CVE-2018-13992

HIGH

Phoenixcontact FL Switch 3005 Firmware < 1.34 - Missing Encryption

Title source: rule
STIX 2.1

Description

The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 allows for plaintext transmission (HTTP) of user credentials by default.

References (2)

Scores

CVSS v3 8.2
EPSS 0.0014
EPSS Percentile 34.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Details

CWE
CWE-311
Status published
Products (29)
phoenixcontact/fl_switch_3004t-fx_firmware 1.0 - 1.34
phoenixcontact/fl_switch_3004t-fx_st_firmware 1.0 - 1.34
phoenixcontact/fl_switch_3005_firmware 1.0 - 1.34
phoenixcontact/fl_switch_3005t_firmware 1.0 - 1.34
phoenixcontact/fl_switch_3006t-2fx_firmware 1.0 - 1.34
phoenixcontact/fl_switch_3006t-2fx_sm_firmware 1.0 - 1.34
phoenixcontact/fl_switch_3006t-2fx_st_firmware 1.0 - 1.34
phoenixcontact/fl_switch_3008_firmware 1.0 - 1.34
phoenixcontact/fl_switch_3008t_firmware 1.0 - 1.34
phoenixcontact/fl_switch_3012e-2fx_sm_firmware 1.0 - 1.34
... and 19 more
Published May 07, 2019
Tracked Since Feb 18, 2026