PT-2019-9017 · Phoenix Contact · Fl Switch 3Xxx+2
Evgeniy Druzhinin
+2
·
Published
2019-05-07
·
Updated
2019-10-09
·
CVE-2018-13994
CVSS v3.1
7.5
High
| Vector | AC:L/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N |
Name of the Vulnerable Software and Affected Versions
PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 through 1.34
Description
The WebUI of the affected device is susceptible to a denial-of-service attack. This can be achieved by establishing more than 120 connections.
Recommendations
For versions 1.0 through 1.34, consider restricting the number of connections to the WebUI to prevent denial-of-service attacks. As a temporary workaround, limit the number of concurrent connections to mitigate the risk of exploitation.
Fix
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fl Switch 3Xxx
Fl Switch 48Xx
Fl Switch 4Xxx