5
CVSSv2

CVE-2018-13990

Published: 06/05/2019 Updated: 09/10/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions before 1.35 is vulnerable to brute-force attacks, because of Improper Restriction of Excessive Authentication Attempts.

Vulnerability Trend

Recent Articles

Network kit biz Phoenix takes heat as flaws may leave industrial control system security in ashes
The Register • Shaun Nichols in San Francisco • 11 Feb 2019

Oil, gas, maritime systems affected by latest bug findings

Companies running a popular brand of industrial Ethernet switch are being advised to update their firmware ASAP following a series of bug disclosures.
Security house Positive Technologies took credit today for the discovery of six CVE-listed security vulnerabilities in the Phoenix Contact FL Switch 3xxx, 4xxx, and 48xx industrial control switches. The flaws are addressed in firmware versions 1.35 or newer.
Among the now-patched flaws were several Positive described as "critical" secu...