PT-2019-9014 · Phoenix Contact · Fl Switch 3Xxx+2

Evgeniy Druzhinin

+2

·

Published

2019-05-07

·

Updated

2019-10-09

·

CVE-2018-13991

CVSS v3.1

5.3

Medium

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Name of the Vulnerable Software and Affected Versions PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 through 1.34
Description The WebUI of the affected devices leaks private information in firmware images.
Recommendations For versions 1.0 through 1.34, consider restricting access to the WebUI to minimize the risk of information leakage until a fix is available.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2018-13991

Affected Products

Fl Switch 3Xxx
Fl Switch 48Xx
Fl Switch 4Xxx