Details of VAR-201905-0727

ID

VAR-201905-0727

CVE

CVE-2018-13993

TITLE

Phoenix Contact FL SWITCH Cross-Site Request Forgery Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2019-03262 // CNNVD: CNNVD-201901-894

DESCRIPTION

The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is prone to CSRF. plural PHOENIX CONTACT FL SWITCH The product contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PhoenixContactFLSWITCH is an industrial Ethernet switch from the PhoenixContact group in Germany. A cross-site request forgery vulnerability exists in versions prior to PhoenixContactFLSWITCH3xxx1.35, prior to 4xxx1.35, and prior to 48xx1.35, which could be exploited by remote attackers to cause a web browser to pass unexpected commands. A cross-site request-forgery vulnerability. 2. An authentication-bypass vulnerability. 3. Multiple information-disclosure vulnerabilities. 4. A denial-of-service vulnerability. Attackers can exploit these issues to bypass the authentication process, obtain sensitive information, and perform unauthorized actions. Failed exploit attempts will likely cause a denial-of-service condition

Trust: 2.43

sources: NVD: CVE-2018-13993 // JVNDB: JVNDB-2018-015396 // CNVD: CNVD-2019-03262 // BID: 106737

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-03262

AFFECTED PRODUCTS

vendor:	phoenixcontact	model:	fl switch 4000t-8poe-2sfp-r	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4824e-4gc	scope:	lte	version:	1.34	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3008t	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4008t-2sfp	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4808e-16fx sm-4gc	scope:	lte	version:	1.34	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4808e-16fx sm lc-4gc	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4008t-2gt-3fx sm	scope:	lte	version:	1.34	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3005	scope:	lte	version:	1.34	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3016	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3016t	scope:	lte	version:	1.34	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3004t-fx	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3004t-fx st	scope:	lte	version:	1.34	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4800e-24fx sm-4gc	scope:	lte	version:	1.34	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3008	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4012t-2gt-2fx st	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3012e-2sfx	scope:	lte	version:	1.34	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4808e-16fx-4gc	scope:	lte	version:	1.34	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3005t	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3006t-2fx	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3012e-2fx sm	scope:	lte	version:	1.34	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4808e-16fx lc-4gc	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4000t-8poe-2sfp-r	scope:	lte	version:	1.34	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3012e-2fx sm	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3006t-2fx st	scope:	lte	version:	1.34	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3016e	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3008t	scope:	lte	version:	1.34	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3006t-2fx sm	scope:	lte	version:	1.34	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4008t-2sfp	scope:	lte	version:	1.34	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4012t 2gt 2fx	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4808e-16fx sm lc-4gc	scope:	lte	version:	1.34	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4808e-16fx st-4gc	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4800e-24fx-4gc	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4808e-16fx sm st-4gc	scope:	lte	version:	1.34	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3004t-fx	scope:	lte	version:	1.34	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4008t-2gt-4fx sm	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3008	scope:	lte	version:	1.34	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4808e-16fx sm-4gc	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3005t	scope:	lte	version:	1.34	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4008t-2gt-3fx sm	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4808e-16fx lc-4gc	scope:	lte	version:	1.34	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3004t-fx st	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4824e-4gc	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4800e-24fx sm-4gc	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3005	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3016	scope:	lte	version:	1.34	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3016t	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4012t-2gt-2fx st	scope:	lte	version:	1.34	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3006t-2fx	scope:	lte	version:	1.34	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4808e-16fx st-4gc	scope:	lte	version:	1.34	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4008t-2gt-4fx sm	scope:	lte	version:	1.34	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3006t-2fx sm	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4808e-16fx-4gc	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3006t-2fx st	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3016e	scope:	lte	version:	1.34	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 3012e-2sfx	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4800e-24fx-4gc	scope:	lte	version:	1.34	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4012t 2gt 2fx	scope:	lte	version:	1.34	Trust: 1.0
vendor:	phoenixcontact	model:	fl switch 4808e-16fx sm st-4gc	scope:	gte	version:	1.0	Trust: 1.0
vendor:	phoenix contact	model:	fl switch 3004t-fx st	scope:	eq	version:	1.0 to 1.34	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 3004t-fx	scope:	eq	version:	1.0 to 1.34	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 3005	scope:	eq	version:	1.0 to 1.34	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 3005t	scope:	eq	version:	1.0 to 1.34	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 3006t-2fx st	scope:	eq	version:	1.0 to 1.34	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 3006t-2fx	scope:	eq	version:	1.0 to 1.34	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 3008	scope:	eq	version:	1.0 to 1.34	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 3008t	scope:	eq	version:	1.0 to 1.34	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 3012e-2sfx	scope:	eq	version:	1.0 to 1.34	Trust: 0.8
vendor:	phoenix contact	model:	fl switch 3016e	scope:	eq	version:	1.0 to 1.34	Trust: 0.8
vendor:	phoenix	model:	contact fl switch	scope:	eq	version:	3xxx<1.35	Trust: 0.6
vendor:	phoenix	model:	contact fl switch	scope:	eq	version:	4xxx<1.35	Trust: 0.6
vendor:	phoenix	model:	contact fl switch	scope:	eq	version:	48xx<1.35	Trust: 0.6
vendor:	phoenix	model:	contact fl switch series	scope:	eq	version:	4xxx1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch series	scope:	eq	version:	4xxx1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch series	scope:	eq	version:	48xx1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch series	scope:	eq	version:	48xx1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch series	scope:	eq	version:	3xxx1.32	Trust: 0.3
vendor:	phoenix	model:	contact fl switch series	scope:	eq	version:	3xxx1.0	Trust: 0.3
vendor:	phoenix	model:	contact fl switch series	scope:	ne	version:	4xxx1.35	Trust: 0.3
vendor:	phoenix	model:	contact fl switch series	scope:	ne	version:	48xx1.35	Trust: 0.3
vendor:	phoenix	model:	contact fl switch series	scope:	ne	version:	3xxx1.35	Trust: 0.3

sources: CNVD: CNVD-2019-03262 // BID: 106737 // JVNDB: JVNDB-2018-015396 // NVD: CVE-2018-13993

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-13993
value:	HIGH
Trust: 1.0
cve@mitre.org:	CVE-2018-13993
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-13993
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2019-03262
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201901-894
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2018-13993
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-03262
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2018-13993
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 2.8

sources: CNVD: CNVD-2019-03262 // JVNDB: JVNDB-2018-015396 // CNNVD: CNNVD-201901-894 // NVD: CVE-2018-13993 // NVD: CVE-2018-13993

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.8

sources: JVNDB: JVNDB-2018-015396 // NVD: CVE-2018-13993

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-894

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201901-894

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-015396

PATCH

title:	Top Page	url:	https://www.phoenixcontact.com/online/portal/pc	Trust: 0.8
title:	Patch for PhoenixContactFLSWITCH Cross-Site Request Forgery Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/151745	Trust: 0.6

sources: CNVD: CNVD-2019-03262 // JVNDB: JVNDB-2018-015396

EXTERNAL IDS

db:	ICS CERT	id:	ICSA-19-024-02	Trust: 3.3
db:	NVD	id:	CVE-2018-13993	Trust: 3.3
db:	BID	id:	106737	Trust: 1.9
db:	JVNDB	id:	JVNDB-2018-015396	Trust: 0.8
db:	CNVD	id:	CNVD-2019-03262	Trust: 0.6
db:	CNNVD	id:	CNNVD-201901-894	Trust: 0.6

sources: CNVD: CNVD-2019-03262 // BID: 106737 // JVNDB: JVNDB-2018-015396 // CNNVD: CNNVD-201901-894 // NVD: CVE-2018-13993

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-19-024-02	Trust: 3.3
url:	http://www.securityfocus.com/bid/106737	Trust: 2.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-13993	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13993	Trust: 0.8
url:	https://www.phoenixcontact.com/online/portal/pc	Trust: 0.3

sources: CNVD: CNVD-2019-03262 // BID: 106737 // JVNDB: JVNDB-2018-015396 // CNNVD: CNNVD-201901-894 // NVD: CVE-2018-13993

CREDITS

working with Evgeniy Druzhinin,Phoenix Contact, Ilya Karpov, and Georgy Zaytsev of Positive Technologies.

Trust: 0.6

sources: CNNVD: CNNVD-201901-894

SOURCES

db:	CNVD	id:	CNVD-2019-03262
db:	BID	id:	106737
db:	JVNDB	id:	JVNDB-2018-015396
db:	CNNVD	id:	CNNVD-201901-894
db:	NVD	id:	CVE-2018-13993

LAST UPDATE DATE

2024-11-23T20:07:49.353000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-03262	date:	2019-01-30T00:00:00
db:	BID	id:	106737	date:	2019-01-24T00:00:00
db:	JVNDB	id:	JVNDB-2018-015396	date:	2019-06-03T00:00:00
db:	CNNVD	id:	CNNVD-201901-894	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-13993	date:	2024-11-21T03:48:23.667

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-03262	date:	2019-01-28T00:00:00
db:	BID	id:	106737	date:	2019-01-24T00:00:00
db:	JVNDB	id:	JVNDB-2018-015396	date:	2019-06-03T00:00:00
db:	CNNVD	id:	CNNVD-201901-894	date:	2019-01-25T00:00:00
db:	NVD	id:	CVE-2018-13993	date:	2019-05-07T18:29:00.487