CVE-2018-13994

Vulnerability

The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, and 48xx series devices running firmware versions 1.0 to 1.34 is susceptible to an uncontrolled resource consumption vulnerability (CWE-400) [1]. An attacker can trigger a denial-of-service condition by making more than 120 concurrent connections to the WebUI, exhausting available resources and rendering the web interface unresponsive [1].

Exploitation

The attacker requires network access to the switch's WebUI (typically exposed on TCP port 80 or 443). No authentication is needed to initiate the attack. By opening more than 120 simultaneous connections—using a simple script or tool that sends HTTP requests without closing them—the attacker can exhaust the device's connection handling capacity. This does not require any user interaction or special privileges [1].

Impact

Successful exploitation leads to a denial-of-service (DoS) condition on the WebUI. The switch itself may continue to forward network traffic, but administrative access via the web interface becomes impossible until the excessive connections are terminated or the device is rebooted. This impacts availability of the management interface but does not directly lead to data disclosure or code execution per the available references [1].

Mitigation

Phoenix Contact released firmware version 1.35 to address this vulnerability. Users should update to firmware 1.35 or later. The advisory notes that the vendor recommends restricting network access to the WebUI and using firewall rules to limit the number of connections from untrusted networks as a workaround [1].