CVE-2018-13992
Description
The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 allows for plaintext transmission (HTTP) of user credentials by default.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
The WebUI of PHOENIX CONTACT FL SWITCH devices transmits user credentials in cleartext over HTTP by default, enabling credential theft.
Vulnerability
The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, and 48xx devices (versions 1.0 to 1.34) transmits user credentials in cleartext over HTTP by default, as noted in the ICS-CERT advisory [1]. This is a cleartext transmission of sensitive information (CWE-319).
Exploitation
An attacker with network access to the switch can passively capture credentials by sniffing unencrypted HTTP traffic. No authentication or user interaction is required, and the attack is remotely exploitable with low skill level [1].
Impact
Successful exploitation allows the attacker to obtain user credentials, leading to unauthorized access to the switch with user privileges. This can result in reading sensitive information, modifying device configuration, or enabling further attacks such as man-in-the-middle [1].
Mitigation
The vulnerability is fixed in firmware version 1.35. Users should upgrade to this version or later. No workaround is documented; enabling HTTPS is recommended to prevent cleartext transmission [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- PHOENIX CONTACT/FL SWITCH 3xxx, 4xxx, 48xxdescription
- Range: >=1.0 <=1.34
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.securityfocus.com/bid/106737mitrex_refsource_MISC
- ics-cert.us-cert.gov/advisories/ICSA-19-024-02mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.