Vulnerability Description
The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 allows for plaintext transmission (HTTP) of user credentials by default.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Phoenixcontact | Fl Switch 3005 Firmware | <= 1.34 |
| Phoenixcontact | Fl Switch 3005 | - |
| Phoenixcontact | Fl Switch 3005T Firmware | >= 1.0, <= 1.34 |
| Phoenixcontact | Fl Switch 3005T | - |
| Phoenixcontact | Fl Switch 3004T-Fx Firmware | >= 1.0, <= 1.34 |
| Phoenixcontact | Fl Switch 3004T-Fx | - |
| Phoenixcontact | Fl Switch 3004T-Fx St Firmware | >= 1.0, <= 1.34 |
| Phoenixcontact | Fl Switch 3004T-Fx St | - |
| Phoenixcontact | Fl Switch 3008 Firmware | >= 1.0, <= 1.34 |
| Phoenixcontact | Fl Switch 3008 | - |
| Phoenixcontact | Fl Switch 3008T Firmware | >= 1.0, <= 1.34 |
| Phoenixcontact | Fl Switch 3008T | - |
| Phoenixcontact | Fl Switch 3006T-2Fx Firmware | >= 1.0, <= 1.34 |
| Phoenixcontact | Fl Switch 3006T-2Fx | - |
| Phoenixcontact | Fl Switch 3006T-2Fx St Firmware | >= 1.0, <= 1.34 |
| Phoenixcontact | Fl Switch 3006T-2Fx St | - |
| Phoenixcontact | Fl Switch 3012E-2Sfx Firmware | >= 1.0, <= 1.34 |
| Phoenixcontact | Fl Switch 3012E-2Sfx | - |
| Phoenixcontact | Fl Switch 3016E Firmware | >= 1.0, <= 1.34 |
| Phoenixcontact | Fl Switch 3016E | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/106737Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-19-024-02Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/106737Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-19-024-02Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2018-13992?
CVE-2018-13992 is a vulnerability with a CVSS score of 8.2 (HIGH). The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 allows for plaintext transmission (HTTP) of user credentials by default.
How severe is CVE-2018-13992?
CVE-2018-13992 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-13992?
Check the references section above for vendor advisories and patch information. Affected products include: Phoenixcontact Fl Switch 3005 Firmware, Phoenixcontact Fl Switch 3005, Phoenixcontact Fl Switch 3005T Firmware, Phoenixcontact Fl Switch 3005T, Phoenixcontact Fl Switch 3004T-Fx Firmware.