CVE-2019-9744

Name of the Vulnerable Software and Affected Versions PHOENIX CONTACT FL NAT SMCS 8TX (affected versions not specified) PHOENIX CONTACT FL NAT SMN 8TX (affected versions not specified) PHOENIX CONTACT FL NAT SMN 8TX-M (affected versions not specified) PHOENIX CONTACT FL NAT SMN 8TX-M-DMG (affected versions not specified)

Description The issue allows unauthorized access to the WEB-UI by attackers arriving from the same source IP address as an authenticated user. This occurs because the IP address is used as a session identifier.

Recommendations For PHOENIX CONTACT FL NAT SMCS 8TX, consider implementing an additional authentication mechanism to prevent unauthorized access. For PHOENIX CONTACT FL NAT SMN 8TX, restrict access to the WEB-UI to minimize the risk of exploitation. For PHOENIX CONTACT FL NAT SMN 8TX-M, avoid using the IP address as a session identifier until the issue is resolved. For PHOENIX CONTACT FL NAT SMN 8TX-M-DMG, as a temporary workaround, consider disabling remote access to the WEB-UI until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.