Lucene search

[email protected]CVE-2018-13994

HistoryMay 07, 2019 - 6:29 p.m.

CVE-2018-13994

2019-05-0718:29:00

CWE-400

[email protected]

web.nvd.nist.gov

webui

phoenix contact

fl switch

vulnerability

denial-of-service

nvd

cve-2018-13994

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

9.3 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

42.2%

JSON

The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is vulnerable to a denial-of-service attack by making more than 120 connections.

CPENameOperatorVersion
phoenixcontact:fl_switch_3005_firmwarephoenixcontact fl switch 3005 firmwarele1.34
phoenixcontact:fl_switch_3005t_firmwarephoenixcontact fl switch 3005t firmwarele1.34
phoenixcontact:fl_switch_3004t-fx_firmwarephoenixcontact fl switch 3004t-fx firmwarele1.34
phoenixcontact:fl_switch_3004t-fx_st_firmwarephoenixcontact fl switch 3004t-fx st firmwarele1.34
phoenixcontact:fl_switch_3008_firmwarephoenixcontact fl switch 3008 firmwarele1.34
phoenixcontact:fl_switch_3008t_firmwarephoenixcontact fl switch 3008t firmwarele1.34
phoenixcontact:fl_switch_3006t-2fx_firmwarephoenixcontact fl switch 3006t-2fx firmwarele1.34
phoenixcontact:fl_switch_3006t-2fx_st_firmwarephoenixcontact fl switch 3006t-2fx st firmwarele1.34
phoenixcontact:fl_switch_3012e-2sfx_firmwarephoenixcontact fl switch 3012e-2sfx firmwarele1.34
phoenixcontact:fl_switch_3016e_firmwarephoenixcontact fl switch 3016e firmwarele1.34

CPE	Name	Operator	Version
phoenixcontact:fl_switch_3005_firmware	phoenixcontact fl switch 3005 firmware	le	1.34
phoenixcontact:fl_switch_3005t_firmware	phoenixcontact fl switch 3005t firmware	le	1.34
phoenixcontact:fl_switch_3004t-fx_firmware	phoenixcontact fl switch 3004t-fx firmware	le	1.34
phoenixcontact:fl_switch_3004t-fx_st_firmware	phoenixcontact fl switch 3004t-fx st firmware	le	1.34
phoenixcontact:fl_switch_3008_firmware	phoenixcontact fl switch 3008 firmware	le	1.34
phoenixcontact:fl_switch_3008t_firmware	phoenixcontact fl switch 3008t firmware	le	1.34
phoenixcontact:fl_switch_3006t-2fx_firmware	phoenixcontact fl switch 3006t-2fx firmware	le	1.34
phoenixcontact:fl_switch_3006t-2fx_st_firmware	phoenixcontact fl switch 3006t-2fx st firmware	le	1.34
phoenixcontact:fl_switch_3012e-2sfx_firmware	phoenixcontact fl switch 3012e-2sfx firmware	le	1.34
phoenixcontact:fl_switch_3016e_firmware	phoenixcontact fl switch 3016e firmware	le	1.34

Rows per page:

1-10 of 291

References

www.securityfocus.com/bid/106737

ics-cert.us-cert.gov/advisories/ICSA-19-024-02

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

9.3 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

42.2%

JSON

Related for CVE-2018-13994

prion1 ics1