Lucene search

K
nvd[email protected]NVD:CVE-2018-13992
HistoryMay 07, 2019 - 6:29 p.m.

CVE-2018-13992

2019-05-0718:29:00
CWE-311
web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.8%

The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 allows for plaintext transmission (HTTP) of user credentials by default.

Affected configurations

NVD
Node
phoenixcontactfl_switch_3005_firmwareRange1.01.34
AND
phoenixcontactfl_switch_3005Match-
Node
phoenixcontactfl_switch_3005t_firmwareRange1.01.34
AND
phoenixcontactfl_switch_3005tMatch-
Node
phoenixcontactfl_switch_3004t-fx_firmwareRange1.01.34
AND
phoenixcontactfl_switch_3004t-fxMatch-
Node
phoenixcontactfl_switch_3004t-fx_st_firmwareRange1.01.34
AND
phoenixcontactfl_switch_3004t-fx_stMatch-
Node
phoenixcontactfl_switch_3008_firmwareRange1.01.34
AND
phoenixcontactfl_switch_3008Match-
Node
phoenixcontactfl_switch_3008t_firmwareRange1.01.34
AND
phoenixcontactfl_switch_3008tMatch-
Node
phoenixcontactfl_switch_3006t-2fx_firmwareRange1.01.34
AND
phoenixcontactfl_switch_3006t-2fxMatch-
Node
phoenixcontactfl_switch_3006t-2fx_st_firmwareRange1.01.34
AND
phoenixcontactfl_switch_3006t-2fx_stMatch-
Node
phoenixcontactfl_switch_3012e-2sfx_firmwareRange1.01.34
AND
phoenixcontactfl_switch_3012e-2sfxMatch-
Node
phoenixcontactfl_switch_3016e_firmwareRange1.01.34
AND
phoenixcontactfl_switch_3016eMatch-
Node
phoenixcontactfl_switch_3016_firmwareRange1.01.34
AND
phoenixcontactfl_switch_3016Match-
Node
phoenixcontactfl_switch_3016t_firmwareRange1.01.34
AND
phoenixcontactfl_switch_3016tMatch-
Node
phoenixcontactfl_switch_3006t-2fx_sm_firmwareRange1.01.34
AND
phoenixcontactfl_switch_3006t-2fx_smMatch-
Node
phoenixcontactfl_switch_4008t-2sfp_firmwareRange1.01.34
AND
phoenixcontactfl_switch_4008t-2sfpMatch-
Node
phoenixcontactfl_switch_4008t-2gt-4fx_sm_firmwareRange1.01.34
AND
phoenixcontactfl_switch_4008t-2gt-4fx_smMatch-
Node
phoenixcontactfl_switch_4008t-2gt-3fx_sm_firmwareRange1.01.34
AND
phoenixcontactfl_switch_4008t-2gt-3fx_smMatch-
Node
phoenixcontactfl_switch_4808e-16fx_lc-4gc_firmwareRange1.01.34
AND
phoenixcontactfl_switch_4808e-16fx_lc-4gcMatch-
Node
phoenixcontactfl_switch_4808e-16fx_sm-4gc_firmwareRange1.01.34
AND
phoenixcontactfl_switch_4808e-16fx_sm-4gcMatch-
Node
phoenixcontactfl_switch_4808e-16fx_sm_st-4gc_firmwareRange1.01.34
AND
phoenixcontactfl_switch_4808e-16fx_sm_st-4gcMatch-
Node
phoenixcontactfl_switch_4808e-16fx_st-4gc_firmwareRange1.01.34
AND
phoenixcontactfl_switch_4808e-16fx_st-4gcMatch-
Node
phoenixcontactfl_switch_4808e-16fx-4gc_firmwareRange1.01.34
AND
phoenixcontactfl_switch_4808e-16fx-4gcMatch-
Node
phoenixcontactfl_switch_4808e-16fx_sm_lc-4gc_firmwareRange1.01.34
AND
phoenixcontactfl_switch_4808e-16fx_sm_lc-4gcMatch-
Node
phoenixcontactfl_switch_4012t_2gt_2fx_firmwareRange1.01.34
AND
phoenixcontactfl_switch_4012t_2gt_2fxMatch-
Node
phoenixcontactfl_switch_4012t-2gt-2fx_st_firmwareRange1.01.34
AND
phoenixcontactfl_switch_4012t-2gt-2fx_stMatch-
Node
phoenixcontactfl_switch_4824e-4gc_firmwareRange1.01.34
AND
phoenixcontactfl_switch_4824e-4gcMatch-
Node
phoenixcontactfl_switch_4800e-24fx-4gc_firmwareRange1.01.34
AND
phoenixcontactfl_switch_4800e-24fx-4gcMatch-
Node
phoenixcontactfl_switch_4800e-24fx_sm-4gc_firmwareRange1.01.34
AND
phoenixcontactfl_switch_4800e-24fx_sm-4gcMatch-
Node
phoenixcontactfl_switch_3012e-2fx_sm_firmwareRange1.01.34
AND
phoenixcontactfl_switch_3012e-2fx_smMatch-
Node
phoenixcontactfl_switch_4000t-8poe-2sfp-r_firmwareRange1.01.34
AND
phoenixcontactfl_switch_4000t-8poe-2sfp-rMatch-

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.8%

Related for NVD:CVE-2018-13992