Details of VAR-201905-0726

ID

VAR-201905-0726

CVE

CVE-2018-13992

TITLE

plural PHOENIX CONTACT FL SWITCH Vulnerabilities related to certificate and password management in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-015395

DESCRIPTION

The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 allows for plaintext transmission (HTTP) of user credentials by default. plural PHOENIX CONTACT FL SWITCH The product contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PHOENIX CONTACT FL SWITCH Series are prone to the following security vulnerabilities: 1. A cross-site request-forgery vulnerability. 2. An authentication-bypass vulnerability. 3. Multiple information-disclosure vulnerabilities. 4. A denial-of-service vulnerability. Attackers can exploit these issues to bypass the authentication process, obtain sensitive information, and perform unauthorized actions. Failed exploit attempts will likely cause a denial-of-service condition

Trust: 1.98

sources: NVD: CVE-2018-13992 // JVNDB: JVNDB-2018-015395 // BID: 106737 // VULMON: CVE-2018-13992

AFFECTED PRODUCTS

vendor:	phoenixcontact	model:	fl switch 3005	scope:	lte	version:	1.34	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3006t-2fx	scope:	lte	version:	1.34	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4012t 2gt 2fx	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4800e-24fx-4gc	scope:	lte	version:	1.34	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4800e-24fx-4gc	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3004t-fx	scope:	lte	version:	1.34	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3016t	scope:	lte	version:	1.34	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3012e-2sfx	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3006t-2fx	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4000t-8poe-2sfp-r	scope:	lte	version:	1.34	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3004t-fx	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4808e-16fx st-4gc	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4808e-16fx lc-4gc	scope:	lte	version:	1.34	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4808e-16fx st-4gc	scope:	lte	version:	1.34	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4808e-16fx lc-4gc	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3004t-fx st	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3016t	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3012e-2fx sm	scope:	lte	version:	1.34	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3012e-2fx sm	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3008t	scope:	lte	version:	1.34	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3008	scope:	lte	version:	1.34	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4008t-2gt-4fx sm	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3008	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4008t-2gt-4fx sm	scope:	lte	version:	1.34	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4808e-16fx-4gc	scope:	lte	version:	1.34	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3008t	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4000t-8poe-2sfp-r	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4012t-2gt-2fx st	scope:	lte	version:	1.34	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3006t-2fx st	scope:	lte	version:	1.34	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4824e-4gc	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4824e-4gc	scope:	lte	version:	1.34	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4008t-2sfp	scope:	lte	version:	1.34	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4808e-16fx-4gc	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3005	scope:	gt	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3016	scope:	lte	version:	1.34	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4012t-2gt-2fx st	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3016e	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3016e	scope:	lte	version:	1.34	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4808e-16fx sm-4gc	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4008t-2sfp	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4808e-16fx sm-4gc	scope:	lte	version:	1.34	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3005t	scope:	lte	version:	1.34	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3006t-2fx sm	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3016	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3006t-2fx sm	scope:	lte	version:	1.34	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4012t 2gt 2fx	scope:	lte	version:	1.34	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3006t-2fx st	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4800e-24fx sm-4gc	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3005t	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4008t-2gt-3fx sm	scope:	lte	version:	1.34	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4808e-16fx sm st-4gc	scope:	lte	version:	1.34	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4808e-16fx sm lc-4gc	scope:	lte	version:	1.34	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4808e-16fx sm lc-4gc	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4008t-2gt-3fx sm	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4800e-24fx sm-4gc	scope:	lte	version:	1.34	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3004t-fx st	scope:	lte	version:	1.34	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3012e-2sfx	scope:	lte	version:	1.34	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4808e-16fx sm st-4gc	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenix contact	model:	fl switch 3004t-fx st	scope:	eq	version:	1.0 to 1.34	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 3004t-fx	scope:	eq	version:	1.0 to 1.34	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 3005	scope:	eq	version:	1.0 to 1.34	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 3005t	scope:	eq	version:	1.0 to 1.34	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 3006t-2fx st	scope:	eq	version:	1.0 to 1.34	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 3006t-2fx	scope:	eq	version:	1.0 to 1.34	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 3008	scope:	eq	version:	1.0 to 1.34	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 3008t	scope:	eq	version:	1.0 to 1.34	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 3012e-2sfx	scope:	eq	version:	1.0 to 1.34	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 3016e	scope:	eq	version:	1.0 to 1.34	Trust: 0.8
vendor:	phoenix	model:	contact fl switch series	scope:	eq	version:	4xxx1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch series	scope:	eq	version:	4xxx1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch series	scope:	eq	version:	48xx1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch series	scope:	eq	version:	48xx1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch series	scope:	eq	version:	3xxx1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch series	scope:	eq	version:	3xxx1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch series	scope:	ne	version:	4xxx1.35	Trust: 0.3
vendor:	phoenix	model:	contact fl switch series	scope:	ne	version:	48xx1.35	Trust: 0.3
vendor:	phoenix	model:	contact fl switch series	scope:	ne	version:	3xxx1.35	Trust: 0.3

sources: BID: 106737 // JVNDB: JVNDB-2018-015395 // NVD: CVE-2018-13992

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-13992
value:	CRITICAL
Trust: 1.0
cve@mitre.org:	CVE-2018-13992
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-13992
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201901-893
value:	CRITICAL
Trust: 0.6
VULMON:	CVE-2018-13992
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-13992
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2018-13992
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8
cve@mitre.org:	CVE-2018-13992
baseSeverity:	HIGH
baseScore:	8.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	4.2
version:	3.0
Trust: 1.0

sources: VULMON: CVE-2018-13992 // JVNDB: JVNDB-2018-015395 // CNNVD: CNNVD-201901-893 // NVD: CVE-2018-13992 // NVD: CVE-2018-13992

PROBLEMTYPE DATA

problemtype:	CWE-311	Trust: 1.0
problemtype:	CWE-255	Trust: 0.8

sources: JVNDB: JVNDB-2018-015395 // NVD: CVE-2018-13992

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-893

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201901-893

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-015395

PATCH

title:	Top Page	url:	https://www.phoenixcontact.com/online/portal/pc	Trust: 0.8
title:	The Register	url:	https://www.theregister.co.uk/2019/02/11/phoenix_switch_flaws/	Trust: 0.2

sources: VULMON: CVE-2018-13992 // JVNDB: JVNDB-2018-015395

EXTERNAL IDS

db:	ICS CERT	id:	ICSA-19-024-02	Trust: 2.8
db:	NVD	id:	CVE-2018-13992	Trust: 2.8
db:	BID	id:	106737	Trust: 2.0
db:	JVNDB	id:	JVNDB-2018-015395	Trust: 0.8
db:	CNNVD	id:	CNNVD-201901-893	Trust: 0.6
db:	VULMON	id:	CVE-2018-13992	Trust: 0.1

sources: VULMON: CVE-2018-13992 // BID: 106737 // JVNDB: JVNDB-2018-015395 // CNNVD: CNNVD-201901-893 // NVD: CVE-2018-13992

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-19-024-02	Trust: 2.9
url:	http://www.securityfocus.com/bid/106737	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2018-13992	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13992	Trust: 0.8
url:	https://www.phoenixcontact.com/online/portal/pc	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/311.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2018-13992 // BID: 106737 // JVNDB: JVNDB-2018-015395 // CNNVD: CNNVD-201901-893 // NVD: CVE-2018-13992

CREDITS

working with Evgeniy Druzhinin,Phoenix Contact, Ilya Karpov, and Georgy Zaytsev of Positive Technologies.

Trust: 0.6

sources: CNNVD: CNNVD-201901-893

SOURCES

db:	VULMON	id:	CVE-2018-13992
db:	BID	id:	106737
db:	JVNDB	id:	JVNDB-2018-015395
db:	CNNVD	id:	CNNVD-201901-893
db:	NVD	id:	CVE-2018-13992

LAST UPDATE DATE

2024-08-14T12:55:35.872000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2018-13992	date:	2020-08-24T00:00:00
db:	BID	id:	106737	date:	2019-01-24T00:00:00
db:	JVNDB	id:	JVNDB-2018-015395	date:	2019-06-03T00:00:00
db:	CNNVD	id:	CNNVD-201901-893	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2018-13992	date:	2020-08-24T17:37:01.140

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2018-13992	date:	2019-05-07T00:00:00
db:	BID	id:	106737	date:	2019-01-24T00:00:00
db:	JVNDB	id:	JVNDB-2018-015395	date:	2019-06-03T00:00:00
db:	CNNVD	id:	CNNVD-201901-893	date:	2019-01-25T00:00:00
db:	NVD	id:	CVE-2018-13992	date:	2019-05-07T18:29:00.393