CVE-2019-9744
Last modified
CVE-2019-9744 is a vulnerability of currently unknown severity. An issue was discovered on PHOENIX CONTACT FL NAT SMCS 8TX, FL NAT SMN 8TX, FL NAT SMN 8TX-M, and FL NAT SMN 8TX-M-DMG devices. There is unauthorized access to the WEB-UI by attackers arriving from the same source IP address as an authenticated user, because this IP address is used as a session identifier.. EPSS estimates a 1.64% chance of exploitation in the next 30 days.
Description
An issue was discovered on PHOENIX CONTACT FL NAT SMCS 8TX, FL NAT SMN 8TX, FL NAT SMN 8TX-M, and FL NAT SMN 8TX-M-DMG devices. There is unauthorized access to the WEB-UI by attackers arriving from the same source IP address as an authenticated user, because this IP address is used as a session identifier.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Phoenixcontact | Fl Nat Smn 8tx-M-Dmg Firmware | All versions |
| Phoenixcontact | Fl Nat Smn 8tx-M Firmware | All versions |
| Phoenixcontact | Fl Nat Smn 8tx Firmware | All versions |
| Phoenixcontact | Fl Nat Smcs 8tx Firmware | All versions |
References
- https://cert.vde.com/de-de/advisories/vde-2019-006Mitigation, Vendor Advisory
- https://cert.vde.com/de-de/advisories/vde-2019-006Mitigation, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-9744?
How severe is CVE-2019-9744?
How do I fix CVE-2019-9744?
Are you affected by CVE-2019-9744?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST