CVSS: 5.3EPSS: 0%CPEs: 58EXPL: 0CVE-2018-13991
https://notcve.org/view.php?id=CVE-2018-13991
07 May 2019 — The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 leaks private information in firmware images. El WebUI de PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versiones 1.0 a 1.34 filtra información privada en imágenes de firmware. • http://www.securityfocus.com/bid/106737 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 1%CPEs: 58EXPL: 0CVE-2018-13990
https://notcve.org/view.php?id=CVE-2018-13990
06 May 2019 — The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions prior to 1.35 is vulnerable to brute-force attacks, because of Improper Restriction of Excessive Authentication Attempts. El WebUI de PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versiones anteriores a la 1.35 es vulnerable a ataques de fuerza bruta, debido a la Restricción Inapropiada de los Intentos de Autenticación Excesivos. • http://www.securityfocus.com/bid/106737 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2019-10953
https://notcve.org/view.php?id=CVE-2019-10953
17 Apr 2019 — ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets. En Controladores lógicos programables de ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - , versiones múltiples. Los investigadores han encontrado que algunos controladores son susceptibles a un ataque de Denegación de Servicio (DoS) debido a una inundación de paquetes de ... • http://www.securityfocus.com/bid/108413 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.0EPSS: 2%CPEs: 4EXPL: 0CVE-2019-9743
https://notcve.org/view.php?id=CVE-2019-9743
26 Mar 2019 — An issue was discovered on PHOENIX CONTACT RAD-80211-XD and RAD-80211-XD/HP-BUS devices. Command injection can occur in the WebHMI component. Se ha descubierto un problema en dispositivos PHOENIX CONTACT RAD-80211-XD y RAD-80211-XD/HP-BUS. Puede ocurrir una inyección de comandos en el componente WebHMI. • http://www.securityfocus.com/bid/107596 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2019-9744
https://notcve.org/view.php?id=CVE-2019-9744
26 Mar 2019 — An issue was discovered on PHOENIX CONTACT FL NAT SMCS 8TX, FL NAT SMN 8TX, FL NAT SMN 8TX-M, and FL NAT SMN 8TX-M-DMG devices. There is unauthorized access to the WEB-UI by attackers arriving from the same source IP address as an authenticated user, because this IP address is used as a session identifier. Se ha descubierto un problema en dispositivos PHOENIX CONTACT FL NAT SMCS 8TX, FL NAT SMN 8TX, FL NAT SMN 8TX-M y FL NAT SMN 8TX-M-DMG. Hay un acceso no autorizado al WEB-UI por parte de los atacantes que... • http://www.securityfocus.com/bid/108576 • CWE-384: Session Fixation •
CVSS: 9.8EPSS: 0%CPEs: 16EXPL: 1CVE-2019-9201
https://notcve.org/view.php?id=CVE-2019-9201
26 Feb 2019 — Multiple Phoenix Contact devices allow remote attackers to establish TCP sessions to port 1962 and obtain sensitive information or make changes, as demonstrated by using the Create Backup feature to traverse all directories. Múltiples dispositivos Phoenix Contact permiten a los atacantes remotos establecer sesiones TCP al puerto 1962 y obtener información sensible o realizar cambios, como se ha demostrado al utilizar la función Crear copia de seguridad para recorrer todos los directorios • https://cert.vde.com/en/advisories/VDE-2019-015 • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.1EPSS: 2%CPEs: 58EXPL: 0CVE-2018-10728
https://notcve.org/view.php?id=CVE-2018-10728
17 May 2018 — All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to buffer overflows (a different vulnerability than CVE-2018-10731). Todos los productos Phoenix Contact managed FL SWITCH 3xxx, 4xxx y 48xx que ejecutan la versión del firmware 1.0 a 1.33 son propensos a desbordamientos de búfer (una vulnerabilidad distinta de CVE-2018-10731). • http://www.securityfocus.com/bid/104231 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.3EPSS: 0%CPEs: 58EXPL: 0CVE-2018-10729
https://notcve.org/view.php?id=CVE-2018-10729
17 May 2018 — All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 allow reading the configuration file by an unauthenticated user. Todos los productos Phoenix Contact managed FL SWITCH 3xxx, 4xxx y 48xx que ejecutan la versión del firmware 1.0 a 1.33 permiten la lectura del archivo de configuración por un usuario no autenticado. • http://www.securityfocus.com/bid/104231 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 5%CPEs: 58EXPL: 0CVE-2018-10730
https://notcve.org/view.php?id=CVE-2018-10730
17 May 2018 — All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to OS command injection. Todos los productos Phoenix Contact managed FL SWITCH 3xxx, 4xxx y 48xx que ejecutan la versión del firmware 1.0 a 1.33 son propensos a una inyección de comandos del sistema operativo. • http://www.securityfocus.com/bid/104231 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.3EPSS: 2%CPEs: 58EXPL: 0CVE-2018-10731
https://notcve.org/view.php?id=CVE-2018-10731
17 May 2018 — All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to buffer overflows when handling very large cookies (a different vulnerability than CVE-2018-10728). Todos los productos Phoenix Contact managed FL SWITCH 3xxx, 4xxx y 48xx que ejecutan la versión del firmware 1.0 a 1.33 son propensos a desbordamientos de búfer cuando se gestionan cookies muy grandes (una vulnerabilidad distinta de CVE-2018-10728). • http://www.securityfocus.com/bid/104231 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •