CVE-2018-13990 : The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions prior to 1.35 i

The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions prior to 1.35 is vulnerable to brute-force attacks, because of Improper Restriction of Excessive Authentication Attempts.

Published 2019-05-06 19:29:00

Updated 2019-10-09 23:34:37

Source MITRE

View at NVD, CVE.org

Vulnerability category: BypassGain privilege

Products affected by CVE-2018-13990

Phoenixcontact » Fl Switch 3005 Firmware
Versions before (<) 1.35
cpe:2.3:o:phoenixcontact:fl_switch_3005_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Phoenixcontact » Fl Switch 3005 » Version: N/A
Phoenixcontact » Fl Switch 3005t Firmware
Versions before (<) 1.35
cpe:2.3:o:phoenixcontact:fl_switch_3005t_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Phoenixcontact » Fl Switch 3005t » Version: N/A
Phoenixcontact » Fl Switch 3004t-fx Firmware
Versions before (<) 1.35
cpe:2.3:o:phoenixcontact:fl_switch_3004t-fx_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Phoenixcontact » Fl Switch 3004t-fx » Version: N/A
Phoenixcontact » Fl Switch 3004t-fx St Firmware
Versions before (<) 1.35
cpe:2.3:o:phoenixcontact:fl_switch_3004t-fx_st_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Phoenixcontact » Fl Switch 3004t-fx St » Version: N/A
Phoenixcontact » Fl Switch 3008 Firmware
Versions before (<) 1.35
cpe:2.3:o:phoenixcontact:fl_switch_3008_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Phoenixcontact » Fl Switch 3008 » Version: N/A
Phoenixcontact » Fl Switch 3008t Firmware
Versions before (<) 1.35
cpe:2.3:o:phoenixcontact:fl_switch_3008t_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Phoenixcontact » Fl Switch 3008t » Version: N/A
Phoenixcontact » Fl Switch 3006t-2fx Firmware
Versions before (<) 1.35
cpe:2.3:o:phoenixcontact:fl_switch_3006t-2fx_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Phoenixcontact » Fl Switch 3006t-2fx » Version: N/A
Phoenixcontact » Fl Switch 3006t-2fx St Firmware
Versions before (<) 1.35
cpe:2.3:o:phoenixcontact:fl_switch_3006t-2fx_st_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Phoenixcontact » Fl Switch 3006t-2fx St » Version: N/A
Phoenixcontact » Fl Switch 3012e-2sfx Firmware
Versions before (<) 1.35
cpe:2.3:o:phoenixcontact:fl_switch_3012e-2sfx_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Phoenixcontact » Fl Switch 3012e-2sfx » Version: N/A
Phoenixcontact » Fl Switch 3016e Firmware
Versions before (<) 1.35
cpe:2.3:o:phoenixcontact:fl_switch_3016e_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Phoenixcontact » Fl Switch 3016e » Version: N/A
Phoenixcontact » Fl Switch 3016 Firmware
Versions before (<) 1.35
cpe:2.3:o:phoenixcontact:fl_switch_3016_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Phoenixcontact » Fl Switch 3016 » Version: N/A
Phoenixcontact » Fl Switch 3016t Firmware
Versions before (<) 1.35
cpe:2.3:o:phoenixcontact:fl_switch_3016t_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Phoenixcontact » Fl Switch 3016t » Version: N/A
Phoenixcontact » Fl Switch 3006t-2fx Sm Firmware
Versions before (<) 1.35
cpe:2.3:o:phoenixcontact:fl_switch_3006t-2fx_sm_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Phoenixcontact » Fl Switch 3006t-2fx Sm » Version: N/A
Phoenixcontact » Fl Switch 4008t-2sfp Firmware
Versions before (<) 1.35
cpe:2.3:o:phoenixcontact:fl_switch_4008t-2sfp_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Phoenixcontact » Fl Switch 4008t-2sfp » Version: N/A
Phoenixcontact » Fl Switch 4008t-2gt-4fx Sm Firmware
Versions before (<) 1.35
cpe:2.3:o:phoenixcontact:fl_switch_4008t-2gt-4fx_sm_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Phoenixcontact » Fl Switch 4008t-2gt-4fx Sm » Version: N/A
Phoenixcontact » Fl Switch 4008t-2gt-3fx Sm Firmware
Versions before (<) 1.35
cpe:2.3:o:phoenixcontact:fl_switch_4008t-2gt-3fx_sm_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Phoenixcontact » Fl Switch 4008t-2gt-3fx Sm » Version: N/A
Phoenixcontact » Fl Switch 4808e-16fx Lc-4gc Firmware
Versions before (<) 1.35
cpe:2.3:o:phoenixcontact:fl_switch_4808e-16fx_lc-4gc_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Phoenixcontact » Fl Switch 4808e-16fx Lc-4gc » Version: N/A
Phoenixcontact » Fl Switch 4808e-16fx Sm-4gc Firmware
Versions before (<) 1.35
cpe:2.3:o:phoenixcontact:fl_switch_4808e-16fx_sm-4gc_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Phoenixcontact » Fl Switch 4808e-16fx Sm-4gc » Version: N/A
Phoenixcontact » Fl Switch 4808e-16fx Sm St-4gc Firmware
Versions before (<) 1.35
cpe:2.3:o:phoenixcontact:fl_switch_4808e-16fx_sm_st-4gc_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Phoenixcontact » Fl Switch 4808e-16fx Sm St-4gc » Version: N/A
Phoenixcontact » Fl Switch 4808e-16fx St-4gc Firmware
Versions before (<) 1.35
cpe:2.3:o:phoenixcontact:fl_switch_4808e-16fx_st-4gc_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Phoenixcontact » Fl Switch 4808e-16fx St-4gc » Version: N/A
Phoenixcontact » Fl Switch 4808e-16fx-4gc Firmware
Versions before (<) 1.35
cpe:2.3:o:phoenixcontact:fl_switch_4808e-16fx-4gc_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Phoenixcontact » Fl Switch 4808e-16fx-4gc » Version: N/A
Phoenixcontact » Fl Switch 4808e-16fx Sm Lc-4gc Firmware
Versions before (<) 1.35
cpe:2.3:o:phoenixcontact:fl_switch_4808e-16fx_sm_lc-4gc_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Phoenixcontact » Fl Switch 4808e-16fx Sm Lc-4gc » Version: N/A
Phoenixcontact » Fl Switch 4012t 2gt 2fx Firmware
Versions before (<) 1.35
cpe:2.3:o:phoenixcontact:fl_switch_4012t_2gt_2fx_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Phoenixcontact » Fl Switch 4012t 2gt 2fx » Version: N/A
Phoenixcontact » Fl Switch 4012t-2gt-2fx St Firmware
Versions before (<) 1.35
cpe:2.3:o:phoenixcontact:fl_switch_4012t-2gt-2fx_st_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Phoenixcontact » Fl Switch 4012t-2gt-2fx St » Version: N/A
Phoenixcontact » Fl Switch 4824e-4gc Firmware
Versions before (<) 1.35
cpe:2.3:o:phoenixcontact:fl_switch_4824e-4gc_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Phoenixcontact » Fl Switch 4824e-4gc » Version: N/A
Phoenixcontact » Fl Switch 4800e-24fx-4gc Firmware
Versions before (<) 1.35
cpe:2.3:o:phoenixcontact:fl_switch_4800e-24fx-4gc_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Phoenixcontact » Fl Switch 4800e-24fx-4gc » Version: N/A
Phoenixcontact » Fl Switch 4800e-24fx Sm-4gc Firmware
Versions before (<) 1.35
cpe:2.3:o:phoenixcontact:fl_switch_4800e-24fx_sm-4gc_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Phoenixcontact » Fl Switch 4800e-24fx Sm-4gc » Version: N/A
Phoenixcontact » Fl Switch 3012e-2fx Sm Firmware
Versions before (<) 1.35
cpe:2.3:o:phoenixcontact:fl_switch_3012e-2fx_sm_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Phoenixcontact » Fl Switch 3012e-2fx Sm » Version: N/A
Phoenixcontact » Fl Switch 4000t-8poe-2sfp-r Firmware
Versions before (<) 1.35
cpe:2.3:o:phoenixcontact:fl_switch_4000t-8poe-2sfp-r_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Phoenixcontact » Fl Switch 4000t-8poe-2sfp-r » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2018-13990

EPSS FAQ

1.05%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 76 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2018-13990

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
8.6	HIGH	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L	3.9	4.7	MITRE
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: Low Availability: Low
9.8	CRITICAL	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2018-13990

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2018-13990

https://ics-cert.us-cert.gov/advisories/ICSA-19-024-02

PHOENIX CONTACT FL SWITCH | CISA
US Government Resource;Third Party Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/106737

PHOENIX CONTACT FL SWITCH Series Multiple Security Vulnerabilities
Third Party Advisory;VDB Entry

CVEs referencing this url

Jump to

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!