CVE-2018-13990
UnknownEPSS 2.31%
Last modified
CVE-2018-13990 is a vulnerability of currently unknown severity. The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions prior to 1.35 is vulnerable to brute-force attacks, because of Improper Restriction of Excessive Authentication Attempts.. EPSS estimates a 2.31% chance of exploitation in the next 30 days.
Description
The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions prior to 1.35 is vulnerable to brute-force attacks, because of Improper Restriction of Excessive Authentication Attempts.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Phoenixcontact | Fl Switch 3005 Firmware | < 1.35 |
| Phoenixcontact | Fl Switch 3005t Firmware | < 1.35 |
| Phoenixcontact | Fl Switch 3004t-Fx Firmware | < 1.35 |
| Phoenixcontact | Fl Switch 3004t-Fx St Firmware | < 1.35 |
| Phoenixcontact | Fl Switch 3008 Firmware | < 1.35 |
| Phoenixcontact | Fl Switch 3008t Firmware | < 1.35 |
| Phoenixcontact | Fl Switch 3006t-2fx Firmware | < 1.35 |
| Phoenixcontact | Fl Switch 3006t-2fx St Firmware | < 1.35 |
| Phoenixcontact | Fl Switch 3012e-2sfx Firmware | < 1.35 |
| Phoenixcontact | Fl Switch 3016e Firmware | < 1.35 |
| Phoenixcontact | Fl Switch 3016 Firmware | < 1.35 |
| Phoenixcontact | Fl Switch 3016t Firmware | < 1.35 |
| Phoenixcontact | Fl Switch 3006t-2fx Sm Firmware | < 1.35 |
| Phoenixcontact | Fl Switch 4008t-2sfp Firmware | < 1.35 |
| Phoenixcontact | Fl Switch 4008t-2gt-4fx Sm Firmware | < 1.35 |
| Phoenixcontact | Fl Switch 4008t-2gt-3fx Sm Firmware | < 1.35 |
| Phoenixcontact | Fl Switch 4808e-16fx Lc-4gc Firmware | < 1.35 |
| Phoenixcontact | Fl Switch 4808e-16fx Sm-4gc Firmware | < 1.35 |
| Phoenixcontact | Fl Switch 4808e-16fx Sm St-4gc Firmware | < 1.35 |
| Phoenixcontact | Fl Switch 4808e-16fx St-4gc Firmware | < 1.35 |
| Phoenixcontact | Fl Switch 4808e-16fx-4gc Firmware | < 1.35 |
| Phoenixcontact | Fl Switch 4808e-16fx Sm Lc-4gc Firmware | < 1.35 |
| Phoenixcontact | Fl Switch 4012t 2gt 2fx Firmware | < 1.35 |
| Phoenixcontact | Fl Switch 4012t-2gt-2fx St Firmware | < 1.35 |
| Phoenixcontact | Fl Switch 4824e-4gc Firmware | < 1.35 |
| Phoenixcontact | Fl Switch 4800e-24fx-4gc Firmware | < 1.35 |
| Phoenixcontact | Fl Switch 4800e-24fx Sm-4gc Firmware | < 1.35 |
| Phoenixcontact | Fl Switch 3012e-2fx Sm Firmware | < 1.35 |
| Phoenixcontact | Fl Switch 4000t-8poe-2sfp-R Firmware | < 1.35 |
References
- http://www.securityfocus.com/bid/106737Third Party Advisory, VDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-19-024-02Third Party Advisory, US Government Resource
- http://www.securityfocus.com/bid/106737Third Party Advisory, VDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-19-024-02Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-13990?
The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions prior to 1.35 is vulnerable to brute-force attacks, because of Improper Restriction of Excessive Authentication Attempts.
How severe is CVE-2018-13990?
Severity scoring for CVE-2018-13990 is pending analysis. The EPSS model estimates a 2.31% probability of exploitation in the next 30 days.
How do I fix CVE-2018-13990?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2018-13990?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST