PT-2019-9017 · Phoenix Contact · Fl Switch 3Xxx+2

Evgeniy Druzhinin

Publicado

2019-05-07

Atualizado

2019-10-09

CVE-2018-13994

CVSS v3.1

7.5

Alta

Vetor

AC:L/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N

Name of the Vulnerable Software and Affected Versions PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 through 1.34

Description The WebUI of the affected device is susceptible to a denial-of-service attack. This can be achieved by establishing more than 120 connections.

Recommendations For versions 1.0 through 1.34, consider restricting the number of connections to the WebUI to prevent denial-of-service attacks. As a temporary workaround, limit the number of concurrent connections to mitigate the risk of exploitation.

Correção

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-400

Identificadores relacionados

CVE-2018-13994

Produtos afetados

Fl Switch 3Xxx

Fl Switch 48Xx

Fl Switch 4Xxx

PT-2019-9017 · Phoenix Contact · Fl Switch 3Xxx+2

CVE-2018-13994

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4