
        "date": "2025-03-14T10:59:27.750Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.21"
        }
      },
      "id": "VDE-2019-001",
      "initial_release_date": "2019-01-23T12:02:00.000Z",
      "revision_history": [
        {
          "date": "2019-01-23T12:02:00.000Z",
          "number": "1",
          "summary": "Initial revision."
        },
        {
          "date": "2025-05-14T13:00:15.000Z",
          "number": "2",
          "summary": "Fix: added distribution, status to final"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=1.34",
                "product": {
                  "name": "Firmware \u003c=1.34",
                  "product_id": "CSAFPID-21001"
                }
              },
              {
                "category": "product_version",
                "name": "1.35",
                "product": {
                  "name": "Firmware 1.35",
                  "product_id": "CSAFPID-22001"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c1.0",
                "product": {
                  "name": "Firmware \u003c1.0",
                  "product_id": "CSAFPID-22002"
                }
              }
            ],
            "category": "product_family",
            "name": "Firmware"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "FL SWITCH 3004T-FX",
                "product": {
                  "name": "FL SWITCH 3004T-FX",
                  "product_id": "CSAFPID-11001",
                  "product_identification_helper": {
                    "model_numbers": [
                      "2891033"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "FL SWITCH 3004T-FX ST",
                "product": {
                  "name": "FL SWITCH 3004T-FX ST",
                  "product_id": "CSAFPID-11002",
                  "product_identification_helper": {
                    "model_numbers": [
                      "2891034"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "FL SWITCH 3005",
                "product": {
                  "name": "FL SWITCH 3005",
                  "product_id": "CSAFPID-11003",
                  "product_identification_helper": {
                    "model_numbers": [
                      "2891030"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "FL SWITCH 3005T",
                "product": {
                  "name": "FL SWITCH 3005T",
                  "product_id": "CSAFPID-11004",
                  "product_identification_helper": {
                    "model_numbers": [
                      "2891032"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "FL SWITCH 3006T-2FX",
                "product": {
                  "name": "FL SWITCH 3006T-2FX",
                  "product_id": "CSAFPID-11005",
                  "product_identification_helper": {
                    "model_numbers": [
                      "2891036"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "FL SWITCH 3006T-2FX SM",
                "product": {
                  "name": "FL SWITCH 3006T-2FX SM",
                  "product_id": "CSAFPID-11006",
                  "product_identification_helper": {
                    "model_numbers": [
                      "2891060"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "FL SWITCH 3006T-2FX ST",
                "product": {
                  "name": "FL SWITCH 3006T-2FX ST",
                  "product_id": "CSAFPID-11007",
                  "product_identification_helper": {
                    "model_numbers": [
                      "2891037"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "FL SWITCH 3008",
                "product": {
                  "name": "FL SWITCH 3008",
                  "product_id": "CSAFPID-11008",
                  "product_identification_helper": {
                    "model_numbers": [
                      "2891031"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "FL SWITCH 3008T",
                "product": {
                  "name": "FL SWITCH 3008T",
                  "product_id": "CSAFPID-11009",
                  "product_identification_helper": {
                    "model_numbers": [
                      "2891035"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "FL SWITCH 3012E-2FX",
                "product": {
                  "name": "FL SWITCH 3012E-2FX",
                  "product_id": "CSAFPID-11010",
                  "product_identification_helper": {
                    "model_numbers": [
                      "2891120"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "FL SWITCH 3012E-2FX SM",
                "product": {
                  "name": "FL SWITCH 3012E-2FX SM",
                  "product_id": "CSAFPID-11011",
                  "product_identification_helper": {
                    "model_numbers": [
                      "2891119"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "FL SWITCH 3012E-2SFX",
                "product": {
                  "name": "FL SWITCH 3012E-2SFX",
                  "product_id": "CSAFPID-11012",
                  "product_identification_helper": {
                    "model_numbers": [
                      "2891067"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "FL SWITCH 3016",
                "product": {
                  "name": "FL SWITCH 3016",
                  "product_id": "CSAFPID-11013",
                  "product_identification_helper": {
                    "model_numbers": [
                      "2891058"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "FL SWITCH 3016E",
                "product": {
                  "name": "FL SWITCH 3016E",
                  "product_id": "CSAFPID-11014",
                  "product_identification_helper": {
                    "model_numbers": [
                      "2891066"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "FL SWITCH 3016T",
                "product": {
                  "name": "FL SWITCH 3016T",
                  "product_id": "CSAFPID-11015",
                  "product_identification_helper": {
                    "model_numbers": [
                      "2891059"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "FL SWITCH 4000T-4POE-1SFP",
                "product": {
                  "name": "FL SWITCH 4000T-4POE-1SFP",
                  "product_id": "CSAFPID-11016",
                  "product_identification_helper": {
                    "model_numbers": [
                      "1026924"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "FL SWITCH 4000T-8POE-2SFP",
                "product": {
                  "name": "FL SWITCH 4000T-8POE-2SFP",
                  "product_id": "CSAFPID-11017",
                  "product_identification_helper": {
                    "model_numbers": [
                      "1026923"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "FL SWITCH 4004T-8POE-4SFP",
                "product": {
                  "name": "FL SWITCH 4004T-8POE-4SFP",
                  "product_id": "CSAFPID-11018",
                  "product_identification_helper": {
                    "model_numbers": [
                      "1026922"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "FL SWITCH 4008T-2GT-3FX SM",
                "product": {
                  "name": "FL SWITCH 4008T-2GT-3FX SM",
                  "product_id": "CSAFPID-11019",
                  "product_identification_helper": {
                    "model_numbers": [
                      "2891160"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "FL SWITCH 4008T-2GT-4FX SM",
                "product": {
                  "name": "FL SWITCH 4008T-2GT-4FX SM",
                  "product_id": "CSAFPID-11020",
                  "product_identification_helper": {
                    "model_numbers": [
                      "2891061"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "FL SWITCH 4008T-2SFP",
                "product": {
                  "name": "FL SWITCH 4008T-2SFP",
                  "product_id": "CSAFPID-11021",
                  "product_identification_helper": {
                    "model_numbers": [
                      "2891062"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "FL SWITCH 4012T-2GT-2FX",
                "product": {
                  "name": "FL SWITCH 4012T-2GT-2FX",
                  "product_id": "CSAFPID-11022",
                  "product_identification_helper": {
                    "model_numbers": [
                      "2891063"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "FL SWITCH 4012T-2GT-2FX ST",
                "product": {
                  "name": "FL SWITCH 4012T-2GT-2FX ST",
                  "product_id": "CSAFPID-11023",
                  "product_identification_helper": {
                    "model_numbers": [
                      "2891161"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "FL SWITCH 4800E-24FX-4GC",
                "product": {
                  "name": "FL SWITCH 4800E-24FX-4GC",
                  "product_id": "CSAFPID-11024",
                  "product_identification_helper": {
                    "model_numbers": [
                      "2891102"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "FL SWITCH 4800E-24FX SM-4GC",
                "product": {
                  "name": "FL SWITCH 4800E-24FX SM-4GC",
                  "product_id": "CSAFPID-11025",
                  "product_identification_helper": {
                    "model_numbers": [
                      "2891104"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "FL SWITCH 4808E-16FX-4GC",
                "product": {
                  "name": "FL SWITCH 4808E-16FX-4GC",
                  "product_id": "CSAFPID-11026",
                  "product_identification_helper": {
                    "model_numbers": [
                      "2891079"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "FL SWITCH 4808E-16FX LC-4GC",
                "product": {
                  "name": "FL SWITCH 4808E-16FX LC-4GC",
                  "product_id": "CSAFPID-11027",
                  "product_identification_helper": {
                    "model_numbers": [
                      "2891073"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "FL SWITCH 4808E-16FX SM-4GC",
                "product": {
                  "name": "FL SWITCH 4808E-16FX SM-4GC",
                  "product_id": "CSAFPID-11028",
                  "product_identification_helper": {
                    "model_numbers": [
                      "2891080"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "FL SWITCH 4808E-16FX SM LC-4GC",
                "product": {
                  "name": "FL SWITCH 4808E-16FX SM LC-4GC",
                  "product_id": "CSAFPID-11029",
                  "product_identification_helper": {
                    "model_numbers": [
                      "2891074"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "FL SWITCH 4808E-16FX SM ST-4GC",
                "product": {
                  "name": "FL SWITCH 4808E-16FX SM ST-4GC",
                  "product_id": "CSAFPID-11030",
                  "product_identification_helper": {
                    "model_numbers": [
                      "2891086"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "FL SWITCH 4808E-16FX ST-4GC",
                "product": {
                  "name": "FL SWITCH 4808E-16FX ST-4GC",
                  "product_id": "CSAFPID-11031",
                  "product_identification_helper": {
                    "model_numbers": [
                      "2891085"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "FL SWITCH 4824E-4GC",
                "product": {
                  "name": "FL SWITCH 4824E-4GC",
                  "product_id": "CSAFPID-11032",
                  "product_identification_helper": {
                    "model_numbers": [
                      "2891072"
                    ]
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Hardware"
          }
        ],
        "category": "vendor",
        "name": "Phoenix Contact"
      }
    ],
    "product_groups": [
      {
        "group_id": "CSAFGID-0001",
        "product_ids": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-31004",
          "CSAFPID-31005",
          "CSAFPID-31006",
          "CSAFPID-31007",
          "CSAFPID-31008",
          "CSAFPID-31009",
          "CSAFPID-31010",
          "CSAFPID-31011",
          "CSAFPID-31012",
          "CSAFPID-31013",
          "CSAFPID-31014",
          "CSAFPID-31015",
          "CSAFPID-31016",
          "CSAFPID-31017",
          "CSAFPID-31018",
          "CSAFPID-31019",
          "CSAFPID-31020",
          "CSAFPID-31021",
          "CSAFPID-31022",
          "CSAFPID-31023",
          "CSAFPID-31024",
          "CSAFPID-31025",
          "CSAFPID-31026",
          "CSAFPID-31027",
          "CSAFPID-31028",
          "CSAFPID-31029",
          "CSAFPID-31030",
          "CSAFPID-31031",
          "CSAFPID-31032"
        ],
        "summary": "Affected Products."
      },
      {
        "group_id": "CSAFGID-0002",
        "product_ids": [
          "CSAFPID-32001",
          "CSAFPID-32002",
          "CSAFPID-32003",
          "CSAFPID-32004",
          "CSAFPID-32005",
          "CSAFPID-32006",
          "CSAFPID-32007",
          "CSAFPID-32008",
          "CSAFPID-32009",
          "CSAFPID-32010",
          "CSAFPID-32011",
          "CSAFPID-32012",
          "CSAFPID-32013",
          "CSAFPID-32014",
          "CSAFPID-32015",
          "CSAFPID-32016",
          "CSAFPID-32017",
          "CSAFPID-32018",
          "CSAFPID-32019",
          "CSAFPID-32020",
          "CSAFPID-32021",
          "CSAFPID-32022",
          "CSAFPID-32023",
          "CSAFPID-32024",
          "CSAFPID-32025",
          "CSAFPID-32026",
          "CSAFPID-32027",
          "CSAFPID-32028",
          "CSAFPID-32029",
          "CSAFPID-32030",
          "CSAFPID-32031",
          "CSAFPID-32032"
        ],
        "summary": "Fixed Products."
      },
      {
        "group_id": "CSAFGID-0003",
        "product_ids": [
          "CSAFPID-32033",
          "CSAFPID-32034",
          "CSAFPID-32035",
          "CSAFPID-32036",
          "CSAFPID-32037",
          "CSAFPID-32038",
          "CSAFPID-32039",
          "CSAFPID-32040",
          "CSAFPID-32041",
          "CSAFPID-32042",
          "CSAFPID-32043",
          "CSAFPID-32044",
          "CSAFPID-32045",
          "CSAFPID-32046",
          "CSAFPID-32047",
          "CSAFPID-32048",
          "CSAFPID-32049",
          "CSAFPID-32050",
          "CSAFPID-32051",
          "CSAFPID-32052",
          "CSAFPID-32053",
          "CSAFPID-32054",
          "CSAFPID-32055",
          "CSAFPID-32056",
          "CSAFPID-32057",
          "CSAFPID-32058",
          "CSAFPID-32059",
          "CSAFPID-32060",
          "CSAFPID-32061",
          "CSAFPID-32062",
          "CSAFPID-32063",
          "CSAFPID-32064"
        ],
        "summary": "Not Affected Products."
      }
    ],
    "relationships": [
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 1.0 \u003c= 1.34 installed on FL SWITCH 3004T-FX",
          "product_id": "CSAFPID-31001"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=1.34 installed on FL SWITCH 3004T-FX ST",
          "product_id": "CSAFPID-31002"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11002"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=1.34 installed on FL SWITCH 3005",
          "product_id": "CSAFPID-31003"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11003"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=1.34 installed on FL SWITCH 3005T",
          "product_id": "CSAFPID-31004"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11004"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=1.34 installed on FL SWITCH 3006T-2FX",
          "product_id": "CSAFPID-31005"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11005"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=1.34 installed on FL SWITCH 3006T-2FX SM",
          "product_id": "CSAFPID-31006"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11006"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=1.34 installed on FL SWITCH 3006T-2FX ST",
          "product_id": "CSAFPID-31007"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11007"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=1.34 installed on FL SWITCH 3008",
          "product_id": "CSAFPID-31008"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11008"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=1.34 installed on FL SWITCH 3008T",
          "product_id": "CSAFPID-31009"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11009"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=1.34 installed on FL SWITCH 3012E-2FX",
          "product_id": "CSAFPID-31010"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11010"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=1.34 installed on FL SWITCH 3012E-2FX SM",
          "product_id": "CSAFPID-31011"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11011"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=1.34 installed on FL SWITCH 3012E-2SFX",
          "product_id": "CSAFPID-31012"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11012"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=1.34 installed on FL SWITCH 3016",
          "product_id": "CSAFPID-31013"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11013"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=1.34 installed on FL SWITCH 3016E",
          "product_id": "CSAFPID-31014"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11014"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=1.34 installed on FL SWITCH 3016T",
          "product_id": "CSAFPID-31015"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11015"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=1.34 installed on FL SWITCH 4000T-4POE-1SFP",
          "product_id": "CSAFPID-31016"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11016"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=1.34 installed on FL SWITCH 4000T-8POE-2SFP",
          "product_id": "CSAFPID-31017"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11017"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=1.34 installed on FL SWITCH 4004T-8POE-4SFP",
          "product_id": "CSAFPID-31018"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11018"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=1.34 installed on FL SWITCH 4008T-2GT-3FX SM",
          "product_id": "CSAFPID-31019"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11019"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=1.34 installed on FL SWITCH 4008T-2GT-4FX SM",
          "product_id": "CSAFPID-31020"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11020"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=1.34 installed on FL SWITCH 4008T-2SFP",
          "product_id": "CSAFPID-31021"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11021"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=1.34 installed on FL SWITCH 4012T-2GT-2FX",
          "product_id": "CSAFPID-31022"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11022"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=1.34 installed on FL SWITCH 4012T-2GT-2FX ST",
          "product_id": "CSAFPID-31023"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11023"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=1.34 installed on FL SWITCH 4800E-24FX-4GC",
          "product_id": "CSAFPID-31024"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11024"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=1.34 installed on FL SWITCH 4800E-24FX SM-4GC",
          "product_id": "CSAFPID-31025"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11025"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=1.34 installed on FL SWITCH 4808E-16FX-4GC",
          "product_id": "CSAFPID-31026"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11026"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=1.34 installed on FL SWITCH 4808E-16FX LC-4GC",
          "product_id": "CSAFPID-31027"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11027"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=1.34 installed on FL SWITCH 4808E-16FX SM-4GC",
          "product_id": "CSAFPID-31028"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11028"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=1.34 installed on FL SWITCH 4808E-16FX SM LC-4GC",
          "product_id": "CSAFPID-31029"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11029"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=1.34 installed on FL SWITCH 4808E-16FX SM ST-4GC",
          "product_id": "CSAFPID-31030"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11030"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=1.34 installed on FL SWITCH 4808E-16FX ST-4GC",
          "product_id": "CSAFPID-31031"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11031"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=1.34 installed on FL SWITCH 4824E-4GC",
          "product_id": "CSAFPID-31032"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11032"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 1.35 installed on FL SWITCH 3004T-FX",
          "product_id": "CSAFPID-32001"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 1.35 installed on FL SWITCH 3004T-FX ST",
          "product_id": "CSAFPID-32002"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11002"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 1.35 installed on FL SWITCH 3005",
          "product_id": "CSAFPID-32003"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11003"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 1.35 installed on FL SWITCH 3005T",
          "product_id": "CSAFPID-32004"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11004"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 1.35 installed on FL SWITCH 3006T-2FX",
          "product_id": "CSAFPID-32005"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11005"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 1.35 installed on FL SWITCH 3006T-2FX SM",
          "product_id": "CSAFPID-32006"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11006"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 1.35 installed on FL SWITCH 3006T-2FX ST",
          "product_id": "CSAFPID-32007"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11007"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 1.35 installed on FL SWITCH 3008",
          "product_id": "CSAFPID-32008"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11008"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 1.35 installed on FL SWITCH 3008T",
          "product_id": "CSAFPID-32009"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11009"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 1.35 installed on FL SWITCH 3012E-2FX",
          "product_id": "CSAFPID-32010"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11010"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 1.35 installed on FL SWITCH 3012E-2FX SM",
          "product_id": "CSAFPID-32011"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11011"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 1.35 installed on FL SWITCH 3012E-2SFX",
          "product_id": "CSAFPID-32012"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11012"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 1.35 installed on FL SWITCH 3016",
          "product_id": "CSAFPID-32013"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11013"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 1.35 installed on FL SWITCH 3016E",
          "product_id": "CSAFPID-32014"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11014"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 1.35 installed on FL SWITCH 3016T",
          "product_id": "CSAFPID-32015"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11015"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 1.35 installed on FL SWITCH 4000T-4POE-1SFP",
          "product_id": "CSAFPID-32016"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11016"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 1.35 installed on FL SWITCH 4000T-8POE-2SFP",
          "product_id": "CSAFPID-32017"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11017"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 1.35 installed on FL SWITCH 4004T-8POE-4SFP",
          "product_id": "CSAFPID-32018"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11018"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 1.35 installed on FL SWITCH 4008T-2GT-3FX SM",
          "product_id": "CSAFPID-32019"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11019"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 1.35 installed on FL SWITCH 4008T-2GT-4FX SM",
          "product_id": "CSAFPID-32020"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11020"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 1.35 installed on FL SWITCH 4008T-2SFP",
          "product_id": "CSAFPID-32021"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11021"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 1.35 installed on FL SWITCH 4012T-2GT-2FX",
          "product_id": "CSAFPID-32022"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11022"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 1.35 installed on FL SWITCH 4012T-2GT-2FX ST",
          "product_id": "CSAFPID-32023"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11023"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 1.35 installed on FL SWITCH 4800E-24FX-4GC",
          "product_id": "CSAFPID-32024"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11024"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 1.35 installed on FL SWITCH 4800E-24FX SM-4GC",
          "product_id": "CSAFPID-32025"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11025"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 1.35 installed on FL SWITCH 4808E-16FX-4GC",
          "product_id": "CSAFPID-32026"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11026"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 1.35 installed on FL SWITCH 4808E-16FX LC-4GC",
          "product_id": "CSAFPID-32027"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11027"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 1.35 installed on FL SWITCH 4808E-16FX SM-4GC",
          "product_id": "CSAFPID-32028"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11028"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 1.35 installed on FL SWITCH 4808E-16FX SM LC-4GC",
          "product_id": "CSAFPID-32029"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11029"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 1.35 installed on FL SWITCH 4808E-16FX SM ST-4GC",
          "product_id": "CSAFPID-32030"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11030"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 1.35 installed on FL SWITCH 4808E-16FX ST-4GC",
          "product_id": "CSAFPID-32031"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11031"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 1.35 installed on FL SWITCH 4824E-4GC",
          "product_id": "CSAFPID-32032"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11032"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c1.0 installed on FL SWITCH 3004T-FX",
          "product_id": "CSAFPID-32033"
        },
        "product_reference": "CSAFPID-22002",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c1.0 installed on FL SWITCH 3004T-FX ST",
          "product_id": "CSAFPID-32034"
        },
        "product_reference": "CSAFPID-22002",
        "relates_to_product_reference": "CSAFPID-11002"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c1.0 installed on FL SWITCH 3005",
          "product_id": "CSAFPID-32035"
        },
        "product_reference": "CSAFPID-22002",
        "relates_to_product_reference": "CSAFPID-11003"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c1.0 installed on FL SWITCH 3005T",
          "product_id": "CSAFPID-32036"
        },
        "product_reference": "CSAFPID-22002",
        "relates_to_product_reference": "CSAFPID-11004"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c1.0 installed on FL SWITCH 3006T-2FX",
          "product_id": "CSAFPID-32037"
        },
        "product_reference": "CSAFPID-22002",
        "relates_to_product_reference": "CSAFPID-11005"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c1.0 installed on FL SWITCH 3006T-2FX SM",
          "product_id": "CSAFPID-32038"
        },
        "product_reference": "CSAFPID-22002",
        "relates_to_product_reference": "CSAFPID-11006"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c1.0 installed on FL SWITCH 3006T-2FX ST",
          "product_id": "CSAFPID-32039"
        },
        "product_reference": "CSAFPID-22002",
        "relates_to_product_reference": "CSAFPID-11007"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c1.0 installed on FL SWITCH 3008",
          "product_id": "CSAFPID-32040"
        },
        "product_reference": "CSAFPID-22002",
        "relates_to_product_reference": "CSAFPID-11008"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c1.0 installed on FL SWITCH 3008T",
          "product_id": "CSAFPID-32041"
        },
        "product_reference": "CSAFPID-22002",
        "relates_to_product_reference": "CSAFPID-11009"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c1.0 installed on FL SWITCH 3012E-2FX",
          "product_id": "CSAFPID-32042"
        },
        "product_reference": "CSAFPID-22002",
        "relates_to_product_reference": "CSAFPID-11010"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c1.0 installed on FL SWITCH 3012E-2FX SM",
          "product_id": "CSAFPID-32043"
        },
        "product_reference": "CSAFPID-22002",
        "relates_to_product_reference": "CSAFPID-11011"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c1.0 installed on FL SWITCH 3012E-2SFX",
          "product_id": "CSAFPID-32044"
        },
        "product_reference": "CSAFPID-22002",
        "relates_to_product_reference": "CSAFPID-11012"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c1.0 installed on FL SWITCH 3016",
          "product_id": "CSAFPID-32045"
        },
        "product_reference": "CSAFPID-22002",
        "relates_to_product_reference": "CSAFPID-11013"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c1.0 installed on FL SWITCH 3016E",
          "product_id": "CSAFPID-32046"
        },
        "product_reference": "CSAFPID-22002",
        "relates_to_product_reference": "CSAFPID-11014"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c1.0 installed on FL SWITCH 3016T",
          "product_id": "CSAFPID-32047"
        },
        "product_reference": "CSAFPID-22002",
        "relates_to_product_reference": "CSAFPID-11015"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c1.0 installed on FL SWITCH 4000T-4POE-1SFP",
          "product_id": "CSAFPID-32048"
        },
        "product_reference": "CSAFPID-22002",
        "relates_to_product_reference": "CSAFPID-11016"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c1.0 installed on FL SWITCH 4000T-8POE-2SFP",
          "product_id": "CSAFPID-32049"
        },
        "product_reference": "CSAFPID-22002",
        "relates_to_product_reference": "CSAFPID-11017"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c1.0 installed on FL SWITCH 4004T-8POE-4SFP",
          "product_id": "CSAFPID-32050"
        },
        "product_reference": "CSAFPID-22002",
        "relates_to_product_reference": "CSAFPID-11018"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c1.0 installed on FL SWITCH 4008T-2GT-3FX SM",
          "product_id": "CSAFPID-32051"
        },
        "product_reference": "CSAFPID-22002",
        "relates_to_product_reference": "CSAFPID-11019"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c1.0 installed on FL SWITCH 4008T-2GT-4FX SM",
          "product_id": "CSAFPID-32052"
        },
        "product_reference": "CSAFPID-22002",
        "relates_to_product_reference": "CSAFPID-11020"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c1.0 installed on FL SWITCH 4008T-2SFP",
          "product_id": "CSAFPID-32053"
        },
        "product_reference": "CSAFPID-22002",
        "relates_to_product_reference": "CSAFPID-11021"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c1.0 installed on FL SWITCH 4012T-2GT-2FX",
          "product_id": "CSAFPID-32054"
        },
        "product_reference": "CSAFPID-22002",
        "relates_to_product_reference": "CSAFPID-11022"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c1.0 installed on FL SWITCH 4012T-2GT-2FX ST",
          "product_id": "CSAFPID-32055"
        },
        "product_reference": "CSAFPID-22002",
        "relates_to_product_reference": "CSAFPID-11023"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c1.0 installed on FL SWITCH 4800E-24FX-4GC",
          "product_id": "CSAFPID-32056"
        },
        "product_reference": "CSAFPID-22002",
        "relates_to_product_reference": "CSAFPID-11024"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c1.0 installed on FL SWITCH 4800E-24FX SM-4GC",
          "product_id": "CSAFPID-32057"
        },
        "product_reference": "CSAFPID-22002",
        "relates_to_product_reference": "CSAFPID-11025"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c1.0 installed on FL SWITCH 4808E-16FX-4GC",
          "product_id": "CSAFPID-32058"
        },
        "product_reference": "CSAFPID-22002",
        "relates_to_product_reference": "CSAFPID-11026"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c1.0 installed on FL SWITCH 4808E-16FX LC-4GC",
          "product_id": "CSAFPID-32059"
        },
        "product_reference": "CSAFPID-22002",
        "relates_to_product_reference": "CSAFPID-11027"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c1.0 installed on FL SWITCH 4808E-16FX SM-4GC",
          "product_id": "CSAFPID-32060"
        },
        "product_reference": "CSAFPID-22002",
        "relates_to_product_reference": "CSAFPID-11028"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c1.0 installed on FL SWITCH 4808E-16FX SM LC-4GC",
          "product_id": "CSAFPID-32061"
        },
        "product_reference": "CSAFPID-22002",
        "relates_to_product_reference": "CSAFPID-11029"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c1.0 installed on FL SWITCH 4808E-16FX SM ST-4GC",
          "product_id": "CSAFPID-32062"
        },
        "product_reference": "CSAFPID-22002",
        "relates_to_product_reference": "CSAFPID-11030"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c1.0 installed on FL SWITCH 4808E-16FX ST-4GC",
          "product_id": "CSAFPID-32063"
        },
        "product_reference": "CSAFPID-22002",
        "relates_to_product_reference": "CSAFPID-11031"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c1.0 installed on FL SWITCH 4824E-4GC",
          "product_id": "CSAFPID-32064"
        },
        "product_reference": "CSAFPID-22002",
        "relates_to_product_reference": "CSAFPID-11032"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-13994",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "audience": "all",
          "category": "description",
          "text": "The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is vulnerable to a denial-of-service attack by making more than 120 connections.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32001",
          "CSAFPID-32002",
          "CSAFPID-32003",
          "CSAFPID-32004",
          "CSAFPID-32005",
          "CSAFPID-32006",
          "CSAFPID-32007",
          "CSAFPID-32008",
          "CSAFPID-32009",
          "CSAFPID-32010",
          "CSAFPID-32011",
          "CSAFPID-32012",
          "CSAFPID-32013",
          "CSAFPID-32014",
          "CSAFPID-32015",
          "CSAFPID-32016",
          "CSAFPID-32017",
          "CSAFPID-32018",
          "CSAFPID-32019",
          "CSAFPID-32020",
          "CSAFPID-32021",
          "CSAFPID-32022",
          "CSAFPID-32023",
          "CSAFPID-32024",
          "CSAFPID-32025",
          "CSAFPID-32026",
          "CSAFPID-32027",
          "CSAFPID-32028",
          "CSAFPID-32029",
          "CSAFPID-32030",
          "CSAFPID-32031",
          "CSAFPID-32032"
        ],
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-31004",
          "CSAFPID-31005",
          "CSAFPID-31006",
          "CSAFPID-31007",
          "CSAFPID-31008",
          "CSAFPID-31009",
          "CSAFPID-31010",
          "CSAFPID-31011",
          "CSAFPID-31012",
          "CSAFPID-31013",
          "CSAFPID-31014",
          "CSAFPID-31015",
          "CSAFPID-31016",
          "CSAFPID-31017",
          "CSAFPID-31018",
          "CSAFPID-31019",
          "CSAFPID-31020",
          "CSAFPID-31021",
          "CSAFPID-31022",
          "CSAFPID-31023",
          "CSAFPID-31024",
          "CSAFPID-31025",
          "CSAFPID-31026",
          "CSAFPID-31027",
          "CSAFPID-31028",
          "CSAFPID-31029",
          "CSAFPID-31030",
          "CSAFPID-31031",
          "CSAFPID-31032"
        ],
        "known_not_affected": [
          "CSAFPID-32033",
          "CSAFPID-32034",
          "CSAFPID-32035",
          "CSAFPID-32036",
          "CSAFPID-32037",
          "CSAFPID-32038",
          "CSAFPID-32039",
          "CSAFPID-32040",
          "CSAFPID-32041",
          "CSAFPID-32042",
          "CSAFPID-32043",
          "CSAFPID-32044",
          "CSAFPID-32045",
          "CSAFPID-32046",
          "CSAFPID-32047",
          "CSAFPID-32048",
          "CSAFPID-32049",
          "CSAFPID-32050",
          "CSAFPID-32051",
          "CSAFPID-32052",
          "CSAFPID-32053",
          "CSAFPID-32054",
          "CSAFPID-32055",
          "CSAFPID-32056",
          "CSAFPID-32057",
          "CSAFPID-32058",
          "CSAFPID-32059",
          "CSAFPID-32060",
          "CSAFPID-32061",
          "CSAFPID-32062",
          "CSAFPID-32063",
          "CSAFPID-32064"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "## Remediation for CWE-319 (CVE-2018-13992)\n\nCustomers using Phoenix Contact managed FL SWITCH devices are recommended to enable HTTP security.\n\n## Remediation for Multiple CWEs:\n(CWE-352 (CVE-2018-13993), CWE-307 (CVE-2018-13990), CWE-400 (CVE-2018-13994), CWE-922 (CVE-2018-13991), CWE-119 (CVE-2017-3735))\n\nCustomers using Phoenix Contact managed FL SWITCH devices with affected firmware versions are recommended to update the firmware to version **1.35 or higher**, which fixes these vulnerabilities.  \nThe updated firmware may be downloaded from the managed switch product page on the Phoenix Contact website:\n\n| Article No. | Model                           | Updated Firmware |\n|-------------|--------------------------------|------------------|\n| 2891033     | FL SWITCH 3004T-FX            | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-2891033?type=firmware_update) |\n| 2891034     | FL SWITCH 3004T-FX ST         | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-st-2891034?type=firmware_update) |\n| 2891030     | FL SWITCH 3005                | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005-2891030?type=firmware_update) |\n| 2891032     | FL SWITCH 3005T               | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005t-2891032?type=firmware_update) |\n| 2891036     | FL SWITCH 3006T-2FX           | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-2891036?type=firmware_update) |\n| 2891060     | FL SWITCH 3006T-2FX SM        | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-sm-2891060?type=firmware_update) |\n| 2891037     | FL SWITCH 3006T-2FX ST        | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-st-2891037?type=firmware_update) |\n| 2891031     | FL SWITCH 3008                | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008-2891031?type=firmware_update) |\n| 2891035     | FL SWITCH 3008T               | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008t-2891035?type=firmware_update) |\n| 2891120     | FL SWITCH 3012E-2FX           | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-2891120?type=firmware_update) |\n| 2891119     | FL SWITCH 3012E-2FX SM        | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-sm-2891119?type=firmware_update) |\n| 2891067     | FL SWITCH 3012E-2SFX          | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2sfx-2891067?type=firmware_update) |\n| 2891058     | FL SWITCH 3016                | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016-2891058?type=firmware_update) |\n| 2891066     | FL SWITCH 3016E               | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016e-2891066?type=firmware_update) |\n| 2891059     | FL SWITCH 3016T               | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016t-2891059?type=firmware_update) |\n| 1026924     | FL SWITCH 4000T-4POE-1SFP     | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-4poe-1sfp-1026924?type=firmware_update) |\n| 1026923     | FL SWITCH 4000T-8POE-2SFP     | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-8poe-2sfp-1026923?type=firmware_update) |\n| 1026922     | FL SWITCH 4004T-8POE-4SFP     | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4004t-8poe-4sfp-1026922?type=firmware_update) |\n| 2891160     | FL SWITCH 4008T-2GT-3FX SM    | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-3fx-sm-2891160?type=firmware_update) |\n| 2891061     | FL SWITCH 4008T-2GT-4FX SM    | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-4fx-sm-2891061?type=firmware_update) |\n| 2891062     | FL SWITCH 4008T-2SFP          | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2sfp-2891062?type=firmware_update) |\n| 2891063     | FL SWITCH 4012T-2GT-2FX       | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-2891063?type=firmware_update) |\n| 2891161     | FL SWITCH 4012T-2GT-2FX ST    | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-st-2891161?type=firmware_update) |\n| 2891104     | FL SWITCH 4800E-24FX SM-4GC   | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-sm-4gc-2891104?type=firmware_update) |\n| 2891102     | FL SWITCH 4800E-24FX-4GC      | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-4gc-2891102?type=firmware_update) |\n| 2891073     | FL SWITCH 4808E-16FX LC-4GC   | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-lc-4gc-2891073?type=firmware_update) |\n| 2891074     | FL SWITCH 4808E-16FX SM LC-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-lc-4gc-2891074?type=firmware_update) |\n| 2891086     | FL SWITCH 4808E-16FX SM ST-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-st-4gc-2891086?type=firmware_update) |",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003",
            "CSAFPID-31004",
            "CSAFPID-31005",
            "CSAFPID-31006",
            "CSAFPID-31007",
            "CSAFPID-31008",
            "CSAFPID-31009",
            "CSAFPID-31010",
            "CSAFPID-31011",
            "CSAFPID-31012",
            "CSAFPID-31013",
            "CSAFPID-31014",
            "CSAFPID-31015",
            "CSAFPID-31016",
            "CSAFPID-31017",
            "CSAFPID-31018",
            "CSAFPID-31019",
            "CSAFPID-31020",
            "CSAFPID-31021",
            "CSAFPID-31022",
            "CSAFPID-31023",
            "CSAFPID-31024",
            "CSAFPID-31025",
            "CSAFPID-31026",
            "CSAFPID-31027",
            "CSAFPID-31028",
            "CSAFPID-31029",
            "CSAFPID-31030",
            "CSAFPID-31031",
            "CSAFPID-31032"
          ]
        }
      ],
      "title": "CVE-2018-13994"
    },
    {
      "cve": "CVE-2018-13991",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "audience": "all",
          "category": "description",
          "text": "The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 leaks private information in firmware images.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32001",
          "CSAFPID-32002",
          "CSAFPID-32003",
          "CSAFPID-32004",
          "CSAFPID-32005",
          "CSAFPID-32006",
          "CSAFPID-32007",
          "CSAFPID-32008",
          "CSAFPID-32009",
          "CSAFPID-32010",
          "CSAFPID-32011",
          "CSAFPID-32012",
          "CSAFPID-32013",
          "CSAFPID-32014",
          "CSAFPID-32015",
          "CSAFPID-32016",
          "CSAFPID-32017",
          "CSAFPID-32018",
          "CSAFPID-32019",
          "CSAFPID-32020",
          "CSAFPID-32021",
          "CSAFPID-32022",
          "CSAFPID-32023",
          "CSAFPID-32024",
          "CSAFPID-32025",
          "CSAFPID-32026",
          "CSAFPID-32027",
          "CSAFPID-32028",
          "CSAFPID-32029",
          "CSAFPID-32030",
          "CSAFPID-32031",
          "CSAFPID-32032"
        ],
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-31004",
          "CSAFPID-31005",
          "CSAFPID-31006",
          "CSAFPID-31007",
          "CSAFPID-31008",
          "CSAFPID-31009",
          "CSAFPID-31010",
          "CSAFPID-31011",
          "CSAFPID-31012",
          "CSAFPID-31013",
          "CSAFPID-31014",
          "CSAFPID-31015",
          "CSAFPID-31016",
          "CSAFPID-31017",
          "CSAFPID-31018",
          "CSAFPID-31019",
          "CSAFPID-31020",
          "CSAFPID-31021",
          "CSAFPID-31022",
          "CSAFPID-31023",
          "CSAFPID-31024",
          "CSAFPID-31025",
          "CSAFPID-31026",
          "CSAFPID-31027",
          "CSAFPID-31028",
          "CSAFPID-31029",
          "CSAFPID-31030",
          "CSAFPID-31031",
          "CSAFPID-31032"
        ],
        "known_not_affected": [
          "CSAFPID-32033",
          "CSAFPID-32034",
          "CSAFPID-32035",
          "CSAFPID-32036",
          "CSAFPID-32037",
          "CSAFPID-32038",
          "CSAFPID-32039",
          "CSAFPID-32040",
          "CSAFPID-32041",
          "CSAFPID-32042",
          "CSAFPID-32043",
          "CSAFPID-32044",
          "CSAFPID-32045",
          "CSAFPID-32046",
          "CSAFPID-32047",
          "CSAFPID-32048",
          "CSAFPID-32049",
          "CSAFPID-32050",
          "CSAFPID-32051",
          "CSAFPID-32052",
          "CSAFPID-32053",
          "CSAFPID-32054",
          "CSAFPID-32055",
          "CSAFPID-32056",
          "CSAFPID-32057",
          "CSAFPID-32058",
          "CSAFPID-32059",
          "CSAFPID-32060",
          "CSAFPID-32061",
          "CSAFPID-32062",
          "CSAFPID-32063",
          "CSAFPID-32064"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "## Remediation for CWE-319 (CVE-2018-13992)\n\nCustomers using Phoenix Contact managed FL SWITCH devices are recommended to enable HTTP security.\n\n## Remediation for Multiple CWEs:\n(CWE-352 (CVE-2018-13993), CWE-307 (CVE-2018-13990), CWE-400 (CVE-2018-13994), CWE-922 (CVE-2018-13991), CWE-119 (CVE-2017-3735))\n\nCustomers using Phoenix Contact managed FL SWITCH devices with affected firmware versions are recommended to update the firmware to version **1.35 or higher**, which fixes these vulnerabilities.  \nThe updated firmware may be downloaded from the managed switch product page on the Phoenix Contact website:\n\n| Article No. | Model                           | Updated Firmware |\n|-------------|--------------------------------|------------------|\n| 2891033     | FL SWITCH 3004T-FX            | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-2891033?type=firmware_update) |\n| 2891034     | FL SWITCH 3004T-FX ST         | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-st-2891034?type=firmware_update) |\n| 2891030     | FL SWITCH 3005                | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005-2891030?type=firmware_update) |\n| 2891032     | FL SWITCH 3005T               | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005t-2891032?type=firmware_update) |\n| 2891036     | FL SWITCH 3006T-2FX           | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-2891036?type=firmware_update) |\n| 2891060     | FL SWITCH 3006T-2FX SM        | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-sm-2891060?type=firmware_update) |\n| 2891037     | FL SWITCH 3006T-2FX ST        | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-st-2891037?type=firmware_update) |\n| 2891031     | FL SWITCH 3008                | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008-2891031?type=firmware_update) |\n| 2891035     | FL SWITCH 3008T               | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008t-2891035?type=firmware_update) |\n| 2891120     | FL SWITCH 3012E-2FX           | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-2891120?type=firmware_update) |\n| 2891119     | FL SWITCH 3012E-2FX SM        | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-sm-2891119?type=firmware_update) |\n| 2891067     | FL SWITCH 3012E-2SFX          | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2sfx-2891067?type=firmware_update) |\n| 2891058     | FL SWITCH 3016                | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016-2891058?type=firmware_update) |\n| 2891066     | FL SWITCH 3016E               | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016e-2891066?type=firmware_update) |\n| 2891059     | FL SWITCH 3016T               | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016t-2891059?type=firmware_update) |\n| 1026924     | FL SWITCH 4000T-4POE-1SFP     | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-4poe-1sfp-1026924?type=firmware_update) |\n| 1026923     | FL SWITCH 4000T-8POE-2SFP     | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-8poe-2sfp-1026923?type=firmware_update) |\n| 1026922     | FL SWITCH 4004T-8POE-4SFP     | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4004t-8poe-4sfp-1026922?type=firmware_update) |\n| 2891160     | FL SWITCH 4008T-2GT-3FX SM    | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-3fx-sm-2891160?type=firmware_update) |\n| 2891061     | FL SWITCH 4008T-2GT-4FX SM    | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-4fx-sm-2891061?type=firmware_update) |\n| 2891062     | FL SWITCH 4008T-2SFP          | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2sfp-2891062?type=firmware_update) |\n| 2891063     | FL SWITCH 4012T-2GT-2FX       | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-2891063?type=firmware_update) |\n| 2891161     | FL SWITCH 4012T-2GT-2FX ST    | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-st-2891161?type=firmware_update) |\n| 2891104     | FL SWITCH 4800E-24FX SM-4GC   | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-sm-4gc-2891104?type=firmware_update) |\n| 2891102     | FL SWITCH 4800E-24FX-4GC      | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-4gc-2891102?type=firmware_update) |\n| 2891073     | FL SWITCH 4808E-16FX LC-4GC   | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-lc-4gc-2891073?type=firmware_update) |\n| 2891074     | FL SWITCH 4808E-16FX SM LC-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-lc-4gc-2891074?type=firmware_update) |\n| 2891086     | FL SWITCH 4808E-16FX SM ST-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-st-4gc-2891086?type=firmware_update) |",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003",
            "CSAFPID-31004",
            "CSAFPID-31005",
            "CSAFPID-31006",
            "CSAFPID-31007",
            "CSAFPID-31008",
            "CSAFPID-31009",
            "CSAFPID-31010",
            "CSAFPID-31011",
            "CSAFPID-31012",
            "CSAFPID-31013",
            "CSAFPID-31014",
            "CSAFPID-31015",
            "CSAFPID-31016",
            "CSAFPID-31017",
            "CSAFPID-31018",
            "CSAFPID-31019",
            "CSAFPID-31020",
            "CSAFPID-31021",
            "CSAFPID-31022",
            "CSAFPID-31023",
            "CSAFPID-31024",
            "CSAFPID-31025",
            "CSAFPID-31026",
            "CSAFPID-31027",
            "CSAFPID-31028",
            "CSAFPID-31029",
            "CSAFPID-31030",
            "CSAFPID-31031",
            "CSAFPID-31032"
          ]
        }
      ],
      "title": "CVE-2018-13991"
    },
    {
      "cve": "CVE-2017-3735",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "audience": "all",
          "category": "description",
          "text": "While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32001",
          "CSAFPID-32002",
          "CSAFPID-32003",
          "CSAFPID-32004",
          "CSAFPID-32005",
          "CSAFPID-32006",
          "CSAFPID-32007",
          "CSAFPID-32008",
          "CSAFPID-32009",
          "CSAFPID-32010",
          "CSAFPID-32011",
          "CSAFPID-32012",
          "CSAFPID-32013",
          "CSAFPID-32014",
          "CSAFPID-32015",
          "CSAFPID-32016",
          "CSAFPID-32017",
          "CSAFPID-32018",
          "CSAFPID-32019",
          "CSAFPID-32020",
          "CSAFPID-32021",
          "CSAFPID-32022",
          "CSAFPID-32023",
          "CSAFPID-32024",
          "CSAFPID-32025",
          "CSAFPID-32026",
          "CSAFPID-32027",
          "CSAFPID-32028",
          "CSAFPID-32029",
          "CSAFPID-32030",
          "CSAFPID-32031",
          "CSAFPID-32032"
        ],
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-31004",
          "CSAFPID-31005",
          "CSAFPID-31006",
          "CSAFPID-31007",
          "CSAFPID-31008",
          "CSAFPID-31009",
          "CSAFPID-31010",
          "CSAFPID-31011",
          "CSAFPID-31012",
          "CSAFPID-31013",
          "CSAFPID-31014",
          "CSAFPID-31015",
          "CSAFPID-31016",
          "CSAFPID-31017",
          "CSAFPID-31018",
          "CSAFPID-31019",
          "CSAFPID-31020",
          "CSAFPID-31021",
          "CSAFPID-31022",
          "CSAFPID-31023",
          "CSAFPID-31024",
          "CSAFPID-31025",
          "CSAFPID-31026",
          "CSAFPID-31027",
          "CSAFPID-31028",
          "CSAFPID-31029",
          "CSAFPID-31030",
          "CSAFPID-31031",
          "CSAFPID-31032"
        ],
        "known_not_affected": [
          "CSAFPID-32033",
          "CSAFPID-32034",
          "CSAFPID-32035",
          "CSAFPID-32036",
          "CSAFPID-32037",
          "CSAFPID-32038",
          "CSAFPID-32039",
          "CSAFPID-32040",
          "CSAFPID-32041",
          "CSAFPID-32042",
          "CSAFPID-32043",
          "CSAFPID-32044",
          "CSAFPID-32045",
          "CSAFPID-32046",
          "CSAFPID-32047",
          "CSAFPID-32048",
          "CSAFPID-32049",
          "CSAFPID-32050",
          "CSAFPID-32051",
          "CSAFPID-32052",
          "CSAFPID-32053",
          "CSAFPID-32054",
          "CSAFPID-32055",
          "CSAFPID-32056",
          "CSAFPID-32057",
          "CSAFPID-32058",
          "CSAFPID-32059",
          "CSAFPID-32060",
          "CSAFPID-32061",
          "CSAFPID-32062",
          "CSAFPID-32063",
          "CSAFPID-32064"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "## Remediation for CWE-319 (CVE-2018-13992)\n\nCustomers using Phoenix Contact managed FL SWITCH devices are recommended to enable HTTP security.\n\n## Remediation for Multiple CWEs:\n(CWE-352 (CVE-2018-13993), CWE-307 (CVE-2018-13990), CWE-400 (CVE-2018-13994), CWE-922 (CVE-2018-13991), CWE-119 (CVE-2017-3735))\n\nCustomers using Phoenix Contact managed FL SWITCH devices with affected firmware versions are recommended to update the firmware to version **1.35 or higher**, which fixes these vulnerabilities.  \nThe updated firmware may be downloaded from the managed switch product page on the Phoenix Contact website:\n\n| Article No. | Model                           | Updated Firmware |\n|-------------|--------------------------------|------------------|\n| 2891033     | FL SWITCH 3004T-FX            | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-2891033?type=firmware_update) |\n| 2891034     | FL SWITCH 3004T-FX ST         | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-st-2891034?type=firmware_update) |\n| 2891030     | FL SWITCH 3005                | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005-2891030?type=firmware_update) |\n| 2891032     | FL SWITCH 3005T               | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005t-2891032?type=firmware_update) |\n| 2891036     | FL SWITCH 3006T-2FX           | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-2891036?type=firmware_update) |\n| 2891060     | FL SWITCH 3006T-2FX SM        | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-sm-2891060?type=firmware_update) |\n| 2891037     | FL SWITCH 3006T-2FX ST        | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-st-2891037?type=firmware_update) |\n| 2891031     | FL SWITCH 3008                | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008-2891031?type=firmware_update) |\n| 2891035     | FL SWITCH 3008T               | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008t-2891035?type=firmware_update) |\n| 2891120     | FL SWITCH 3012E-2FX           | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-2891120?type=firmware_update) |\n| 2891119     | FL SWITCH 3012E-2FX SM        | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-sm-2891119?type=firmware_update) |\n| 2891067     | FL SWITCH 3012E-2SFX          | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2sfx-2891067?type=firmware_update) |\n| 2891058     | FL SWITCH 3016                | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016-2891058?type=firmware_update) |\n| 2891066     | FL SWITCH 3016E               | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016e-2891066?type=firmware_update) |\n| 2891059     | FL SWITCH 3016T               | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016t-2891059?type=firmware_update) |\n| 1026924     | FL SWITCH 4000T-4POE-1SFP     | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-4poe-1sfp-1026924?type=firmware_update) |\n| 1026923     | FL SWITCH 4000T-8POE-2SFP     | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-8poe-2sfp-1026923?type=firmware_update) |\n| 1026922     | FL SWITCH 4004T-8POE-4SFP     | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4004t-8poe-4sfp-1026922?type=firmware_update) |\n| 2891160     | FL SWITCH 4008T-2GT-3FX SM    | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-3fx-sm-2891160?type=firmware_update) |\n| 2891061     | FL SWITCH 4008T-2GT-4FX SM    | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-4fx-sm-2891061?type=firmware_update) |\n| 2891062     | FL SWITCH 4008T-2SFP          | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2sfp-2891062?type=firmware_update) |\n| 2891063     | FL SWITCH 4012T-2GT-2FX       | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-2891063?type=firmware_update) |\n| 2891161     | FL SWITCH 4012T-2GT-2FX ST    | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-st-2891161?type=firmware_update) |\n| 2891104     | FL SWITCH 4800E-24FX SM-4GC   | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-sm-4gc-2891104?type=firmware_update) |\n| 2891102     | FL SWITCH 4800E-24FX-4GC      | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-4gc-2891102?type=firmware_update) |\n| 2891073     | FL SWITCH 4808E-16FX LC-4GC   | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-lc-4gc-2891073?type=firmware_update) |\n| 2891074     | FL SWITCH 4808E-16FX SM LC-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-lc-4gc-2891074?type=firmware_update) |\n| 2891086     | FL SWITCH 4808E-16FX SM ST-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-st-4gc-2891086?type=firmware_update) |",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003",
            "CSAFPID-31004",
            "CSAFPID-31005",
            "CSAFPID-31006",
            "CSAFPID-31007",
            "CSAFPID-31008",
            "CSAFPID-31009",
            "CSAFPID-31010",
            "CSAFPID-31011",
            "CSAFPID-31012",
            "CSAFPID-31013",
            "CSAFPID-31014",
            "CSAFPID-31015",
            "CSAFPID-31016",
            "CSAFPID-31017",
            "CSAFPID-31018",
            "CSAFPID-31019",
            "CSAFPID-31020",
            "CSAFPID-31021",
            "CSAFPID-31022",
            "CSAFPID-31023",
            "CSAFPID-31024",
            "CSAFPID-31025",
            "CSAFPID-31026",
            "CSAFPID-31027",
            "CSAFPID-31028",
            "CSAFPID-31029",
            "CSAFPID-31030",
            "CSAFPID-31031",
            "CSAFPID-31032"
          ]
        }
      ],
      "title": "CVE-2017-3735"
    },
    {
      "cve": "CVE-2018-13993",
      "cwe": {
        "id": "CWE-352",
        "name": "Cross-Site Request Forgery (CSRF)"
      },
      "notes": [
        {
          "audience": "all",
          "category": "description",
          "text": "The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is prone to CSRF.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32001",
          "CSAFPID-32002",
          "CSAFPID-32003",
          "CSAFPID-32004",
          "CSAFPID-32005",
          "CSAFPID-32006",
          "CSAFPID-32007",
          "CSAFPID-32008",
          "CSAFPID-32009",
          "CSAFPID-32010",
          "CSAFPID-32011",
          "CSAFPID-32012",
          "CSAFPID-32013",
          "CSAFPID-32014",
          "CSAFPID-32015",
          "CSAFPID-32016",
          "CSAFPID-32017",
          "CSAFPID-32018",
          "CSAFPID-32019",
          "CSAFPID-32020",
          "CSAFPID-32021",
          "CSAFPID-32022",
          "CSAFPID-32023",
          "CSAFPID-32024",
          "CSAFPID-32025",
          "CSAFPID-32026",
          "CSAFPID-32027",
          "CSAFPID-32028",
          "CSAFPID-32029",
          "CSAFPID-32030",
          "CSAFPID-32031",
          "CSAFPID-32032"
        ],
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-31004",
          "CSAFPID-31005",
          "CSAFPID-31006",
          "CSAFPID-31007",
          "CSAFPID-31008",
          "CSAFPID-31009",
          "CSAFPID-31010",
          "CSAFPID-31011",
          "CSAFPID-31012",
          "CSAFPID-31013",
          "CSAFPID-31014",
          "CSAFPID-31015",
          "CSAFPID-31016",
          "CSAFPID-31017",
          "CSAFPID-31018",
          "CSAFPID-31019",
          "CSAFPID-31020",
          "CSAFPID-31021",
          "CSAFPID-31022",
          "CSAFPID-31023",
          "CSAFPID-31024",
          "CSAFPID-31025",
          "CSAFPID-31026",
          "CSAFPID-31027",
          "CSAFPID-31028",
          "CSAFPID-31029",
          "CSAFPID-31030",
          "CSAFPID-31031",
          "CSAFPID-31032"
        ],
        "known_not_affected": [
          "CSAFPID-32033",
          "CSAFPID-32034",
          "CSAFPID-32035",
          "CSAFPID-32036",
          "CSAFPID-32037",
          "CSAFPID-32038",
          "CSAFPID-32039",
          "CSAFPID-32040",
          "CSAFPID-32041",
          "CSAFPID-32042",
          "CSAFPID-32043",
          "CSAFPID-32044",
          "CSAFPID-32045",
          "CSAFPID-32046",
          "CSAFPID-32047",
          "CSAFPID-32048",
          "CSAFPID-32049",
          "CSAFPID-32050",
          "CSAFPID-32051",
          "CSAFPID-32052",
          "CSAFPID-32053",
          "CSAFPID-32054",
          "CSAFPID-32055",
          "CSAFPID-32056",
          "CSAFPID-32057",
          "CSAFPID-32058",
          "CSAFPID-32059",
          "CSAFPID-32060",
          "CSAFPID-32061",
          "CSAFPID-32062",
          "CSAFPID-32063",
          "CSAFPID-32064"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "## Remediation for CWE-319 (CVE-2018-13992)\n\nCustomers using Phoenix Contact managed FL SWITCH devices are recommended to enable HTTP security.\n\n## Remediation for Multiple CWEs:\n(CWE-352 (CVE-2018-13993), CWE-307 (CVE-2018-13990), CWE-400 (CVE-2018-13994), CWE-922 (CVE-2018-13991), CWE-119 (CVE-2017-3735))\n\nCustomers using Phoenix Contact managed FL SWITCH devices with affected firmware versions are recommended to update the firmware to version **1.35 or higher**, which fixes these vulnerabilities.  \nThe updated firmware may be downloaded from the managed switch product page on the Phoenix Contact website:\n\n| Article No. | Model                           | Updated Firmware |\n|-------------|--------------------------------|------------------|\n| 2891033     | FL SWITCH 3004T-FX            | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-2891033?type=firmware_update) |\n| 2891034     | FL SWITCH 3004T-FX ST         | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-st-2891034?type=firmware_update) |\n| 2891030     | FL SWITCH 3005                | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005-2891030?type=firmware_update) |\n| 2891032     | FL SWITCH 3005T               | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005t-2891032?type=firmware_update) |\n| 2891036     | FL SWITCH 3006T-2FX           | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-2891036?type=firmware_update) |\n| 2891060     | FL SWITCH 3006T-2FX SM        | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-sm-2891060?type=firmware_update) |\n| 2891037     | FL SWITCH 3006T-2FX ST        | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-st-2891037?type=firmware_update) |\n| 2891031     | FL SWITCH 3008                | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008-2891031?type=firmware_update) |\n| 2891035     | FL SWITCH 3008T               | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008t-2891035?type=firmware_update) |\n| 2891120     | FL SWITCH 3012E-2FX           | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-2891120?type=firmware_update) |\n| 2891119     | FL SWITCH 3012E-2FX SM        | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-sm-2891119?type=firmware_update) |\n| 2891067     | FL SWITCH 3012E-2SFX          | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2sfx-2891067?type=firmware_update) |\n| 2891058     | FL SWITCH 3016                | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016-2891058?type=firmware_update) |\n| 2891066     | FL SWITCH 3016E               | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016e-2891066?type=firmware_update) |\n| 2891059     | FL SWITCH 3016T               | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016t-2891059?type=firmware_update) |\n| 1026924     | FL SWITCH 4000T-4POE-1SFP     | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-4poe-1sfp-1026924?type=firmware_update) |\n| 1026923     | FL SWITCH 4000T-8POE-2SFP     | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-8poe-2sfp-1026923?type=firmware_update) |\n| 1026922     | FL SWITCH 4004T-8POE-4SFP     | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4004t-8poe-4sfp-1026922?type=firmware_update) |\n| 2891160     | FL SWITCH 4008T-2GT-3FX SM    | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-3fx-sm-2891160?type=firmware_update) |\n| 2891061     | FL SWITCH 4008T-2GT-4FX SM    | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-4fx-sm-2891061?type=firmware_update) |\n| 2891062     | FL SWITCH 4008T-2SFP          | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2sfp-2891062?type=firmware_update) |\n| 2891063     | FL SWITCH 4012T-2GT-2FX       | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-2891063?type=firmware_update) |\n| 2891161     | FL SWITCH 4012T-2GT-2FX ST    | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-st-2891161?type=firmware_update) |\n| 2891104     | FL SWITCH 4800E-24FX SM-4GC   | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-sm-4gc-2891104?type=firmware_update) |\n| 2891102     | FL SWITCH 4800E-24FX-4GC      | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-4gc-2891102?type=firmware_update) |\n| 2891073     | FL SWITCH 4808E-16FX LC-4GC   | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-lc-4gc-2891073?type=firmware_update) |\n| 2891074     | FL SWITCH 4808E-16FX SM LC-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-lc-4gc-2891074?type=firmware_update) |\n| 2891086     | FL SWITCH 4808E-16FX SM ST-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-st-4gc-2891086?type=firmware_update) |",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003",
            "CSAFPID-31004",
            "CSAFPID-31005",
            "CSAFPID-31006",
            "CSAFPID-31007",
            "CSAFPID-31008",
            "CSAFPID-31009",
            "CSAFPID-31010",
            "CSAFPID-31011",
            "CSAFPID-31012",
            "CSAFPID-31013",
            "CSAFPID-31014",
            "CSAFPID-31015",
            "CSAFPID-31016",
            "CSAFPID-31017",
            "CSAFPID-31018",
            "CSAFPID-31019",
            "CSAFPID-31020",
            "CSAFPID-31021",
            "CSAFPID-31022",
            "CSAFPID-31023",
            "CSAFPID-31024",
            "CSAFPID-31025",
            "CSAFPID-31026",
            "CSAFPID-31027",
            "CSAFPID-31028",
            "CSAFPID-31029",
            "CSAFPID-31030",
            "CSAFPID-31031",
            "CSAFPID-31032"
          ]
        }
      ],
      "title": "CVE-2018-13993"
    },
    {
      "cve": "CVE-2018-13990",
      "cwe": {
        "id": "CWE-287",
        "name": "Improper Authentication"
      },
      "notes": [
        {
          "audience": "all",
          "category": "description",
          "text": "The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions prior to 1.35 is vulnerable to brute-force attacks, because of Improper Restriction of Excessive Authentication Attempts.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32001",
          "CSAFPID-32002",
          "CSAFPID-32003",
          "CSAFPID-32004",
          "CSAFPID-32005",
          "CSAFPID-32006",
          "CSAFPID-32007",
          "CSAFPID-32008",
          "CSAFPID-32009",
          "CSAFPID-32010",
          "CSAFPID-32011",
          "CSAFPID-32012",
          "CSAFPID-32013",
          "CSAFPID-32014",
          "CSAFPID-32015",
          "CSAFPID-32016",
          "CSAFPID-32017",
          "CSAFPID-32018",
          "CSAFPID-32019",
          "CSAFPID-32020",
          "CSAFPID-32021",
          "CSAFPID-32022",
          "CSAFPID-32023",
          "CSAFPID-32024",
          "CSAFPID-32025",
          "CSAFPID-32026",
          "CSAFPID-32027",
          "CSAFPID-32028",
          "CSAFPID-32029",
          "CSAFPID-32030",
          "CSAFPID-32031",
          "CSAFPID-32032"
        ],
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-31004",
          "CSAFPID-31005",
          "CSAFPID-31006",
          "CSAFPID-31007",
          "CSAFPID-31008",
          "CSAFPID-31009",
          "CSAFPID-31010",
          "CSAFPID-31011",
          "CSAFPID-31012",
          "CSAFPID-31013",
          "CSAFPID-31014",
          "CSAFPID-31015",
          "CSAFPID-31016",
          "CSAFPID-31017",
          "CSAFPID-31018",
          "CSAFPID-31019",
          "CSAFPID-31020",
          "CSAFPID-31021",
          "CSAFPID-31022",
          "CSAFPID-31023",
          "CSAFPID-31024",
          "CSAFPID-31025",
          "CSAFPID-31026",
          "CSAFPID-31027",
          "CSAFPID-31028",
          "CSAFPID-31029",
          "CSAFPID-31030",
          "CSAFPID-31031",
          "CSAFPID-31032"
        ],
        "known_not_affected": [
          "CSAFPID-32033",
          "CSAFPID-32034",
          "CSAFPID-32035",
          "CSAFPID-32036",
          "CSAFPID-32037",
          "CSAFPID-32038",
          "CSAFPID-32039",
          "CSAFPID-32040",
          "CSAFPID-32041",
          "CSAFPID-32042",
          "CSAFPID-32043",
          "CSAFPID-32044",
          "CSAFPID-32045",
          "CSAFPID-32046",
          "CSAFPID-32047",
          "CSAFPID-32048",
          "CSAFPID-32049",
          "CSAFPID-32050",
          "CSAFPID-32051",
          "CSAFPID-32052",
          "CSAFPID-32053",
          "CSAFPID-32054",
          "CSAFPID-32055",
          "CSAFPID-32056",
          "CSAFPID-32057",
          "CSAFPID-32058",
          "CSAFPID-32059",
          "CSAFPID-32060",
          "CSAFPID-32061",
          "CSAFPID-32062",
          "CSAFPID-32063",
          "CSAFPID-32064"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "## Remediation for CWE-319 (CVE-2018-13992)\n\nCustomers using Phoenix Contact managed FL SWITCH devices are recommended to enable HTTP security.\n\n## Remediation for Multiple CWEs:\n(CWE-352 (CVE-2018-13993), CWE-307 (CVE-2018-13990), CWE-400 (CVE-2018-13994), CWE-922 (CVE-2018-13991), CWE-119 (CVE-2017-3735))\n\nCustomers using Phoenix Contact managed FL SWITCH devices with affected firmware versions are recommended to update the firmware to version **1.35 or higher**, which fixes these vulnerabilities.  \nThe updated firmware may be downloaded from the managed switch product page on the Phoenix Contact website:\n\n| Article No. | Model                           | Updated Firmware |\n|-------------|--------------------------------|------------------|\n| 2891033     | FL SWITCH 3004T-FX            | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-2891033?type=firmware_update) |\n| 2891034     | FL SWITCH 3004T-FX ST         | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-st-2891034?type=firmware_update) |\n| 2891030     | FL SWITCH 3005                | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005-2891030?type=firmware_update) |\n| 2891032     | FL SWITCH 3005T               | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005t-2891032?type=firmware_update) |\n| 2891036     | FL SWITCH 3006T-2FX           | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-2891036?type=firmware_update) |\n| 2891060     | FL SWITCH 3006T-2FX SM        | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-sm-2891060?type=firmware_update) |\n| 2891037     | FL SWITCH 3006T-2FX ST        | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-st-2891037?type=firmware_update) |\n| 2891031     | FL SWITCH 3008                | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008-2891031?type=firmware_update) |\n| 2891035     | FL SWITCH 3008T               | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008t-2891035?type=firmware_update) |\n| 2891120     | FL SWITCH 3012E-2FX           | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-2891120?type=firmware_update) |\n| 2891119     | FL SWITCH 3012E-2FX SM        | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-sm-2891119?type=firmware_update) |\n| 2891067     | FL SWITCH 3012E-2SFX          | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2sfx-2891067?type=firmware_update) |\n| 2891058     | FL SWITCH 3016                | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016-2891058?type=firmware_update) |\n| 2891066     | FL SWITCH 3016E               | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016e-2891066?type=firmware_update) |\n| 2891059     | FL SWITCH 3016T               | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016t-2891059?type=firmware_update) |\n| 1026924     | FL SWITCH 4000T-4POE-1SFP     | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-4poe-1sfp-1026924?type=firmware_update) |\n| 1026923     | FL SWITCH 4000T-8POE-2SFP     | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-8poe-2sfp-1026923?type=firmware_update) |\n| 1026922     | FL SWITCH 4004T-8POE-4SFP     | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4004t-8poe-4sfp-1026922?type=firmware_update) |\n| 2891160     | FL SWITCH 4008T-2GT-3FX SM    | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-3fx-sm-2891160?type=firmware_update) |\n| 2891061     | FL SWITCH 4008T-2GT-4FX SM    | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-4fx-sm-2891061?type=firmware_update) |\n| 2891062     | FL SWITCH 4008T-2SFP          | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2sfp-2891062?type=firmware_update) |\n| 2891063     | FL SWITCH 4012T-2GT-2FX       | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-2891063?type=firmware_update) |\n| 2891161     | FL SWITCH 4012T-2GT-2FX ST    | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-st-2891161?type=firmware_update) |\n| 2891104     | FL SWITCH 4800E-24FX SM-4GC   | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-sm-4gc-2891104?type=firmware_update) |\n| 2891102     | FL SWITCH 4800E-24FX-4GC      | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-4gc-2891102?type=firmware_update) |\n| 2891073     | FL SWITCH 4808E-16FX LC-4GC   | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-lc-4gc-2891073?type=firmware_update) |\n| 2891074     | FL SWITCH 4808E-16FX SM LC-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-lc-4gc-2891074?type=firmware_update) |\n| 2891086     | FL SWITCH 4808E-16FX SM ST-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-st-4gc-2891086?type=firmware_update) |",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003",
            "CSAFPID-31004",
            "CSAFPID-31005",
            "CSAFPID-31006",
            "CSAFPID-31007",
            "CSAFPID-31008",
            "CSAFPID-31009",
            "CSAFPID-31010",
            "CSAFPID-31011",
            "CSAFPID-31012",
            "CSAFPID-31013",
            "CSAFPID-31014",
            "CSAFPID-31015",
            "CSAFPID-31016",
            "CSAFPID-31017",
            "CSAFPID-31018",
            "CSAFPID-31019",
            "CSAFPID-31020",
            "CSAFPID-31021",
            "CSAFPID-31022",
            "CSAFPID-31023",
            "CSAFPID-31024",
            "CSAFPID-31025",
            "CSAFPID-31026",
            "CSAFPID-31027",
            "CSAFPID-31028",
            "CSAFPID-31029",
            "CSAFPID-31030",
            "CSAFPID-31031",
            "CSAFPID-31032"
          ]
        }
      ],
      "title": "CVE-2018-13990"
    },
    {
      "cve": "CVE-2018-13992",
      "cwe": {
        "id": "CWE-311",
        "name": "Missing Encryption of Sensitive Data"
      },
      "notes": [
        {
          "audience": "all",
          "category": "description",
          "text": "The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 allows for plaintext transmission (HTTP) of user credentials by default.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32001",
          "CSAFPID-32002",
          "CSAFPID-32003",
          "CSAFPID-32004",
          "CSAFPID-32005",
          "CSAFPID-32006",
          "CSAFPID-32007",
          "CSAFPID-32008",
          "CSAFPID-32009",
          "CSAFPID-32010",
          "CSAFPID-32011",
          "CSAFPID-32012",
          "CSAFPID-32013",
          "CSAFPID-32014",
          "CSAFPID-32015",
          "CSAFPID-32016",
          "CSAFPID-32017",
          "CSAFPID-32018",
          "CSAFPID-32019",
          "CSAFPID-32020",
          "CSAFPID-32021",
          "CSAFPID-32022",
          "CSAFPID-32023",
          "CSAFPID-32024",
          "CSAFPID-32025",
          "CSAFPID-32026",
          "CSAFPID-32027",
          "CSAFPID-32028",
          "CSAFPID-32029",
          "CSAFPID-32030",
          "CSAFPID-32031",
          "CSAFPID-32032"
        ],
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-31004",
          "CSAFPID-31005",
          "CSAFPID-31006",
          "CSAFPID-31007",
          "CSAFPID-31008",
          "CSAFPID-31009",
          "CSAFPID-31010",
          "CSAFPID-31011",
          "CSAFPID-31012",
          "CSAFPID-31013",
          "CSAFPID-31014",
          "CSAFPID-31015",
          "CSAFPID-31016",
          "CSAFPID-31017",
          "CSAFPID-31018",
          "CSAFPID-31019",
          "CSAFPID-31020",
          "CSAFPID-31021",
          "CSAFPID-31022",
          "CSAFPID-31023",
          "CSAFPID-31024",
          "CSAFPID-31025",
          "CSAFPID-31026",
          "CSAFPID-31027",
          "CSAFPID-31028",
          "CSAFPID-31029",
          "CSAFPID-31030",
          "CSAFPID-31031",
          "CSAFPID-31032"
        ],
        "known_not_affected": [
          "CSAFPID-32033",
          "CSAFPID-32034",
          "CSAFPID-32035",
          "CSAFPID-32036",
          "CSAFPID-32037",
          "CSAFPID-32038",
          "CSAFPID-32039",
          "CSAFPID-32040",
          "CSAFPID-32041",
          "CSAFPID-32042",
          "CSAFPID-32043",
          "CSAFPID-32044",
          "CSAFPID-32045",
          "CSAFPID-32046",
          "CSAFPID-32047",
          "CSAFPID-32048",
          "CSAFPID-32049",
          "CSAFPID-32050",
          "CSAFPID-32051",
          "CSAFPID-32052",
          "CSAFPID-32053",
          "CSAFPID-32054",
          "CSAFPID-32055",
          "CSAFPID-32056",
          "CSAFPID-32057",
          "CSAFPID-32058",
          "CSAFPID-32059",
          "CSAFPID-32060",
          "CSAFPID-32061",
          "CSAFPID-32062",
          "CSAFPID-32063",
          "CSAFPID-32064"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "## Remediation for CWE-319 (CVE-2018-13992)\n\nCustomers using Phoenix Contact managed FL SWITCH devices are recommended to enable HTTP security.\n\n## Remediation for Multiple CWEs:\n(CWE-352 (CVE-2018-13993), CWE-307 (CVE-2018-13990), CWE-400 (CVE-2018-13994), CWE-922 (CVE-2018-13991), CWE-119 (CVE-2017-3735))\n\nCustomers using Phoenix Contact managed FL SWITCH devices with affected firmware versions are recommended to update the firmware to version **1.35 or higher**, which fixes these vulnerabilities.  \nThe updated firmware may be downloaded from the managed switch product page on the Phoenix Contact website:\n\n| Article No. | Model                           | Updated Firmware |\n|-------------|--------------------------------|------------------|\n| 2891033     | FL SWITCH 3004T-FX            | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-2891033?type=firmware_update) |\n| 2891034     | FL SWITCH 3004T-FX ST         | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3004t-fx-st-2891034?type=firmware_update) |\n| 2891030     | FL SWITCH 3005                | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005-2891030?type=firmware_update) |\n| 2891032     | FL SWITCH 3005T               | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3005t-2891032?type=firmware_update) |\n| 2891036     | FL SWITCH 3006T-2FX           | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-2891036?type=firmware_update) |\n| 2891060     | FL SWITCH 3006T-2FX SM        | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-sm-2891060?type=firmware_update) |\n| 2891037     | FL SWITCH 3006T-2FX ST        | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3006t-2fx-st-2891037?type=firmware_update) |\n| 2891031     | FL SWITCH 3008                | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008-2891031?type=firmware_update) |\n| 2891035     | FL SWITCH 3008T               | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3008t-2891035?type=firmware_update) |\n| 2891120     | FL SWITCH 3012E-2FX           | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-2891120?type=firmware_update) |\n| 2891119     | FL SWITCH 3012E-2FX SM        | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2fx-sm-2891119?type=firmware_update) |\n| 2891067     | FL SWITCH 3012E-2SFX          | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3012e-2sfx-2891067?type=firmware_update) |\n| 2891058     | FL SWITCH 3016                | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016-2891058?type=firmware_update) |\n| 2891066     | FL SWITCH 3016E               | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016e-2891066?type=firmware_update) |\n| 2891059     | FL SWITCH 3016T               | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-3016t-2891059?type=firmware_update) |\n| 1026924     | FL SWITCH 4000T-4POE-1SFP     | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-4poe-1sfp-1026924?type=firmware_update) |\n| 1026923     | FL SWITCH 4000T-8POE-2SFP     | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4000t-8poe-2sfp-1026923?type=firmware_update) |\n| 1026922     | FL SWITCH 4004T-8POE-4SFP     | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4004t-8poe-4sfp-1026922?type=firmware_update) |\n| 2891160     | FL SWITCH 4008T-2GT-3FX SM    | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-3fx-sm-2891160?type=firmware_update) |\n| 2891061     | FL SWITCH 4008T-2GT-4FX SM    | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2gt-4fx-sm-2891061?type=firmware_update) |\n| 2891062     | FL SWITCH 4008T-2SFP          | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4008t-2sfp-2891062?type=firmware_update) |\n| 2891063     | FL SWITCH 4012T-2GT-2FX       | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-2891063?type=firmware_update) |\n| 2891161     | FL SWITCH 4012T-2GT-2FX ST    | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4012t-2gt-2fx-st-2891161?type=firmware_update) |\n| 2891104     | FL SWITCH 4800E-24FX SM-4GC   | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-sm-4gc-2891104?type=firmware_update) |\n| 2891102     | FL SWITCH 4800E-24FX-4GC      | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4800e-24fx-4gc-2891102?type=firmware_update) |\n| 2891073     | FL SWITCH 4808E-16FX LC-4GC   | [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-lc-4gc-2891073?type=firmware_update) |\n| 2891074     | FL SWITCH 4808E-16FX SM LC-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-lc-4gc-2891074?type=firmware_update) |\n| 2891086     | FL SWITCH 4808E-16FX SM ST-4GC| [Download](https://www.phoenixcontact.com/de-de/produkte/switch-fl-switch-4808e-16fx-sm-st-4gc-2891086?type=firmware_update) |",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003",
            "CSAFPID-31004",
            "CSAFPID-31005",
            "CSAFPID-31006",
            "CSAFPID-31007",
            "CSAFPID-31008",
            "CSAFPID-31009",
            "CSAFPID-31010",
            "CSAFPID-31011",
            "CSAFPID-31012",
            "CSAFPID-31013",
            "CSAFPID-31014",
            "CSAFPID-31015",
            "CSAFPID-31016",
            "CSAFPID-31017",
            "CSAFPID-31018",
            "CSAFPID-31019",
            "CSAFPID-31020",
            "CSAFPID-31021",
            "CSAFPID-31022",
            "CSAFPID-31023",
            "CSAFPID-31024",
            "CSAFPID-31025",
            "CSAFPID-31026",
            "CSAFPID-31027",
            "CSAFPID-31028",
            "CSAFPID-31029",
            "CSAFPID-31030",
            "CSAFPID-31031",
            "CSAFPID-31032"
          ]
        }
      ],
      "title": "CVE-2018-13992"
    }
  ]
}

CVE-2017-3735 (GCVE-0-2017-3735)

Vulnerability from cvelistv5 – Published: 2017-08-28 19:00 – Updated: 2024-09-16 21:08

Summary

Severity ?

No CVSS data available.

CWE

out of bounds read

Assigner

openssl

References

URL

Tags

	http://www.securitytracker.com/id/1039726	vdb-entry
	https://usn.ubuntu.com/3611-2/	vendor-advisory
	https://www.debian.org/security/2017/dsa-4018	vendor-advisory
	https://security.gentoo.org/glsa/201712-03	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2017…	mailing-list
	https://access.redhat.com/errata/RHSA-2018:3505	vendor-advisory
	https://www.debian.org/security/2017/dsa-4017	vendor-advisory
	https://access.redhat.com/errata/RHSA-2018:3221	vendor-advisory
	http://www.securityfocus.com/bid/100515	vdb-entry
	https://security.FreeBSD.org/advisories/FreeBSD-S…	vendor-advisory
	http://www.oracle.com/technetwork/security-adviso…
	http://www.oracle.com/technetwork/security-adviso…
	http://www.oracle.com/technetwork/security-adviso…
	http://www.oracle.com/technetwork/security-adviso…
	https://www.oracle.com/technetwork/security-advis…
	https://www.oracle.com/technetwork/security-advis…
	https://www.oracle.com/technetwork/security-advis…
	https://www.oracle.com//security-alerts/cpujul2021.html
	https://security.netapp.com/advisory/ntap-2017110…
	https://support.apple.com/HT208331
	https://github.com/openssl/openssl/commit/068b963…
	https://security.netapp.com/advisory/ntap-2017092…
	https://www.tenable.com/security/tns-2017-15
	https://www.openssl.org/news/secadv/20171102.txt
	https://www.tenable.com/security/tns-2017-14
	https://www.openssl.org/news/secadv/20170828.txt
	https://cert-portal.siemens.com/productcert/pdf/s…

Impacted products

	Vendor	Product	Version
	OpenSSL Software Foundation	OpenSSL	Affected: 1.1.0 Affected: 1.0.2

Date Public ?

2017-08-28 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:39:41.087Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1039726",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039726"
          },
          {
            "name": "USN-3611-2",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3611-2/"
          },
          {
            "name": "DSA-4018",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-4018"
          },
          {
            "name": "GLSA-201712-03",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201712-03"
          },
          {
            "name": "[debian-lts-announce] 20171109 [SECURITY] [DLA-1157-1] openssl security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00011.html"
          },
          {
            "name": "RHSA-2018:3505",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3505"
          },
          {
            "name": "DSA-4017",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-4017"
          },
          {
            "name": "RHSA-2018:3221",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3221"
          },
          {
            "name": "100515",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100515"
          },
          {
            "name": "FreeBSD-SA-17:11",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:11.openssl.asc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20171107-0002/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT208331"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/openssl/openssl/commit/068b963bb7afc57f5bdd723de0dd15e7795d5822"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20170927-0001/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2017-15"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20171102.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2017-14"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20170828.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenSSL",
          "vendor": "OpenSSL Software Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "1.1.0"
            },
            {
              "status": "affected",
              "version": "1.0.2"
            }
          ]
        }
      ],
      "datePublic": "2017-08-28T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "out of bounds read",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00.000Z",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "1039726",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1039726"
        },
        {
          "name": "USN-3611-2",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://usn.ubuntu.com/3611-2/"
        },
        {
          "name": "DSA-4018",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2017/dsa-4018"
        },
        {
          "name": "GLSA-201712-03",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201712-03"
        },
        {
          "name": "[debian-lts-announce] 20171109 [SECURITY] [DLA-1157-1] openssl security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00011.html"
        },
        {
          "name": "RHSA-2018:3505",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3505"
        },
        {
          "name": "DSA-4017",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2017/dsa-4017"
        },
        {
          "name": "RHSA-2018:3221",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3221"
        },
        {
          "name": "100515",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/100515"
        },
        {
          "name": "FreeBSD-SA-17:11",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:11.openssl.asc"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
        },
        {
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
        },
        {
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
        },
        {
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20171107-0002/"
        },
        {
          "url": "https://support.apple.com/HT208331"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/068b963bb7afc57f5bdd723de0dd15e7795d5822"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20170927-0001/"
        },
        {
          "url": "https://www.tenable.com/security/tns-2017-15"
        },
        {
          "url": "https://www.openssl.org/news/secadv/20171102.txt"
        },
        {
          "url": "https://www.tenable.com/security/tns-2017-14"
        },
        {
          "url": "https://www.openssl.org/news/secadv/20170828.txt"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2017-3735",
    "datePublished": "2017-08-28T19:00:00.000Z",
    "dateReserved": "2016-12-16T00:00:00.000Z",
    "dateUpdated": "2024-09-16T21:08:28.987Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-13993 (GCVE-0-2018-13993)

Vulnerability from cvelistv5 – Published: 2019-05-07 17:32 – Updated: 2024-08-05 09:21

Summary

The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is prone to CSRF.

Severity ?

8.8 (High)


                        
                          CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:R

CWE

Assigner

mitre

References

URL

Tags

	https://ics-cert.us-cert.gov/advisories/ICSA-19-024-02	x_refsource_MISC
	http://www.securityfocus.com/bid/106737	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T09:21:40.827Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-024-02"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106737"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is prone to CSRF."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:R",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-07T17:32:25.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-024-02"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.securityfocus.com/bid/106737"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-13993",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is prone to CSRF."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:R",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-024-02",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-024-02"
            },
            {
              "name": "http://www.securityfocus.com/bid/106737",
              "refsource": "MISC",
              "url": "http://www.securityfocus.com/bid/106737"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-13993",
    "datePublished": "2019-05-07T17:32:25.000Z",
    "dateReserved": "2018-07-11T00:00:00.000Z",
    "dateUpdated": "2024-08-05T09:21:40.827Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-13991 (GCVE-0-2018-13991)

Vulnerability from cvelistv5 – Published: 2019-05-07 17:24 – Updated: 2024-08-05 09:21

Summary

The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 leaks private information in firmware images.

Severity ?

5.3 (Medium)


                        
                          CVSS:3.0/AC:L/AV:N/A:N/C:L/I:N/PR:N/S:U/UI:N

CWE

Assigner

mitre

References

URL

Tags

	https://ics-cert.us-cert.gov/advisories/ICSA-19-024-02	x_refsource_MISC
	http://www.securityfocus.com/bid/106737	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T09:21:40.924Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-024-02"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106737"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 leaks private information in firmware images."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:L/I:N/PR:N/S:U/UI:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-07T17:24:24.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-024-02"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.securityfocus.com/bid/106737"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-13991",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 leaks private information in firmware images."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:L/I:N/PR:N/S:U/UI:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-024-02",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-024-02"
            },
            {
              "name": "http://www.securityfocus.com/bid/106737",
              "refsource": "MISC",
              "url": "http://www.securityfocus.com/bid/106737"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-13991",
    "datePublished": "2019-05-07T17:24:24.000Z",
    "dateReserved": "2018-07-11T00:00:00.000Z",
    "dateUpdated": "2024-08-05T09:21:40.924Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-13990 (GCVE-0-2018-13990)

Vulnerability from cvelistv5 – Published: 2019-05-06 18:47 – Updated: 2024-08-05 09:21

Summary

The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions prior to 1.35 is vulnerable to brute-force attacks, because of Improper Restriction of Excessive Authentication Attempts.

Severity ?

8.6 (High)


                        
                          CVSS:3.0/AC:L/AV:N/A:L/C:H/I:L/PR:N/S:U/UI:N

CWE

Assigner

mitre

References

URL

Tags

	https://ics-cert.us-cert.gov/advisories/ICSA-19-024-02	x_refsource_MISC
	http://www.securityfocus.com/bid/106737	x_refsource_MISC

Date Public ?

2019-01-24 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T09:21:40.970Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-024-02"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106737"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2019-01-24T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions prior to 1.35 is vulnerable to brute-force attacks, because of Improper Restriction of Excessive Authentication Attempts."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AC:L/AV:N/A:L/C:H/I:L/PR:N/S:U/UI:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-06T18:47:16.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-024-02"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.securityfocus.com/bid/106737"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-13990",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions prior to 1.35 is vulnerable to brute-force attacks, because of Improper Restriction of Excessive Authentication Attempts."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AC:L/AV:N/A:L/C:H/I:L/PR:N/S:U/UI:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-024-02",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-024-02"
            },
            {
              "name": "http://www.securityfocus.com/bid/106737",
              "refsource": "MISC",
              "url": "http://www.securityfocus.com/bid/106737"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-13990",
    "datePublished": "2019-05-06T18:47:16.000Z",
    "dateReserved": "2018-07-11T00:00:00.000Z",
    "dateUpdated": "2024-08-05T09:21:40.970Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-13992 (GCVE-0-2018-13992)

Vulnerability from cvelistv5 – Published: 2019-05-07 17:28 – Updated: 2024-08-05 09:21

Summary

The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 allows for plaintext transmission (HTTP) of user credentials by default.

Severity ?

8.2 (High)


                        
                          CVSS:3.0/AC:L/AV:N/A:N/C:H/I:L/PR:N/S:U/UI:N

CWE

Assigner

mitre

References

URL

Tags

	https://ics-cert.us-cert.gov/advisories/ICSA-19-024-02	x_refsource_MISC
	http://www.securityfocus.com/bid/106737	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T09:21:40.731Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-024-02"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106737"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 allows for plaintext transmission (HTTP) of user credentials by default."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:H/I:L/PR:N/S:U/UI:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-07T17:28:17.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-024-02"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.securityfocus.com/bid/106737"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-13992",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 allows for plaintext transmission (HTTP) of user credentials by default."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:H/I:L/PR:N/S:U/UI:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-024-02",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-024-02"
            },
            {
              "name": "http://www.securityfocus.com/bid/106737",
              "refsource": "MISC",
              "url": "http://www.securityfocus.com/bid/106737"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-13992",
    "datePublished": "2019-05-07T17:28:17.000Z",
    "dateReserved": "2018-07-11T00:00:00.000Z",
    "dateUpdated": "2024-08-05T09:21:40.731Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-13994 (GCVE-0-2018-13994)

Vulnerability from cvelistv5 – Published: 2019-05-07 17:36 – Updated: 2024-08-05 09:21

Summary

The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is vulnerable to a denial-of-service attack by making more than 120 connections.

Severity ?

7.5 (High)


                        
                          CVSS:3.0/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N

CWE

Assigner

mitre

References

URL

Tags

	https://ics-cert.us-cert.gov/advisories/ICSA-19-024-02	x_refsource_MISC
	http://www.securityfocus.com/bid/106737	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T09:21:40.712Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-024-02"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106737"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is vulnerable to a denial-of-service attack by making more than 120 connections."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-07T17:36:17.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-024-02"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.securityfocus.com/bid/106737"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-13994",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is vulnerable to a denial-of-service attack by making more than 120 connections."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-024-02",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-024-02"
            },
            {
              "name": "http://www.securityfocus.com/bid/106737",
              "refsource": "MISC",
              "url": "http://www.securityfocus.com/bid/106737"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-13994",
    "datePublished": "2019-05-07T17:36:17.000Z",
    "dateReserved": "2018-07-11T00:00:00.000Z",
    "dateUpdated": "2024-08-05T09:21:40.712Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

VDE-2019-001

CVE-2017-3735 (GCVE-0-2017-3735)

CVE-2018-13993 (GCVE-0-2018-13993)

CVE-2018-13991 (GCVE-0-2018-13991)

CVE-2018-13990 (GCVE-0-2018-13990)

CVE-2018-13992 (GCVE-0-2018-13992)

CVE-2018-13994 (GCVE-0-2018-13994)

Tags

Sightings

Nomenclature