An issue was discovered on PHOENIX CONTACT FL NAT SMCS 8TX, FL NAT SMN 8TX, FL NAT SMN 8TX-M, and FL NAT SMN 8TX-M-DMG devices. There is unauthorized access to the WEB-UI by attackers arriving from the same source IP address as an authenticated user, because this IP address is used as a session identifier.
References
Link | Resource |
---|---|
https://cert.vde.com/de-de/advisories/vde-2019-006 | Mitigation Vendor Advisory |
http://www.securityfocus.com/bid/108576 | |
https://ics-cert.us-cert.gov/advisories/ICSA-19-155-02 |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Information
Published : 2019-03-26 13:29
Updated : 2019-06-05 03:29
NVD link : CVE-2019-9744
Mitre link : CVE-2019-9744
JSON object : View
CWE
CWE-384
Session Fixation
Products Affected
phoenixcontact
- fl_nat_smcs_8tx_firmware
- fl_nat_smn_8tx_firmware
- fl_nat_smn_8tx-m-dmg
- fl_nat_smcs_8tx
- fl_nat_smn_8tx-m-dmg_firmware
- fl_nat_smn_8tx-m_firmware
- fl_nat_smn_8tx
- fl_nat_smn_8tx-m