PT-2019-9016 · Phoenix Contact · Fl Switch 3Xxx+2
Published
2019-05-07
·
Updated
2019-10-09
·
CVE-2018-13993
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 through 1.34
Description
The WebUI of the affected devices is prone to CSRF, which could potentially allow unauthorized actions to be performed.
Recommendations
For versions 1.0 through 1.34, consider implementing CSRF protection mechanisms, such as token-based validation, to prevent unauthorized requests.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fl Switch 3Xxx
Fl Switch 48Xx
Fl Switch 4Xxx