Vulnerabilities > Phoenixcontact
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-07 | CVE-2018-13994 | Resource Exhaustion vulnerability in Phoenixcontact products The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is vulnerable to a denial-of-service attack by making more than 120 connections. | 7.5 |
| 2019-05-07 | CVE-2018-13993 | Cross-Site Request Forgery (CSRF) vulnerability in Phoenixcontact products The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is prone to CSRF. | 8.8 |
| 2019-05-07 | CVE-2018-13992 | Missing Encryption of Sensitive Data vulnerability in Phoenixcontact products The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 allows for plaintext transmission (HTTP) of user credentials by default. | 9.8 |
| 2019-05-07 | CVE-2018-13991 | Information Exposure vulnerability in Phoenixcontact products The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 leaks private information in firmware images. | 5.3 |
| 2019-05-06 | CVE-2018-13990 | Improper Authentication vulnerability in Phoenixcontact products The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions prior to 1.35 is vulnerable to brute-force attacks, because of Improper Restriction of Excessive Authentication Attempts. | 9.8 |
| 2019-04-17 | CVE-2019-10953 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. | 7.5 |
| 2019-03-26 | CVE-2019-9744 | Session Fixation vulnerability in Phoenixcontact products An issue was discovered on PHOENIX CONTACT FL NAT SMCS 8TX, FL NAT SMN 8TX, FL NAT SMN 8TX-M, and FL NAT SMN 8TX-M-DMG devices. | 8.8 |
| 2019-03-26 | CVE-2019-9743 | Command Injection vulnerability in Phoenixcontact products An issue was discovered on PHOENIX CONTACT RAD-80211-XD and RAD-80211-XD/HP-BUS devices. | 8.8 |
| 2019-02-26 | CVE-2019-9201 | Missing Authentication for Critical Function vulnerability in Phoenixcontact products Multiple Phoenix Contact devices allow remote attackers to establish TCP sessions to port 1962 and obtain sensitive information or make changes, as demonstrated by using the Create Backup feature to traverse all directories. | 9.8 |
| 2018-05-17 | CVE-2018-10731 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Phoenixcontact products All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to buffer overflows when handling very large cookies (a different vulnerability than CVE-2018-10728). | 9.0 |