Vulnerabilities > Phoenixcontact > FL Switch 3005T Firmware > 1.34

DATE	CVE	VULNERABILITY TITLE	RISK
2019-05-07	CVE-2018-13994	Resource Exhaustion vulnerability in Phoenixcontact products The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is vulnerable to a denial-of-service attack by making more than 120 connections. network low complexity phoenixcontact CWE-400	7.5
2019-05-07	CVE-2018-13993	Cross-Site Request Forgery (CSRF) vulnerability in Phoenixcontact products The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is prone to CSRF. network low complexity phoenixcontact CWE-352	8.8
2019-05-07	CVE-2018-13992	Missing Encryption of Sensitive Data vulnerability in Phoenixcontact products The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 allows for plaintext transmission (HTTP) of user credentials by default. network low complexity phoenixcontact CWE-311 critical	9.8
2019-05-07	CVE-2018-13991	Information Exposure vulnerability in Phoenixcontact products The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 leaks private information in firmware images. network low complexity phoenixcontact CWE-200	5.3
2019-05-06	CVE-2018-13990	Improper Authentication vulnerability in Phoenixcontact products The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions prior to 1.35 is vulnerable to brute-force attacks, because of Improper Restriction of Excessive Authentication Attempts. network low complexity phoenixcontact CWE-287 critical	9.8

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.