1. Home
  2. CVE Database
  3. CVE-2018-13993
HIGH · 8.8

CVE-2018-13993

The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is prone to CSRF.

Vulnerability Description

The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is prone to CSRF.

CVSS Score

8.8

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
PhoenixcontactFl Switch 3005 Firmware>= 1.0, <= 1.34
PhoenixcontactFl Switch 3005-
PhoenixcontactFl Switch 3005T Firmware>= 1.0, <= 1.34
PhoenixcontactFl Switch 3005T-
PhoenixcontactFl Switch 3004T-Fx Firmware>= 1.0, <= 1.34
PhoenixcontactFl Switch 3004T-Fx-
PhoenixcontactFl Switch 3004T-Fx St Firmware>= 1.0, <= 1.34
PhoenixcontactFl Switch 3004T-Fx St-
PhoenixcontactFl Switch 3008 Firmware>= 1.0, <= 1.34
PhoenixcontactFl Switch 3008-
PhoenixcontactFl Switch 3008T Firmware>= 1.0, <= 1.34
PhoenixcontactFl Switch 3008T-
PhoenixcontactFl Switch 3006T-2Fx Firmware>= 1.0, <= 1.34
PhoenixcontactFl Switch 3006T-2Fx-
PhoenixcontactFl Switch 3006T-2Fx St Firmware>= 1.0, <= 1.34
PhoenixcontactFl Switch 3006T-2Fx St-
PhoenixcontactFl Switch 3012E-2Sfx Firmware>= 1.0, <= 1.34
PhoenixcontactFl Switch 3012E-2Sfx-
PhoenixcontactFl Switch 3016E Firmware>= 1.0, <= 1.34
PhoenixcontactFl Switch 3016E-

Related Weaknesses (CWE)

CWE-352

References

FAQ

What is CVE-2018-13993?

CVE-2018-13993 is a vulnerability with a CVSS score of 8.8 (HIGH). The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is prone to CSRF.

How severe is CVE-2018-13993?

CVE-2018-13993 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-13993?

Check the references section above for vendor advisories and patch information. Affected products include: Phoenixcontact Fl Switch 3005 Firmware, Phoenixcontact Fl Switch 3005, Phoenixcontact Fl Switch 3005T Firmware, Phoenixcontact Fl Switch 3005T, Phoenixcontact Fl Switch 3004T-Fx Firmware.