Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2021-34570
PUBLISHED
More InfoOfficial Page
Assigner-CERTVDE
Assigner Org ID-270ccfa6-a436-4e77-922e-914ec3a9685c
View Known Exploited Vulnerability (KEV) details
Published At-27 Sep, 2021 | 08:25
Updated At-16 Sep, 2024 | 22:09
Rejected At-
▼CVE Numbering Authority (CNA)
Phoenix Contact: DoS for PLCnext Control devices in versions prior to 2021.0.5 LTS

Multiple Phoenix Contact PLCnext control devices in versions prior to 2021.0.5 LTS are prone to a DoS attack through special crafted JSON requests.

Affected Products
Vendor
Phoenix Contact GmbH & Co. KGPhoenix Contact
Product
AXC F
Versions
Affected
  • From AXC F 1152 (1151412) before 2021.0.5 LTS (custom)
  • From AXC F 2152 (2404267) before 2021.0.5 LTS (custom)
  • From AXC F 3152 (1069208) before 2021.0.5 LTS (custom)
  • From AXC F 2152 Starterkit (1046568) before 2021.0.5 LTS (custom)
Vendor
Phoenix Contact GmbH & Co. KGPhoenix Contact
Product
RFC
Versions
Affected
  • From RFC 4072S (1051328) before 2021.0.5 LTS (custom)
Vendor
Phoenix Contact GmbH & Co. KGPhoenix Contact
Product
PLCnext
Versions
Affected
  • From PLCnext Technology Starterkit (1188165) before 2021.0.5 LTS (custom)
Problem Types
TypeCWE IDDescription
CWECWE-20CWE-20 Improper Input Validation
Type: CWE
CWE ID: CWE-20
Description: CWE-20 Improper Input Validation
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Phoenix Contact recommends affected users to upgrade to the current Firmware 2021.0.5 LTS or higher which fixes this vulnerability.

Configurations
Workarounds

Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note: Measures to protect network-capable devices with Ethernet connection

Exploits
Credits
The vulnerability was discovered by Oliver Carrigan of Dionach. We kindly appreciate the coordinated disclosure of these vulnerabilities by the finder. PHOENIX CONTACT thanks CERT@VDE for the coordination and support with this publication.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://cert.vde.com/en/advisories/VDE-2021-029/
x_refsource_CONFIRM
Hyperlink: https://cert.vde.com/en/advisories/VDE-2021-029/
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://cert.vde.com/en/advisories/VDE-2021-029/
x_refsource_CONFIRM
x_transferred
Hyperlink: https://cert.vde.com/en/advisories/VDE-2021-029/
Resource:
x_refsource_CONFIRM
x_transferred
Details not found