CVE-2018-13993

high-risk

Published 2019-05-07

The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is prone to CSRF.

Do I need to act?

-

0.12% chance of exploitation

EPSS score — low exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

8

CVSS 8.8/10 High

NETWORK / LOW complexity

Affected Products (20)

Fl Switch 3005 Firmware

Fl Switch 3005T Firmware

Fl Switch 3004T-Fx Firmware

Fl Switch 3004T-Fx St Firmware

Fl Switch 3008 Firmware

Fl Switch 3008T Firmware

Fl Switch 3006T-2Fx Firmware

Fl Switch 3006T-2Fx St Firmware

Fl Switch 3012E-2Sfx Firmware

Fl Switch 3016E Firmware

Fl Switch 3016 Firmware

Fl Switch 3016T Firmware

Fl Switch 3006T-2Fx Sm Firmware

Fl Switch 4008T-2Sfp Firmware

Fl Switch 4008T-2Gt-4Fx Sm Firmware

Fl Switch 4008T-2Gt-3Fx Sm Firmware

Fl Switch 4808E-16Fx Lc-4Gc Firmware

Fl Switch 4808E-16Fx Sm-4Gc Firmware

Fl Switch 4808E-16Fx Sm St-4Gc Firmware

Fl Switch 4808E-16Fx St-4Gc Firmware

Affected Vendors

Phoenixcontact

References (4)

Third Party Advisory http://www.securityfocus.com/bid/106737

Third Party Advisory https://ics-cert.us-cert.gov/advisories/ICSA-19-024-02

Third Party Advisory http://www.securityfocus.com/bid/106737

Third Party Advisory https://ics-cert.us-cert.gov/advisories/ICSA-19-024-02

53

/ 100

high-risk

Severity 30/34 · Critical

Exploitability 1/34 · Minimal

Exposure 22/34 · High