PT-2019-9015 · Phoenix Contact · Fl Switch 3Xxx+2

Evgeniy Druzhinin

Publicado

2019-05-07

Atualizado

2020-08-24

CVE-2018-13992

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 through 1.34

Description The WebUI of the affected devices allows for plaintext transmission of user credentials by default, which can be done over HTTP.

Recommendations For versions 1.0 through 1.34, consider configuring the WebUI to use encrypted transmission, such as HTTPS, to protect user credentials. As a temporary workaround, restrict access to the WebUI to minimize the risk of exploitation.

Correção

Missing Encryption of Sensitive Data

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-311

Identificadores relacionados

CVE-2018-13992

Produtos afetados

Fl Switch 3Xxx

Fl Switch 48Xx

Fl Switch 4Xxx

PT-2019-9015 · Phoenix Contact · Fl Switch 3Xxx+2

CVE-2018-13992

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4