VAR-201905-0723
Vulnerability from variot - Updated: 2023-12-18 11:02The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions prior to 1.35 is vulnerable to brute-force attacks, because of Improper Restriction of Excessive Authentication Attempts. plural PHOENIX CONTACT FL SWITCH The product contains authentication vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PHOENIX CONTACT FL SWITCH Series are prone to the following security vulnerabilities: 1. A cross-site request-forgery vulnerability. 2. An authentication-bypass vulnerability. 3. Multiple information-disclosure vulnerabilities. 4. A denial-of-service vulnerability. Attackers can exploit these issues to bypass the authentication process, obtain sensitive information, and perform unauthorized actions. Failed exploit attempts will likely cause a denial-of-service condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-0723",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fl switch 3006t-2fx st",
"scope": "lt",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.35"
},
{
"model": "fl switch 3005",
"scope": "lt",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.35"
},
{
"model": "fl switch 4800e-24fx sm-4gc",
"scope": "lt",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.35"
},
{
"model": "fl switch 4008t-2gt-4fx sm",
"scope": "lt",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.35"
},
{
"model": "fl switch 4008t-2gt-3fx sm",
"scope": "lt",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.35"
},
{
"model": "fl switch 3016t",
"scope": "lt",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.35"
},
{
"model": "fl switch 3006t-2fx",
"scope": "lt",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.35"
},
{
"model": "fl switch 3004t-fx",
"scope": "lt",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.35"
},
{
"model": "fl switch 3005t",
"scope": "lt",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.35"
},
{
"model": "fl switch 3008t",
"scope": "lt",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.35"
},
{
"model": "fl switch 4800e-24fx-4gc",
"scope": "lt",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.35"
},
{
"model": "fl switch 3012e-2fx sm",
"scope": "lt",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.35"
},
{
"model": "fl switch 4808e-16fx-4gc",
"scope": "lt",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.35"
},
{
"model": "fl switch 3012e-2sfx",
"scope": "lt",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.35"
},
{
"model": "fl switch 4824e-4gc",
"scope": "lt",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.35"
},
{
"model": "fl switch 4808e-16fx sm lc-4gc",
"scope": "lt",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.35"
},
{
"model": "fl switch 4008t-2sfp",
"scope": "lt",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.35"
},
{
"model": "fl switch 4000t-8poe-2sfp-r",
"scope": "lt",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.35"
},
{
"model": "fl switch 3016e",
"scope": "lt",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.35"
},
{
"model": "fl switch 4808e-16fx sm st-4gc",
"scope": "lt",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.35"
},
{
"model": "fl switch 4808e-16fx st-4gc",
"scope": "lt",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.35"
},
{
"model": "fl switch 4808e-16fx lc-4gc",
"scope": "lt",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.35"
},
{
"model": "fl switch 4012t-2gt-2fx st",
"scope": "lt",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.35"
},
{
"model": "fl switch 4808e-16fx sm-4gc",
"scope": "lt",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.35"
},
{
"model": "fl switch 4012t 2gt 2fx",
"scope": "lt",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.35"
},
{
"model": "fl switch 3004t-fx st",
"scope": "lt",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.35"
},
{
"model": "fl switch 3008",
"scope": "lt",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.35"
},
{
"model": "fl switch 3016",
"scope": "lt",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.35"
},
{
"model": "fl switch 3006t-2fx sm",
"scope": "lt",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.35"
},
{
"model": "fl switch 3004t-fx st",
"scope": "lt",
"trust": 0.8,
"vendor": "phoenix contact",
"version": "1.35"
},
{
"model": "fl switch 3004t-fx",
"scope": "lt",
"trust": 0.8,
"vendor": "phoenix contact",
"version": "1.35"
},
{
"model": "fl switch 3005",
"scope": "lt",
"trust": 0.8,
"vendor": "phoenix contact",
"version": "1.35"
},
{
"model": "fl switch 3005t",
"scope": "lt",
"trust": 0.8,
"vendor": "phoenix contact",
"version": "1.35"
},
{
"model": "fl switch 3006t-2fx st",
"scope": "lt",
"trust": 0.8,
"vendor": "phoenix contact",
"version": "1.35"
},
{
"model": "fl switch 3006t-2fx",
"scope": "lt",
"trust": 0.8,
"vendor": "phoenix contact",
"version": "1.35"
},
{
"model": "fl switch 3008",
"scope": "lt",
"trust": 0.8,
"vendor": "phoenix contact",
"version": "1.35"
},
{
"model": "fl switch 3008t",
"scope": "lt",
"trust": 0.8,
"vendor": "phoenix contact",
"version": "1.35"
},
{
"model": "fl switch 3012e-2sfx",
"scope": "lt",
"trust": 0.8,
"vendor": "phoenix contact",
"version": "1.35"
},
{
"model": "fl switch 3016e",
"scope": "lt",
"trust": 0.8,
"vendor": "phoenix contact",
"version": "1.35"
},
{
"model": "contact fl switch series",
"scope": "eq",
"trust": 0.3,
"vendor": "phoenix",
"version": "4xxx1.32"
},
{
"model": "contact fl switch series",
"scope": "eq",
"trust": 0.3,
"vendor": "phoenix",
"version": "4xxx1.0"
},
{
"model": "contact fl switch series",
"scope": "eq",
"trust": 0.3,
"vendor": "phoenix",
"version": "48xx1.32"
},
{
"model": "contact fl switch series",
"scope": "eq",
"trust": 0.3,
"vendor": "phoenix",
"version": "48xx1.0"
},
{
"model": "contact fl switch series",
"scope": "eq",
"trust": 0.3,
"vendor": "phoenix",
"version": "3xxx1.32"
},
{
"model": "contact fl switch series",
"scope": "eq",
"trust": 0.3,
"vendor": "phoenix",
"version": "3xxx1.0"
},
{
"model": "contact fl switch series",
"scope": "ne",
"trust": 0.3,
"vendor": "phoenix",
"version": "4xxx1.35"
},
{
"model": "contact fl switch series",
"scope": "ne",
"trust": 0.3,
"vendor": "phoenix",
"version": "48xx1.35"
},
{
"model": "contact fl switch series",
"scope": "ne",
"trust": 0.3,
"vendor": "phoenix",
"version": "3xxx1.35"
}
],
"sources": [
{
"db": "BID",
"id": "106737"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015406"
},
{
"db": "NVD",
"id": "CVE-2018-13990"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_3005_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.35",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_3005:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_3005t_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.35",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_3005t:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_3004t-fx_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.35",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_3004t-fx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_3004t-fx_st_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.35",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_3004t-fx_st:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_3008_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.35",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_3008:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_3008t_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.35",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_3008t:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_3006t-2fx_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.35",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_3006t-2fx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_3006t-2fx_st_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.35",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_3006t-2fx_st:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_3012e-2sfx_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.35",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_3012e-2sfx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_3016e_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.35",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_3016e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_3016_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.35",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_3016:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_3016t_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.35",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_3016t:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_3006t-2fx_sm_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.35",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_3006t-2fx_sm:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_4008t-2sfp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.35",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_4008t-2sfp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_4008t-2gt-4fx_sm_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.35",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_4008t-2gt-4fx_sm:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_4008t-2gt-3fx_sm_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.35",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_4008t-2gt-3fx_sm:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_4808e-16fx_lc-4gc_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.35",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_4808e-16fx_lc-4gc:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_4808e-16fx_sm-4gc_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.35",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_4808e-16fx_sm-4gc:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_4808e-16fx_sm_st-4gc_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.35",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_4808e-16fx_sm_st-4gc:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_4808e-16fx_st-4gc_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.35",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_4808e-16fx_st-4gc:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_4808e-16fx-4gc_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.35",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_4808e-16fx-4gc:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_4808e-16fx_sm_lc-4gc_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.35",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_4808e-16fx_sm_lc-4gc:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_4012t_2gt_2fx_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.35",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_4012t_2gt_2fx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_4012t-2gt-2fx_st_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.35",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_4012t-2gt-2fx_st:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_4824e-4gc_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.35",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_4824e-4gc:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_4800e-24fx-4gc_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.35",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_4800e-24fx-4gc:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_4800e-24fx_sm-4gc_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.35",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_4800e-24fx_sm-4gc:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_3012e-2fx_sm_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.35",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_3012e-2fx_sm:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_4000t-8poe-2sfp-r_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.35",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_4000t-8poe-2sfp-r:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-13990"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "working with Evgeniy Druzhinin,Phoenix Contact, Ilya Karpov, and Georgy Zaytsev of Positive Technologies.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-891"
}
],
"trust": 0.6
},
"cve": "CVE-2018-13990",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-13990",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cve@mitre.org",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 4.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-13990",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-13990",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "cve@mitre.org",
"id": "CVE-2018-13990",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201901-891",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2018-13990",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-13990"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015406"
},
{
"db": "NVD",
"id": "CVE-2018-13990"
},
{
"db": "NVD",
"id": "CVE-2018-13990"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-891"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions prior to 1.35 is vulnerable to brute-force attacks, because of Improper Restriction of Excessive Authentication Attempts. plural PHOENIX CONTACT FL SWITCH The product contains authentication vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PHOENIX CONTACT FL SWITCH Series are prone to the following security vulnerabilities:\n1. A cross-site request-forgery vulnerability. \n2. An authentication-bypass vulnerability. \n3. Multiple information-disclosure vulnerabilities. \n4. A denial-of-service vulnerability. \nAttackers can exploit these issues to bypass the authentication process, obtain sensitive information, and perform unauthorized actions. Failed exploit attempts will likely cause a denial-of-service condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-13990"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015406"
},
{
"db": "BID",
"id": "106737"
},
{
"db": "VULMON",
"id": "CVE-2018-13990"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-19-024-02",
"trust": 2.8
},
{
"db": "NVD",
"id": "CVE-2018-13990",
"trust": 2.8
},
{
"db": "BID",
"id": "106737",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015406",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201901-891",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2018-13990",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-13990"
},
{
"db": "BID",
"id": "106737"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015406"
},
{
"db": "NVD",
"id": "CVE-2018-13990"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-891"
}
]
},
"id": "VAR-201905-0723",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.6666667
},
"last_update_date": "2023-12-18T11:02:09.599000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.phoenixcontact.com/online/portal/pc"
},
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2019/02/11/phoenix_switch_flaws/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-13990"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015406"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015406"
},
{
"db": "NVD",
"id": "CVE-2018-13990"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-024-02"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/106737"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-13990"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13990"
},
{
"trust": 0.3,
"url": "https://www.phoenixcontact.com/online/portal/pc"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/287.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-13990"
},
{
"db": "BID",
"id": "106737"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015406"
},
{
"db": "NVD",
"id": "CVE-2018-13990"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-891"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2018-13990"
},
{
"db": "BID",
"id": "106737"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015406"
},
{
"db": "NVD",
"id": "CVE-2018-13990"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-891"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-06T00:00:00",
"db": "VULMON",
"id": "CVE-2018-13990"
},
{
"date": "2019-01-24T00:00:00",
"db": "BID",
"id": "106737"
},
{
"date": "2019-06-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015406"
},
{
"date": "2019-05-06T19:29:00.467000",
"db": "NVD",
"id": "CVE-2018-13990"
},
{
"date": "2019-01-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-891"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2018-13990"
},
{
"date": "2019-01-24T00:00:00",
"db": "BID",
"id": "106737"
},
{
"date": "2019-06-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015406"
},
{
"date": "2019-10-09T23:34:37.433000",
"db": "NVD",
"id": "CVE-2018-13990"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-891"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-891"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural PHOENIX CONTACT FL SWITCH Authentication vulnerabilities in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015406"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-891"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…