var-201905-0726
Vulnerability from variot
The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 allows for plaintext transmission (HTTP) of user credentials by default. plural PHOENIX CONTACT FL SWITCH The product contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PHOENIX CONTACT FL SWITCH Series are prone to the following security vulnerabilities: 1. A cross-site request-forgery vulnerability. 2. An authentication-bypass vulnerability. 3. Multiple information-disclosure vulnerabilities. 4. A denial-of-service vulnerability. Attackers can exploit these issues to bypass the authentication process, obtain sensitive information, and perform unauthorized actions. Failed exploit attempts will likely cause a denial-of-service condition
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201905-0726", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "fl switch 3012e-2fx sm", "scope": "lte", "trust": 1.0, "vendor": "phoenixcontact", "version": "1.34" }, { "model": "fl switch 3005t", "scope": "lte", "trust": 1.0, "vendor": "phoenixcontact", "version": "1.34" }, { "model": "fl switch 3012e-2fx sm", "scope": "gte", "trust": 1.0, "vendor": "phoenixcontact", "version": "1.0" }, { "model": "fl switch 3005t", "scope": "gte", "trust": 1.0, "vendor": "phoenixcontact", "version": "1.0" }, { "model": "fl switch 3012e-2sfx", "scope": "lte", "trust": 1.0, "vendor": "phoenixcontact", "version": "1.34" }, { "model": "fl switch 4824e-4gc", "scope": "lte", "trust": 1.0, "vendor": "phoenixcontact", "version": "1.34" }, { "model": "fl switch 4012t 2gt 2fx", "scope": "gte", "trust": 1.0, "vendor": "phoenixcontact", "version": "1.0" }, { "model": "fl switch 3016e", "scope": "gte", "trust": 1.0, "vendor": "phoenixcontact", "version": "1.0" }, { "model": "fl switch 4008t-2sfp", "scope": "lte", "trust": 1.0, "vendor": "phoenixcontact", "version": "1.34" }, { "model": "fl switch 3008t", "scope": "gte", "trust": 1.0, "vendor": "phoenixcontact", "version": "1.0" }, { "model": "fl switch 3016e", "scope": "lte", "trust": 1.0, "vendor": "phoenixcontact", "version": "1.34" }, { "model": "fl switch 4008t-2sfp", "scope": "gte", "trust": 1.0, "vendor": "phoenixcontact", "version": "1.0" }, { "model": "fl switch 4008t-2gt-3fx sm", "scope": "lte", "trust": 1.0, "vendor": "phoenixcontact", "version": "1.34" }, { "model": "fl switch 4008t-2gt-3fx sm", "scope": "gte", "trust": 1.0, "vendor": "phoenixcontact", "version": "1.0" }, { "model": "fl switch 4012t-2gt-2fx st", "scope": "lte", "trust": 1.0, "vendor": "phoenixcontact", "version": "1.34" }, { "model": "fl switch 4012t-2gt-2fx st", "scope": "gte", "trust": 1.0, "vendor": "phoenixcontact", "version": "1.0" }, { "model": "fl switch 4808e-16fx lc-4gc", "scope": "lte", "trust": 1.0, "vendor": "phoenixcontact", "version": "1.34" }, { "model": "fl switch 3012e-2sfx", "scope": "gte", "trust": 1.0, "vendor": "phoenixcontact", "version": "1.0" }, { "model": "fl switch 4824e-4gc", "scope": "gte", "trust": 1.0, "vendor": "phoenixcontact", "version": "1.0" }, { "model": "fl switch 4808e-16fx lc-4gc", "scope": "gte", "trust": 1.0, "vendor": "phoenixcontact", "version": "1.0" }, { "model": "fl switch 4808e-16fx sm-4gc", "scope": "gte", "trust": 1.0, "vendor": "phoenixcontact", "version": "1.0" }, { "model": "fl switch 4808e-16fx sm-4gc", "scope": "lte", "trust": 1.0, "vendor": "phoenixcontact", "version": "1.34" }, { "model": "fl switch 3006t-2fx sm", "scope": "lte", "trust": 1.0, "vendor": "phoenixcontact", "version": "1.34" }, { "model": "fl switch 4808e-16fx sm st-4gc", "scope": "lte", "trust": 1.0, "vendor": "phoenixcontact", "version": "1.34" }, { "model": "fl switch 4808e-16fx sm st-4gc", "scope": "gte", "trust": 1.0, "vendor": "phoenixcontact", "version": "1.0" }, { "model": "fl switch 3005", "scope": "gt", "trust": 1.0, "vendor": "phoenixcontact", "version": "1.0" }, { "model": "fl switch 4008t-2gt-4fx sm", "scope": "lte", "trust": 1.0, "vendor": "phoenixcontact", "version": "1.34" }, { "model": "fl switch 3004t-fx st", "scope": "gte", "trust": 1.0, "vendor": "phoenixcontact", "version": "1.0" }, { "model": "fl switch 3006t-2fx", "scope": "lte", "trust": 1.0, "vendor": "phoenixcontact", "version": "1.34" }, { "model": "fl switch 3004t-fx st", "scope": "lte", "trust": 1.0, "vendor": "phoenixcontact", "version": "1.34" }, { "model": "fl switch 3006t-2fx sm", "scope": "gte", "trust": 1.0, "vendor": "phoenixcontact", "version": "1.0" }, { "model": "fl switch 4800e-24fx sm-4gc", "scope": "lte", "trust": 1.0, "vendor": "phoenixcontact", "version": "1.34" }, { "model": "fl switch 4808e-16fx-4gc", "scope": "lte", "trust": 1.0, "vendor": "phoenixcontact", "version": "1.34" }, { "model": "fl switch 4000t-8poe-2sfp-r", "scope": "lte", "trust": 1.0, "vendor": "phoenixcontact", "version": "1.34" }, { "model": "fl switch 4008t-2gt-4fx sm", "scope": "gte", "trust": 1.0, "vendor": "phoenixcontact", "version": "1.0" }, { "model": "fl switch 3016t", "scope": "gte", "trust": 1.0, "vendor": "phoenixcontact", "version": "1.0" }, { "model": "fl switch 3006t-2fx", "scope": "gte", "trust": 1.0, "vendor": "phoenixcontact", "version": "1.0" }, { "model": "fl switch 4800e-24fx sm-4gc", "scope": "gte", "trust": 1.0, "vendor": "phoenixcontact", "version": "1.0" }, { "model": "fl switch 3016t", "scope": "lte", "trust": 1.0, "vendor": "phoenixcontact", "version": "1.34" }, { "model": "fl switch 3004t-fx", "scope": "lte", "trust": 1.0, "vendor": "phoenixcontact", "version": "1.34" }, { "model": "fl switch 4808e-16fx-4gc", "scope": "gte", "trust": 1.0, "vendor": "phoenixcontact", "version": "1.0" }, { "model": "fl switch 4800e-24fx-4gc", "scope": "lte", "trust": 1.0, "vendor": "phoenixcontact", "version": "1.34" }, { "model": "fl switch 3004t-fx", "scope": "gte", "trust": 1.0, "vendor": "phoenixcontact", "version": "1.0" }, { "model": "fl switch 4800e-24fx-4gc", "scope": "gte", "trust": 1.0, "vendor": "phoenixcontact", "version": "1.0" }, { "model": "fl switch 4000t-8poe-2sfp-r", "scope": "gte", "trust": 1.0, "vendor": "phoenixcontact", "version": "1.0" }, { "model": "fl switch 3008", "scope": "gte", "trust": 1.0, "vendor": "phoenixcontact", "version": "1.0" }, { "model": "fl switch 3016", "scope": "gte", "trust": 1.0, "vendor": "phoenixcontact", "version": "1.0" }, { "model": "fl switch 3006t-2fx st", "scope": "lte", "trust": 1.0, "vendor": "phoenixcontact", "version": "1.34" }, { "model": "fl switch 3005", "scope": "lte", "trust": 1.0, "vendor": "phoenixcontact", "version": "1.34" }, { "model": "fl switch 3008", "scope": "lte", "trust": 1.0, "vendor": "phoenixcontact", "version": "1.34" }, { "model": "fl switch 3016", "scope": "lte", "trust": 1.0, "vendor": "phoenixcontact", "version": "1.34" }, { "model": "fl switch 4808e-16fx st-4gc", "scope": "lte", "trust": 1.0, "vendor": "phoenixcontact", "version": "1.34" }, { "model": "fl switch 4808e-16fx st-4gc", "scope": "gte", "trust": 1.0, "vendor": "phoenixcontact", "version": "1.0" }, { "model": "fl switch 4808e-16fx sm lc-4gc", "scope": "gte", "trust": 1.0, "vendor": "phoenixcontact", "version": "1.0" }, { "model": "fl switch 4012t 2gt 2fx", "scope": "lte", "trust": 1.0, "vendor": "phoenixcontact", "version": "1.34" }, { "model": "fl switch 3008t", "scope": "lte", "trust": 1.0, "vendor": "phoenixcontact", "version": "1.34" }, { "model": "fl switch 3006t-2fx st", "scope": "gte", "trust": 1.0, "vendor": "phoenixcontact", "version": "1.0" }, { "model": "fl switch 4808e-16fx sm lc-4gc", "scope": "lte", "trust": 1.0, "vendor": "phoenixcontact", "version": "1.34" }, { "model": "fl switch 3004t-fx st", "scope": "eq", "trust": 0.8, "vendor": "phoenix contact", "version": "1.0 to 1.34" }, { "model": "fl switch 3004t-fx", "scope": "eq", "trust": 0.8, "vendor": "phoenix contact", "version": "1.0 to 1.34" }, { "model": "fl switch 3005", "scope": "eq", "trust": 0.8, "vendor": "phoenix contact", "version": "1.0 to 1.34" }, { "model": "fl switch 3005t", "scope": "eq", "trust": 0.8, "vendor": "phoenix contact", "version": "1.0 to 1.34" }, { "model": "fl switch 3006t-2fx st", "scope": "eq", "trust": 0.8, "vendor": "phoenix contact", "version": "1.0 to 1.34" }, { "model": "fl switch 3006t-2fx", "scope": "eq", "trust": 0.8, "vendor": "phoenix contact", "version": "1.0 to 1.34" }, { "model": "fl switch 3008", "scope": "eq", "trust": 0.8, "vendor": "phoenix contact", "version": "1.0 to 1.34" }, { "model": "fl switch 3008t", "scope": "eq", "trust": 0.8, "vendor": "phoenix contact", "version": "1.0 to 1.34" }, { "model": "fl switch 3012e-2sfx", "scope": "eq", "trust": 0.8, "vendor": "phoenix contact", "version": "1.0 to 1.34" }, { "model": "fl switch 3016e", "scope": "eq", "trust": 0.8, "vendor": "phoenix contact", "version": "1.0 to 1.34" }, { "model": "contact fl switch series", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "4xxx1.32" }, { "model": "contact fl switch series", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "4xxx1.0" }, { "model": "contact fl switch series", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "48xx1.32" }, { "model": "contact fl switch series", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "48xx1.0" }, { "model": "contact fl switch series", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "3xxx1.32" }, { "model": "contact fl switch series", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "3xxx1.0" }, { "model": "contact fl switch series", "scope": "ne", "trust": 0.3, "vendor": "phoenix", "version": "4xxx1.35" }, { "model": "contact fl switch series", "scope": "ne", "trust": 0.3, "vendor": "phoenix", "version": "48xx1.35" }, { "model": "contact fl switch series", "scope": "ne", "trust": 0.3, "vendor": "phoenix", "version": "3xxx1.35" } ], "sources": [ { "db": "BID", "id": "106737" }, { "db": "JVNDB", "id": "JVNDB-2018-015395" }, { "db": "NVD", "id": "CVE-2018-13992" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_3005_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.34", "versionStartExcluding": "1.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_3005:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_3005t_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.34", "versionStartIncluding": "1.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_3005t:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_3004t-fx_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.34", "versionStartIncluding": "1.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_3004t-fx:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_3004t-fx_st_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.34", "versionStartIncluding": "1.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_3004t-fx_st:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_3008_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.34", "versionStartIncluding": "1.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_3008:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_3008t_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.34", "versionStartIncluding": "1.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_3008t:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_3006t-2fx_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.34", "versionStartIncluding": "1.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_3006t-2fx:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_3006t-2fx_st_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.34", "versionStartIncluding": "1.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_3006t-2fx_st:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_3012e-2sfx_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.34", "versionStartIncluding": "1.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_3012e-2sfx:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_3016e_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.34", "versionStartIncluding": "1.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_3016e:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_3016_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.34", "versionStartIncluding": "1.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_3016:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_3016t_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.34", "versionStartIncluding": "1.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_3016t:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_3006t-2fx_sm_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.34", "versionStartIncluding": "1.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_3006t-2fx_sm:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_4008t-2sfp_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.34", "versionStartIncluding": "1.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_4008t-2sfp:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_4008t-2gt-4fx_sm_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.34", "versionStartIncluding": "1.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_4008t-2gt-4fx_sm:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_4008t-2gt-3fx_sm_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.34", "versionStartIncluding": "1.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_4008t-2gt-3fx_sm:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_4808e-16fx_lc-4gc_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.34", "versionStartIncluding": "1.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_4808e-16fx_lc-4gc:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_4808e-16fx_sm-4gc_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.34", "versionStartIncluding": "1.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_4808e-16fx_sm-4gc:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_4808e-16fx_sm_st-4gc_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.34", "versionStartIncluding": "1.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_4808e-16fx_sm_st-4gc:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_4808e-16fx_st-4gc_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.34", "versionStartIncluding": "1.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_4808e-16fx_st-4gc:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_4808e-16fx-4gc_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.34", "versionStartIncluding": "1.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_4808e-16fx-4gc:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_4808e-16fx_sm_lc-4gc_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.34", "versionStartIncluding": "1.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_4808e-16fx_sm_lc-4gc:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_4012t_2gt_2fx_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.34", "versionStartIncluding": "1.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_4012t_2gt_2fx:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_4012t-2gt-2fx_st_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.34", "versionStartIncluding": "1.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_4012t-2gt-2fx_st:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_4824e-4gc_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.34", "versionStartIncluding": "1.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_4824e-4gc:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_4800e-24fx-4gc_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.34", "versionStartIncluding": "1.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_4800e-24fx-4gc:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_4800e-24fx_sm-4gc_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.34", "versionStartIncluding": "1.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_4800e-24fx_sm-4gc:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_3012e-2fx_sm_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.34", "versionStartIncluding": "1.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_3012e-2fx_sm:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:fl_switch_4000t-8poe-2sfp-r_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.34", "versionStartIncluding": "1.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:fl_switch_4000t-8poe-2sfp-r:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2018-13992" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "working with Evgeniy Druzhinin,Phoenix Contact, Ilya Karpov, and Georgy Zaytsev of Positive Technologies.", "sources": [ { "db": "CNNVD", "id": "CNNVD-201901-893" } ], "trust": 0.6 }, "cve": "CVE-2018-13992", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.0, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2018-13992", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "cve@mitre.org", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 4.2, "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2018-13992", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2018-13992", "trust": 1.8, "value": "CRITICAL" }, { "author": "cve@mitre.org", "id": "CVE-2018-13992", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201901-893", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULMON", "id": "CVE-2018-13992", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2018-13992" }, { "db": "JVNDB", "id": "JVNDB-2018-015395" }, { "db": "NVD", "id": "CVE-2018-13992" }, { "db": "NVD", "id": "CVE-2018-13992" }, { "db": "CNNVD", "id": "CNNVD-201901-893" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 allows for plaintext transmission (HTTP) of user credentials by default. plural PHOENIX CONTACT FL SWITCH The product contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PHOENIX CONTACT FL SWITCH Series are prone to the following security vulnerabilities:\n1. A cross-site request-forgery vulnerability. \n2. An authentication-bypass vulnerability. \n3. Multiple information-disclosure vulnerabilities. \n4. A denial-of-service vulnerability. \nAttackers can exploit these issues to bypass the authentication process, obtain sensitive information, and perform unauthorized actions. Failed exploit attempts will likely cause a denial-of-service condition", "sources": [ { "db": "NVD", "id": "CVE-2018-13992" }, { "db": "JVNDB", "id": "JVNDB-2018-015395" }, { "db": "BID", "id": "106737" }, { "db": "VULMON", "id": "CVE-2018-13992" } ], "trust": 1.98 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "ICS CERT", "id": "ICSA-19-024-02", "trust": 2.8 }, { "db": "NVD", "id": "CVE-2018-13992", "trust": 2.8 }, { "db": "BID", "id": "106737", "trust": 2.0 }, { "db": "JVNDB", "id": "JVNDB-2018-015395", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201901-893", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2018-13992", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2018-13992" }, { "db": "BID", "id": "106737" }, { "db": "JVNDB", "id": "JVNDB-2018-015395" }, { "db": "NVD", "id": "CVE-2018-13992" }, { "db": "CNNVD", "id": "CNNVD-201901-893" } ] }, "id": "VAR-201905-0726", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.6666667 }, "last_update_date": "2023-12-18T11:51:00.848000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Top Page", "trust": 0.8, "url": "https://www.phoenixcontact.com/online/portal/pc" }, { "title": "The Register", "trust": 0.2, "url": "https://www.theregister.co.uk/2019/02/11/phoenix_switch_flaws/" } ], "sources": [ { "db": "VULMON", "id": "CVE-2018-13992" }, { "db": "JVNDB", "id": "JVNDB-2018-015395" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-311", "trust": 1.0 }, { "problemtype": "CWE-255", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-015395" }, { "db": "NVD", "id": "CVE-2018-13992" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.9, "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-024-02" }, { "trust": 2.4, "url": "http://www.securityfocus.com/bid/106737" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-13992" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13992" }, { "trust": 0.3, "url": "https://www.phoenixcontact.com/online/portal/pc" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/311.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULMON", "id": "CVE-2018-13992" }, { "db": "BID", "id": "106737" }, { "db": "JVNDB", "id": "JVNDB-2018-015395" }, { "db": "NVD", "id": "CVE-2018-13992" }, { "db": "CNNVD", "id": "CNNVD-201901-893" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2018-13992" }, { "db": "BID", "id": "106737" }, { "db": "JVNDB", "id": "JVNDB-2018-015395" }, { "db": "NVD", "id": "CVE-2018-13992" }, { "db": "CNNVD", "id": "CNNVD-201901-893" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-05-07T00:00:00", "db": "VULMON", "id": "CVE-2018-13992" }, { "date": "2019-01-24T00:00:00", "db": "BID", "id": "106737" }, { "date": "2019-06-03T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-015395" }, { "date": "2019-05-07T18:29:00.393000", "db": "NVD", "id": "CVE-2018-13992" }, { "date": "2019-01-25T00:00:00", "db": "CNNVD", "id": "CNNVD-201901-893" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-08-24T00:00:00", "db": "VULMON", "id": "CVE-2018-13992" }, { "date": "2019-01-24T00:00:00", "db": "BID", "id": "106737" }, { "date": "2019-06-03T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-015395" }, { "date": "2020-08-24T17:37:01.140000", "db": "NVD", "id": "CVE-2018-13992" }, { "date": "2020-08-25T00:00:00", "db": "CNNVD", "id": "CNNVD-201901-893" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201901-893" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural PHOENIX CONTACT FL SWITCH Vulnerabilities related to certificate and password management in products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-015395" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "trust management problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-201901-893" } ], "trust": 0.6 } }
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.