ID
VAR-202002-0461
CVE
CVE-2019-18352
TITLE
PHOENIX CONTACT FL NAT 2208 and 2304-2GC-2SFP Unauthorized authentication vulnerabilities in devices
Trust: 0.8
sources:
JVNDB: JVNDB-2019-014761
DESCRIPTION
Improper access control exists on PHOENIX CONTACT FL NAT 2208 devices before V2.90 and FL NAT 2304-2GC-2SFP devices before V2.90 when using MAC-based port security. The vulnerability stems from a network system or product that did not properly restrict access to resources from unauthorized roles. No detailed vulnerability details are provided at this time
Trust: 2.34
sources:
NVD: CVE-2019-18352 //
JVNDB: JVNDB-2019-014761 //
CNVD: CNVD-2020-15265 //
IVD: d47ae729-35c4-47fc-9327-d1e962122aed
IOT TAXONOMY
| category: | ['ICS', 'Network device'] | sub_category: | - | Trust: 0.6 |
| category: | ['ICS'] | sub_category: | - | Trust: 0.2 |
sources:
IVD: d47ae729-35c4-47fc-9327-d1e962122aed //
CNVD: CNVD-2020-15265
AFFECTED PRODUCTS
| vendor: | phoenixcontact | model: | fl nat 2208 | scope: | lt | version: | 2.90 | Trust: 1.0 |
| vendor: | phoenixcontact | model: | fl nat 2304-2gc-2sfp | scope: | lt | version: | 2.90 | Trust: 1.0 |
| vendor: | phoenix contact | model: | fl nat 2208 | scope: | eq | version: | 2.90 | Trust: 0.8 |
| vendor: | phoenix contact | model: | fl nat 2304-2gc-2sfp | scope: | eq | version: | 2.90 | Trust: 0.8 |
| vendor: | phoenix | model: | contact fl nat | scope: | eq | version: | 2208<v2.90 | Trust: 0.6 |
| vendor: | phoenix | model: | contact fl nat 2304-2gc-2sfp | scope: | lt | version: | v2.90 | Trust: 0.6 |
| vendor: | fl nat 2208 | model: | - | scope: | eq | version: | * | Trust: 0.2 |
| vendor: | fl nat 2304 2gc 2sfp | model: | - | scope: | eq | version: | * | Trust: 0.2 |
sources:
IVD: d47ae729-35c4-47fc-9327-d1e962122aed //
CNVD: CNVD-2020-15265 //
JVNDB: JVNDB-2019-014761 //
NVD: CVE-2019-18352
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
IVD: d47ae729-35c4-47fc-9327-d1e962122aed //
CNVD: CNVD-2020-15265 //
JVNDB: JVNDB-2019-014761 //
CNNVD: CNNVD-202002-904 //
NVD: CVE-2019-18352
PROBLEMTYPE DATA
| problemtype: | NVD-CWE-noinfo | Trust: 1.0 |
| problemtype: | CWE-863 | Trust: 0.8 |
sources:
JVNDB: JVNDB-2019-014761 //
NVD: CVE-2019-18352
THREAT TYPE
remote or local
Trust: 0.6
sources:
CNNVD: CNNVD-202002-904
TYPE
Access control error
Trust: 0.8
sources:
IVD: d47ae729-35c4-47fc-9327-d1e962122aed //
CNNVD: CNNVD-202002-904
CONFIGURATIONS
sources:
JVNDB: JVNDB-2019-014761
PATCH
| title: | Top Page | url: | https://www.phoenixcontact.com/online/portal/us | Trust: 0.8 |
| title: | Patch for Phoenix Contact FL NAT 2208 and 2304-2GC-2SFP Access Control Error Vulnerability | url: | https://www.cnvd.org.cn/patchInfo/show/206803 | Trust: 0.6 |
| title: | Phoenix Contact FL NAT 2208 and 2304-2GC-2SFP Fixes for access control error vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111197 | Trust: 0.6 |
sources:
CNVD: CNVD-2020-15265 //
JVNDB: JVNDB-2019-014761 //
CNNVD: CNNVD-202002-904
EXTERNAL IDS
| db: | NVD | id: | CVE-2019-18352 | Trust: 3.2 |
| db: | CERT@VDE | id: | VDE-2019-020 | Trust: 3.0 |
| db: | CNVD | id: | CNVD-2020-15265 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-202002-904 | Trust: 0.8 |
| db: | JVNDB | id: | JVNDB-2019-014761 | Trust: 0.8 |
| db: | IVD | id: | D47AE729-35C4-47FC-9327-D1E962122AED | Trust: 0.2 |
sources:
IVD: d47ae729-35c4-47fc-9327-d1e962122aed //
CNVD: CNVD-2020-15265 //
JVNDB: JVNDB-2019-014761 //
CNNVD: CNNVD-202002-904 //
NVD: CVE-2019-18352
REFERENCES
| url: | https://cert.vde.com/de-de/advisories/vde-2019-020 | Trust: 3.0 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2019-18352 | Trust: 2.0 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18352 | Trust: 0.8 |
sources:
CNVD: CNVD-2020-15265 //
JVNDB: JVNDB-2019-014761 //
CNNVD: CNNVD-202002-904 //
NVD: CVE-2019-18352
SOURCES
| db: | IVD | id: | d47ae729-35c4-47fc-9327-d1e962122aed |
| db: | CNVD | id: | CNVD-2020-15265 |
| db: | JVNDB | id: | JVNDB-2019-014761 |
| db: | CNNVD | id: | CNNVD-202002-904 |
| db: | NVD | id: | CVE-2019-18352 |
LAST UPDATE DATE
2024-11-23T22:05:48.259000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2020-15265 | date: | 2020-03-04T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-014761 | date: | 2020-03-16T00:00:00 |
| db: | CNNVD | id: | CNNVD-202002-904 | date: | 2020-08-25T00:00:00 |
| db: | NVD | id: | CVE-2019-18352 | date: | 2024-11-21T04:33:07.103 |
SOURCES RELEASE DATE
| db: | IVD | id: | d47ae729-35c4-47fc-9327-d1e962122aed | date: | 2020-02-18T00:00:00 |
| db: | CNVD | id: | CNVD-2020-15265 | date: | 2020-03-04T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-014761 | date: | 2020-03-16T00:00:00 |
| db: | CNNVD | id: | CNNVD-202002-904 | date: | 2020-02-18T00:00:00 |
| db: | NVD | id: | CVE-2019-18352 | date: | 2020-02-18T16:15:10.923 |