Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2020-12521
PUBLISHED
More InfoOfficial Page
Assigner-CERTVDE
Assigner Org ID-270ccfa6-a436-4e77-922e-914ec3a9685c
View Known Exploited Vulnerability (KEV) details
Published At-17 Dec, 2020 | 22:43
Updated At-17 Sep, 2024 | 04:14
Rejected At-
▼CVE Numbering Authority (CNA)
Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS: A specially crafted LLDP packet may lead to a high system load in the PROFINET stack.

On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS a specially crafted LLDP packet may lead to a high system load in the PROFINET stack. An attacker can cause failure of system services or a complete reboot.

Affected Products
Vendor
Phoenix Contact GmbH & Co. KGPhoenix Contact
Product
AXC F 1152 (1151412)
Versions
Affected
  • From unspecified before 2021.0 LTS (custom)
Vendor
Phoenix Contact GmbH & Co. KGPhoenix Contact
Product
AXC F 2152 (2404267)
Versions
Affected
  • From unspecified before 2021.0 LTS (custom)
Vendor
Phoenix Contact GmbH & Co. KGPhoenix Contact
Product
AXC F 3152 (1069208)
Versions
Affected
  • From unspecified before 2021.0 LTS (custom)
Vendor
Phoenix Contact GmbH & Co. KGPhoenix Contact
Product
RFC 4072S (1051328
Versions
Affected
  • From unspecified before 2021.0 LTS (custom)
Vendor
Phoenix Contact GmbH & Co. KGPhoenix Contact
Product
AXC F 2152 Starterkit (1046568)
Versions
Affected
  • From unspecified before 2021.0 LTS (custom)
Vendor
Phoenix Contact GmbH & Co. KGPhoenix Contact
Product
PLCnext Technology Starterkit (1188165)
Versions
Affected
  • From unspecified before 2021.0 LTS (custom)
Problem Types
TypeCWE IDDescription
CWECWE-20CWE-20 Improper Input Validation
Type: CWE
CWE ID: CWE-20
Description: CWE-20 Improper Input Validation
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Phoenix Contact recommends affected users to upgrade to the current Firmware 2021.0 LTS or higher which fixes these vulnerabilities.

Configurations
Workarounds

Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note.

Exploits
Credits
Phoenix Contact reported to CERT@VDE
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://cert.vde.com/en-us/advisories/vde-2020-049
x_refsource_CONFIRM
Hyperlink: https://cert.vde.com/en-us/advisories/vde-2020-049
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://cert.vde.com/en-us/advisories/vde-2020-049
x_refsource_CONFIRM
x_transferred
Hyperlink: https://cert.vde.com/en-us/advisories/vde-2020-049
Resource:
x_refsource_CONFIRM
x_transferred
Details not found