~/cve/CVE-2018-13992

pipeline liveDigest Docs

CVE-2018-13992

published 2019-05-07

CVE-2018-13992: The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 allows for plaintext transmission (HTTP) of user credentials by default.

critical9.8CVSS 3.0

AVNACLPRNUINSUCHIHAH

The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 allows for plaintext transmission (HTTP) of user credentials by default.

Affected

29 ranges· showing 25

Vendor	Product	Version range	Fixed in
phoenixcontact	fl_switch_3004t-fx_firmware	1.0 – 1.34	—
phoenixcontact	fl_switch_3004t-fx_st_firmware	1.0 – 1.34	—
phoenixcontact	fl_switch_3005_firmware	<= 1.34	—
phoenixcontact	fl_switch_3005t_firmware	1.0 – 1.34	—
phoenixcontact	fl_switch_3006t-2fx_firmware	1.0 – 1.34	—
phoenixcontact	fl_switch_3006t-2fx_sm_firmware	1.0 – 1.34	—
phoenixcontact	fl_switch_3006t-2fx_st_firmware	1.0 – 1.34	—
phoenixcontact	fl_switch_3008_firmware	1.0 – 1.34	—
phoenixcontact	fl_switch_3008t_firmware	1.0 – 1.34	—
phoenixcontact	fl_switch_3012e-2fx_sm_firmware	1.0 – 1.34	—
phoenixcontact	fl_switch_3012e-2sfx_firmware	1.0 – 1.34	—
phoenixcontact	fl_switch_3016_firmware	1.0 – 1.34	—
phoenixcontact	fl_switch_3016e_firmware	1.0 – 1.34	—
phoenixcontact	fl_switch_3016t_firmware	1.0 – 1.34	—
phoenixcontact	fl_switch_4000t-8poe-2sfp-r_firmware	1.0 – 1.34	—
phoenixcontact	fl_switch_4008t-2gt-3fx_sm_firmware	1.0 – 1.34	—
phoenixcontact	fl_switch_4008t-2gt-4fx_sm_firmware	1.0 – 1.34	—
phoenixcontact	fl_switch_4008t-2sfp_firmware	1.0 – 1.34	—
phoenixcontact	fl_switch_4012t-2gt-2fx_st_firmware	1.0 – 1.34	—
phoenixcontact	fl_switch_4012t_2gt_2fx_firmware	1.0 – 1.34	—
phoenixcontact	fl_switch_4800e-24fx-4gc_firmware	1.0 – 1.34	—
phoenixcontact	fl_switch_4800e-24fx_sm-4gc_firmware	1.0 – 1.34	—
phoenixcontact	fl_switch_4808e-16fx-4gc_firmware	1.0 – 1.34	—
phoenixcontact	fl_switch_4808e-16fx_lc-4gc_firmware	1.0 – 1.34	—
phoenixcontact	fl_switch_4808e-16fx_sm-4gc_firmware	1.0 – 1.34	—