Lucene search

[email protected]NVD:CVE-2019-9744

HistoryMar 26, 2019 - 8:29 p.m.

CVE-2019-9744

2019-03-2620:29:00

CWE-384

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.004

Percentile

74.4%

JSON

An issue was discovered on PHOENIX CONTACT FL NAT SMCS 8TX, FL NAT SMN 8TX, FL NAT SMN 8TX-M, and FL NAT SMN 8TX-M-DMG devices. There is unauthorized access to the WEB-UI by attackers arriving from the same source IP address as an authenticated user, because this IP address is used as a session identifier.

Affected configurations

Nvd

Node

phoenixcontactfl_nat_smn_8tx-m-dmgMatch-

AND

phoenixcontactfl_nat_smn_8tx-m-dmg_firmwareMatch-

Node

phoenixcontactfl_nat_smn_8tx-mMatch-

AND

phoenixcontactfl_nat_smn_8tx-m_firmwareMatch-

Node

phoenixcontactfl_nat_smn_8tx_firmwareMatch-

AND

phoenixcontactfl_nat_smn_8txMatch-

Node

phoenixcontactfl_nat_smcs_8tx_firmwareMatch-

AND

phoenixcontactfl_nat_smcs_8txMatch-

VendorProductVersionCPE
phoenixcontactfl_nat_smn_8tx-m-dmg-cpe:2.3:h:phoenixcontact:fl_nat_smn_8tx-m-dmg:-:*:*:*:*:*:*:*
phoenixcontactfl_nat_smn_8tx-m-dmg_firmware-cpe:2.3:o:phoenixcontact:fl_nat_smn_8tx-m-dmg_firmware:-:*:*:*:*:*:*:*
phoenixcontactfl_nat_smn_8tx-m-cpe:2.3:h:phoenixcontact:fl_nat_smn_8tx-m:-:*:*:*:*:*:*:*
phoenixcontactfl_nat_smn_8tx-m_firmware-cpe:2.3:o:phoenixcontact:fl_nat_smn_8tx-m_firmware:-:*:*:*:*:*:*:*
phoenixcontactfl_nat_smn_8tx_firmware-cpe:2.3:o:phoenixcontact:fl_nat_smn_8tx_firmware:-:*:*:*:*:*:*:*
phoenixcontactfl_nat_smn_8tx-cpe:2.3:h:phoenixcontact:fl_nat_smn_8tx:-:*:*:*:*:*:*:*
phoenixcontactfl_nat_smcs_8tx_firmware-cpe:2.3:o:phoenixcontact:fl_nat_smcs_8tx_firmware:-:*:*:*:*:*:*:*
phoenixcontactfl_nat_smcs_8tx-cpe:2.3:h:phoenixcontact:fl_nat_smcs_8tx:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
phoenixcontact	fl_nat_smn_8tx-m-dmg	-	cpe:2.3:h:phoenixcontact:fl_nat_smn_8tx-m-dmg:-:::::::*
phoenixcontact	fl_nat_smn_8tx-m-dmg_firmware	-	cpe:2.3:o:phoenixcontact:fl_nat_smn_8tx-m-dmg_firmware:-:::::::*
phoenixcontact	fl_nat_smn_8tx-m	-	cpe:2.3:h:phoenixcontact:fl_nat_smn_8tx-m:-:::::::*
phoenixcontact	fl_nat_smn_8tx-m_firmware	-	cpe:2.3:o:phoenixcontact:fl_nat_smn_8tx-m_firmware:-:::::::*
phoenixcontact	fl_nat_smn_8tx_firmware	-	cpe:2.3:o:phoenixcontact:fl_nat_smn_8tx_firmware:-:::::::*
phoenixcontact	fl_nat_smn_8tx	-	cpe:2.3:h:phoenixcontact:fl_nat_smn_8tx:-:::::::*
phoenixcontact	fl_nat_smcs_8tx_firmware	-	cpe:2.3:o:phoenixcontact:fl_nat_smcs_8tx_firmware:-:::::::*
phoenixcontact	fl_nat_smcs_8tx	-	cpe:2.3:h:phoenixcontact:fl_nat_smcs_8tx:-:::::::*

References

www.securityfocus.com/bid/108576

cert.vde.com/de-de/advisories/vde-2019-006

ics-cert.us-cert.gov/advisories/ICSA-19-155-02

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.004

Percentile

74.4%

JSON

Related for NVD:CVE-2019-9744

prion1 ics1 cvelist1 cve1