CVE-2018-13993: CSRF
First published: Tue May 07 2019(Updated: )
The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is prone to CSRF.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Phoenixcontact Fl Switch 3005 Firmware | >=1.0<=1.34 | |
| Phoenixcontact Fl Switch 3005 | ||
| Phoenixcontact Fl Switch 3005t Firmware | >=1.0<=1.34 | |
| Phoenix Contact FL Switch 3005T | ||
| Phoenixcontact Fl Switch 3004t-fx St Firmware | >=1.0<=1.34 | |
| Phoenix Contact FL Switch 3004T-FX | ||
| Phoenixcontact Fl Switch 3004t-fx St Firmware | >=1.0<=1.34 | |
| Phoenixcontact Fl Switch 3004t-fx St Firmware | ||
| Phoenixcontact Fl Switch 3008 Firmware | >=1.0<=1.34 | |
| Phoenixcontact Fl Switch 3008 | ||
| Phoenixcontact Fl Switch 3008t Firmware | >=1.0<=1.34 | |
| Phoenixcontact Fl Switch 3008t Firmware | ||
| Phoenixcontact Fl Switch 3006t-2fx Firmware | >=1.0<=1.34 | |
| Phoenixcontact Fl Switch 3006t-2fx Sm Firmware | ||
| Phoenix Contact FL Switch 3006T-2FX ST Firmware | >=1.0<=1.34 | |
| Phoenix Contact FL Switch 3006T-2FX ST Firmware | ||
| Phoenixcontact FL Switch 3012e-2sfx | >=1.0<=1.34 | |
| Phoenixcontact Fl Switch 3012e-2sfx Firmware | ||
| Phoenixcontact Fl Switch 3016e Firmware | >=1.0<=1.34 | |
| Phoenixcontact Fl Switch 3016e Firmware | ||
| Phoenixcontact FL Switch 3016t Firmware | >=1.0<=1.34 | |
| Phoenixcontact Fl Switch 3016 | ||
| Phoenixcontact FL Switch 3016t Firmware | >=1.0<=1.34 | |
| Phoenixcontact FL Switch 3016t Firmware | ||
| Phoenixcontact Fl Switch 3006t-2fx Sm Firmware | >=1.0<=1.34 | |
| Phoenixcontact Fl Switch 3006t-2fx Sm Firmware | ||
| Phoenixcontact Fl Switch 4008t-2sfp Firmware | >=1.0<=1.34 | |
| Phoenixcontact Fl Switch 4008t-2sfp Firmware | ||
| Phoenixcontact Fl Switch 4008t-2gt-4fx Sm | >=1.0<=1.34 | |
| Phoenixcontact Fl Switch 4008t-2gt-4fx Sm Firmware | ||
| Phoenixcontact Fl Switch 4008t-2gt-3fx Sm | >=1.0<=1.34 | |
| Phoenixcontact Fl Switch 4008t-2gt-3fx Sm Firmware | ||
| Phoenixcontact Fl Switch 4808e-16fx Lc-4gc | >=1.0<=1.34 | |
| Phoenixcontact Fl Switch 4808e-16fx Lc-4gc Firmware | ||
| Phoenixcontact Fl Switch 4808e-16fx Sm-4gc Firmware | >=1.0<=1.34 | |
| Phoenixcontact Fl Switch 4808e-16fx Sm-4gc Firmware | ||
| Phoenixcontact Fl Switch 4808e-16fx Sm St-4gc | >=1.0<=1.34 | |
| Phoenixcontact Fl Switch 4808e-16fx Sm St-4gc Firmware | ||
| Phoenix Contact FL Switch 4808E-16FX ST-4GC | >=1.0<=1.34 | |
| Phoenixcontact Fl Switch 4808e-16fx St-4gc Firmware | ||
| Phoenixcontact Fl Switch 4808e-16fx Sm Lc-4gc Firmware | >=1.0<=1.34 | |
| Phoenixcontact Fl Switch 4808e-16fx-4gc | ||
| Phoenixcontact Fl Switch 4808e-16fx Sm Lc-4gc Firmware | >=1.0<=1.34 | |
| Phoenixcontact Fl Switch 4808e-16fx Sm Lc-4gc Firmware | ||
| Phoenixcontact FL Switch 4012T 2GT 2FX | >=1.0<=1.34 | |
| Phoenix Contact FL Switch 4012T-2GT-2FX ST Firmware | ||
| Phoenixcontact FL Switch 4012T 2GT 2FX | >=1.0<=1.34 | |
| Phoenixcontact FL Switch 4012T 2GT 2FX | ||
| Phoenixcontact Fl Switch 4824e-4gc Firmware | >=1.0<=1.34 | |
| Phoenixcontact Fl Switch 4824e-4gc | ||
| Phoenixcontact Fl Switch 4800e-24fx Sm-4gc Firmware | >=1.0<=1.34 | |
| Phoenixcontact Fl Switch 4800e-24fx Sm-4gc Firmware | ||
| Phoenixcontact Fl Switch 4800e-24fx Sm-4gc | >=1.0<=1.34 | |
| Phoenixcontact Fl Switch 4800e-24fx Sm-4gc Firmware | ||
| Phoenixcontact Fl Switch 3012e-2fx Sm Firmware | >=1.0<=1.34 | |
| Phoenixcontact Fl Switch 3012e-2fx Sm Firmware | ||
| Phoenixcontact Fl Switch 4000t-8poe-2sfp-r Firmware | >=1.0<=1.34 | |
| Phoenixcontact Fl Switch 4000t-8poe-2sfp-r Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-13993?
CVE-2018-13993 is classified as a medium severity vulnerability due to its potential impact on the affected devices.
How do I fix CVE-2018-13993?
To fix CVE-2018-13993, update the firmware of the affected Phoenix Contact FL Switch devices to the latest version beyond 1.34.
Which versions are affected by CVE-2018-13993?
CVE-2018-13993 affects multiple versions of PHOENIX CONTACT FL SWITCH devices with firmware versions from 1.0 to 1.34.
What is the nature of the vulnerability in CVE-2018-13993?
CVE-2018-13993 is a Cross-Site Request Forgery (CSRF) vulnerability that could allow attackers to execute unauthorized actions on the web interface.
Is there a workaround for CVE-2018-13993 if I cannot update immediately?
As an immediate measure, you can implement access controls and restrict access to the web interface to trusted networks to mitigate CVE-2018-13993.
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/type
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/phoenixcontact
- canonical/phoenixcontact fl switch 3005 firmware
- version/phoenixcontact fl switch 3005 firmware/1.0
- version/phoenixcontact fl switch 3005 firmware/1.34
- canonical/phoenixcontact fl switch 3005
- canonical/phoenixcontact fl switch 3005t firmware
- version/phoenixcontact fl switch 3005t firmware/1.0
- version/phoenixcontact fl switch 3005t firmware/1.34
- canonical/phoenix contact fl switch 3005t
- canonical/phoenixcontact fl switch 3004t-fx st firmware
- version/phoenixcontact fl switch 3004t-fx st firmware/1.0
- version/phoenixcontact fl switch 3004t-fx st firmware/1.34
- canonical/phoenix contact fl switch 3004t-fx
- canonical/phoenixcontact fl switch 3008 firmware
- version/phoenixcontact fl switch 3008 firmware/1.0
- version/phoenixcontact fl switch 3008 firmware/1.34
- canonical/phoenixcontact fl switch 3008
- canonical/phoenixcontact fl switch 3008t firmware
- version/phoenixcontact fl switch 3008t firmware/1.0
- version/phoenixcontact fl switch 3008t firmware/1.34
- canonical/phoenixcontact fl switch 3006t-2fx firmware
- version/phoenixcontact fl switch 3006t-2fx firmware/1.0
- version/phoenixcontact fl switch 3006t-2fx firmware/1.34
- canonical/phoenixcontact fl switch 3006t-2fx sm firmware
- canonical/phoenix contact fl switch 3006t-2fx st firmware
- version/phoenix contact fl switch 3006t-2fx st firmware/1.0
- version/phoenix contact fl switch 3006t-2fx st firmware/1.34
- canonical/phoenixcontact fl switch 3012e-2sfx
- version/phoenixcontact fl switch 3012e-2sfx/1.0
- version/phoenixcontact fl switch 3012e-2sfx/1.34
- canonical/phoenixcontact fl switch 3012e-2sfx firmware
- canonical/phoenixcontact fl switch 3016e firmware
- version/phoenixcontact fl switch 3016e firmware/1.0
- version/phoenixcontact fl switch 3016e firmware/1.34
- canonical/phoenixcontact fl switch 3016t firmware
- version/phoenixcontact fl switch 3016t firmware/1.0
- version/phoenixcontact fl switch 3016t firmware/1.34
- canonical/phoenixcontact fl switch 3016
- version/phoenixcontact fl switch 3006t-2fx sm firmware/1.0
- version/phoenixcontact fl switch 3006t-2fx sm firmware/1.34
- canonical/phoenixcontact fl switch 4008t-2sfp firmware
- version/phoenixcontact fl switch 4008t-2sfp firmware/1.0
- version/phoenixcontact fl switch 4008t-2sfp firmware/1.34
- canonical/phoenixcontact fl switch 4008t-2gt-4fx sm
- version/phoenixcontact fl switch 4008t-2gt-4fx sm/1.0
- version/phoenixcontact fl switch 4008t-2gt-4fx sm/1.34
- canonical/phoenixcontact fl switch 4008t-2gt-4fx sm firmware
- canonical/phoenixcontact fl switch 4008t-2gt-3fx sm
- version/phoenixcontact fl switch 4008t-2gt-3fx sm/1.0
- version/phoenixcontact fl switch 4008t-2gt-3fx sm/1.34
- canonical/phoenixcontact fl switch 4008t-2gt-3fx sm firmware
- canonical/phoenixcontact fl switch 4808e-16fx lc-4gc
- version/phoenixcontact fl switch 4808e-16fx lc-4gc/1.0
- version/phoenixcontact fl switch 4808e-16fx lc-4gc/1.34
- canonical/phoenixcontact fl switch 4808e-16fx lc-4gc firmware
- canonical/phoenixcontact fl switch 4808e-16fx sm-4gc firmware
- version/phoenixcontact fl switch 4808e-16fx sm-4gc firmware/1.0
- version/phoenixcontact fl switch 4808e-16fx sm-4gc firmware/1.34
- canonical/phoenixcontact fl switch 4808e-16fx sm st-4gc
- version/phoenixcontact fl switch 4808e-16fx sm st-4gc/1.0
- version/phoenixcontact fl switch 4808e-16fx sm st-4gc/1.34
- canonical/phoenixcontact fl switch 4808e-16fx sm st-4gc firmware
- canonical/phoenix contact fl switch 4808e-16fx st-4gc
- version/phoenix contact fl switch 4808e-16fx st-4gc/1.0
- version/phoenix contact fl switch 4808e-16fx st-4gc/1.34
- canonical/phoenixcontact fl switch 4808e-16fx st-4gc firmware
- canonical/phoenixcontact fl switch 4808e-16fx sm lc-4gc firmware
- version/phoenixcontact fl switch 4808e-16fx sm lc-4gc firmware/1.0
- version/phoenixcontact fl switch 4808e-16fx sm lc-4gc firmware/1.34
- canonical/phoenixcontact fl switch 4808e-16fx-4gc
- canonical/phoenixcontact fl switch 4012t 2gt 2fx
- version/phoenixcontact fl switch 4012t 2gt 2fx/1.0
- version/phoenixcontact fl switch 4012t 2gt 2fx/1.34
- canonical/phoenix contact fl switch 4012t-2gt-2fx st firmware
- canonical/phoenixcontact fl switch 4824e-4gc firmware
- version/phoenixcontact fl switch 4824e-4gc firmware/1.0
- version/phoenixcontact fl switch 4824e-4gc firmware/1.34
- canonical/phoenixcontact fl switch 4824e-4gc
- canonical/phoenixcontact fl switch 4800e-24fx sm-4gc firmware
- version/phoenixcontact fl switch 4800e-24fx sm-4gc firmware/1.0
- version/phoenixcontact fl switch 4800e-24fx sm-4gc firmware/1.34
- canonical/phoenixcontact fl switch 4800e-24fx sm-4gc
- version/phoenixcontact fl switch 4800e-24fx sm-4gc/1.0
- version/phoenixcontact fl switch 4800e-24fx sm-4gc/1.34
- canonical/phoenixcontact fl switch 3012e-2fx sm firmware
- version/phoenixcontact fl switch 3012e-2fx sm firmware/1.0
- version/phoenixcontact fl switch 3012e-2fx sm firmware/1.34
- canonical/phoenixcontact fl switch 4000t-8poe-2sfp-r firmware
- version/phoenixcontact fl switch 4000t-8poe-2sfp-r firmware/1.0
- version/phoenixcontact fl switch 4000t-8poe-2sfp-r firmware/1.34