CVE-2018-13992

CWE-3113 documents3 sources
Severity
9.8CRITICAL
EPSS
0.1%
top 65.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
29
Phoenixcontact FL Switch 3004t-fx FirmwarePhoenixcontact FL Switch 3004t-fx ST FirmwarePhoenixcontact FL Switch 3005 Firmware+26 more
Timeline
PublishedMay 7
Latest updateMay 24

Description

The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 allows for plaintext transmission (HTTP) of user credentials by default.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:NExploitability: 3.9 | Impact: 4.2

Affected Packages29 packages

🔴Vulnerability Details

2
GHSA
GHSA-m9g7-24wc-gw4q: The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 12022-05-24
CVEList
CVE-2018-13992: The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 12019-05-07
CVE-2018-13992 (CRITICAL CVSS 9.8) | The WebUI of PHOENIX CONTACT FL SWI | cvebase.io