Details of VAR-201905-0723

ID

VAR-201905-0723

CVE

CVE-2018-13990

TITLE

plural PHOENIX CONTACT FL SWITCH Authentication vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-015406

DESCRIPTION

The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions prior to 1.35 is vulnerable to brute-force attacks, because of Improper Restriction of Excessive Authentication Attempts. plural PHOENIX CONTACT FL SWITCH The product contains authentication vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PHOENIX CONTACT FL SWITCH Series are prone to the following security vulnerabilities: 1. A cross-site request-forgery vulnerability. 2. An authentication-bypass vulnerability. 3. Multiple information-disclosure vulnerabilities. 4. A denial-of-service vulnerability. Attackers can exploit these issues to bypass the authentication process, obtain sensitive information, and perform unauthorized actions. Failed exploit attempts will likely cause a denial-of-service condition

Trust: 1.98

sources: NVD: CVE-2018-13990 // JVNDB: JVNDB-2018-015406 // BID: 106737 // VULMON: CVE-2018-13990

AFFECTED PRODUCTS

vendor:	phoenixcontact	model:	fl switch 3016t	scope:	lt	version:	1.35	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4808e-16fx sm lc-4gc	scope:	lt	version:	1.35	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3012e-2fx sm	scope:	lt	version:	1.35	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4000t-8poe-2sfp-r	scope:	lt	version:	1.35	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3008	scope:	lt	version:	1.35	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4808e-16fx sm-4gc	scope:	lt	version:	1.35	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3005t	scope:	lt	version:	1.35	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3006t-2fx sm	scope:	lt	version:	1.35	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4012t 2gt 2fx	scope:	lt	version:	1.35	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4008t-2gt-3fx sm	scope:	lt	version:	1.35	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3004t-fx	scope:	lt	version:	1.35	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4808e-16fx-4gc	scope:	lt	version:	1.35	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3008t	scope:	lt	version:	1.35	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4824e-4gc	scope:	lt	version:	1.35	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4808e-16fx sm st-4gc	scope:	lt	version:	1.35	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4800e-24fx sm-4gc	scope:	lt	version:	1.35	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3006t-2fx	scope:	lt	version:	1.35	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3016	scope:	lt	version:	1.35	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4008t-2gt-4fx sm	scope:	lt	version:	1.35	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3004t-fx st	scope:	lt	version:	1.35	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3012e-2sfx	scope:	lt	version:	1.35	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4012t-2gt-2fx st	scope:	lt	version:	1.35	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3006t-2fx st	scope:	lt	version:	1.35	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3016e	scope:	lt	version:	1.35	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3005	scope:	lt	version:	1.35	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4800e-24fx-4gc	scope:	lt	version:	1.35	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4808e-16fx st-4gc	scope:	lt	version:	1.35	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4008t-2sfp	scope:	lt	version:	1.35	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4808e-16fx lc-4gc	scope:	lt	version:	1.35	Trust: 1.0
vendor:	phoenix contact	model:	fl switch 3004t-fx st	scope:	lt	version:	1.35	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 3004t-fx	scope:	lt	version:	1.35	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 3005	scope:	lt	version:	1.35	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 3005t	scope:	lt	version:	1.35	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 3006t-2fx st	scope:	lt	version:	1.35	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 3006t-2fx	scope:	lt	version:	1.35	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 3008	scope:	lt	version:	1.35	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 3008t	scope:	lt	version:	1.35	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 3012e-2sfx	scope:	lt	version:	1.35	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 3016e	scope:	lt	version:	1.35	Trust: 0.8
vendor:	phoenix	model:	contact fl switch series	scope:	eq	version:	4xxx1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch series	scope:	eq	version:	4xxx1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch series	scope:	eq	version:	48xx1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch series	scope:	eq	version:	48xx1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch series	scope:	eq	version:	3xxx1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch series	scope:	eq	version:	3xxx1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch series	scope:	ne	version:	4xxx1.35	Trust: 0.3
vendor:	phoenix	model:	contact fl switch series	scope:	ne	version:	48xx1.35	Trust: 0.3
vendor:	phoenix	model:	contact fl switch series	scope:	ne	version:	3xxx1.35	Trust: 0.3

sources: BID: 106737 // JVNDB: JVNDB-2018-015406 // NVD: CVE-2018-13990

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-13990
value:	CRITICAL
Trust: 1.0
cve@mitre.org:	CVE-2018-13990
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-13990
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201901-891
value:	CRITICAL
Trust: 0.6
VULMON:	CVE-2018-13990
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-13990
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2018-13990
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8
cve@mitre.org:	CVE-2018-13990
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	4.7
version:	3.0
Trust: 1.0

sources: VULMON: CVE-2018-13990 // JVNDB: JVNDB-2018-015406 // CNNVD: CNNVD-201901-891 // NVD: CVE-2018-13990 // NVD: CVE-2018-13990

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.8

sources: JVNDB: JVNDB-2018-015406 // NVD: CVE-2018-13990

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-891

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201901-891

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-015406

PATCH

title:	Top Page	url:	https://www.phoenixcontact.com/online/portal/pc	Trust: 0.8
title:	The Register	url:	https://www.theregister.co.uk/2019/02/11/phoenix_switch_flaws/	Trust: 0.2

sources: VULMON: CVE-2018-13990 // JVNDB: JVNDB-2018-015406

EXTERNAL IDS

db:	ICS CERT	id:	ICSA-19-024-02	Trust: 2.8
db:	NVD	id:	CVE-2018-13990	Trust: 2.8
db:	BID	id:	106737	Trust: 2.0
db:	JVNDB	id:	JVNDB-2018-015406	Trust: 0.8
db:	CNNVD	id:	CNNVD-201901-891	Trust: 0.6
db:	VULMON	id:	CVE-2018-13990	Trust: 0.1

sources: VULMON: CVE-2018-13990 // BID: 106737 // JVNDB: JVNDB-2018-015406 // CNNVD: CNNVD-201901-891 // NVD: CVE-2018-13990

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-19-024-02	Trust: 2.9
url:	http://www.securityfocus.com/bid/106737	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2018-13990	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13990	Trust: 0.8
url:	https://www.phoenixcontact.com/online/portal/pc	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/287.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2018-13990 // BID: 106737 // JVNDB: JVNDB-2018-015406 // CNNVD: CNNVD-201901-891 // NVD: CVE-2018-13990

CREDITS

working with Evgeniy Druzhinin,Phoenix Contact, Ilya Karpov, and Georgy Zaytsev of Positive Technologies.

Trust: 0.6

sources: CNNVD: CNNVD-201901-891

SOURCES

db:	VULMON	id:	CVE-2018-13990
db:	BID	id:	106737
db:	JVNDB	id:	JVNDB-2018-015406
db:	CNNVD	id:	CNNVD-201901-891
db:	NVD	id:	CVE-2018-13990

LAST UPDATE DATE

2024-08-14T12:36:55.366000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2018-13990	date:	2019-10-09T00:00:00
db:	BID	id:	106737	date:	2019-01-24T00:00:00
db:	JVNDB	id:	JVNDB-2018-015406	date:	2019-06-03T00:00:00
db:	CNNVD	id:	CNNVD-201901-891	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-13990	date:	2019-10-09T23:34:37.433

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2018-13990	date:	2019-05-06T00:00:00
db:	BID	id:	106737	date:	2019-01-24T00:00:00
db:	JVNDB	id:	JVNDB-2018-015406	date:	2019-06-03T00:00:00
db:	CNNVD	id:	CNNVD-201901-891	date:	2019-01-25T00:00:00
db:	NVD	id:	CVE-2018-13990	date:	2019-05-06T19:29:00.467