CVE-2019-9744
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
26/03/2019
Last modified:
05/06/2019
Description
An issue was discovered on PHOENIX CONTACT FL NAT SMCS 8TX, FL NAT SMN 8TX, FL NAT SMN 8TX-M, and FL NAT SMN 8TX-M-DMG devices. There is unauthorized access to the WEB-UI by attackers arriving from the same source IP address as an authenticated user, because this IP address is used as a session identifier.
Impact
Base Score 3.x
8.80
Severity 3.x
HIGH
Base Score 2.0
6.80
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:phoenixcontact:fl_nat_smn_8tx-m-dmg_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:phoenixcontact:fl_nat_smn_8tx-m-dmg:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:phoenixcontact:fl_nat_smn_8tx-m_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:phoenixcontact:fl_nat_smn_8tx-m:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:phoenixcontact:fl_nat_smn_8tx_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:phoenixcontact:fl_nat_smn_8tx:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:phoenixcontact:fl_nat_smcs_8tx_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:phoenixcontact:fl_nat_smcs_8tx:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page