CVE-2021-21004

EPSS 0.24%
Veröffentlicht 25.06.2021 19:15:08
Zuletzt bearbeitet 21.11.2024 05:47:23
Quelle info@cert.vde.com
CVE-Watchlists
Login
Unerledigt
Login

Cross-site Scripting Vulnerability in Phoenix Contact FL SWITCH SMCS series products

In Phoenix Contact FL SWITCH SMCS series products in multiple versions an attacker may insert malicious code via LLDP frames into the web-based management which could then be executed by the client.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

NVD 15 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Phoenixcontact ≫ Fl Switch Smcs 16tx Firmware Version <= 4.70

Phoenixcontact ≫ Fl Switch Smcs 16tx Version-

Phoenixcontact ≫ Fl Switch Smcs 14tx/2fx Firmware Version <= 4.70

Phoenixcontact ≫ Fl Switch Smcs 14tx/2fx Version-

Phoenixcontact ≫ Fl Switch Smcs 14tx/2fx-sm Firmware Version <= 4.70

Phoenixcontact ≫ Fl Switch Smcs 14tx/2fx-sm Version-

Phoenixcontact ≫ Fl Switch Smcs 8gt Firmware Version <= 4.70

Phoenixcontact ≫ Fl Switch Smcs 8gt Version-

Phoenixcontact ≫ Fl Switch Smcs 6gt/2sfp Firmware Version <= 4.70

Phoenixcontact ≫ Fl Switch Smcs 6gt/2sfp Version-

Phoenixcontact ≫ Fl Switch Smcs 8tx-pn Firmware Version <= 4.70

Phoenixcontact ≫ Fl Switch Smcs 8tx-pn Version-

Phoenixcontact ≫ Fl Switch Smcs 4tx-pn Firmware Version <= 4.70

Phoenixcontact ≫ Fl Switch Smcs 4tx-pn Version-

Phoenixcontact ≫ Fl Switch Smcs 8tx Firmware Version <= 4.70

Phoenixcontact ≫ Fl Switch Smcs 8tx Version-

Phoenixcontact ≫ Fl Switch Smcs 6tx/2sfp Firmware Version <= 4.70

Phoenixcontact ≫ Fl Switch Smcs 6tx/2sfp Version-

Phoenixcontact ≫ Fl Switch Smn 6tx/2pof-pn Firmware Version <= 4.70

Phoenixcontact ≫ Fl Switch Smn 6tx/2pof-pn Version-

Phoenixcontact ≫ Fl Switch Smn 8tx-pn Firmware Version <= 4.70

Phoenixcontact ≫ Fl Switch Smn 8tx-pn Version-

Phoenixcontact ≫ Fl Switch Smn 6tx/2fx Firmware Version <= 4.70

Phoenixcontact ≫ Fl Switch Smn 6tx/2fx Version-

Phoenixcontact ≫ Fl Switch Smn 6tx/2fx Sm Firmware Version <= 4.70

Phoenixcontact ≫ Fl Switch Smn 6tx/2fx Sm Version-

Phoenixcontact ≫ Fl Nat Smn 8tx Firmware Version <= 4.63

Phoenixcontact ≫ Fl Nat Smn 8tx Version-

Phoenixcontact ≫ Fl Nat Smn 8tx-m Firmware Version <= 4.63

Phoenixcontact ≫ Fl Nat Smn 8tx-m Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.24%	0.445

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N
info@cert.vde.com	7.4	2.1	4.7	CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://cert.vde.com/en-us/advisories/vde-2021-023

Third Party Advisory

Not Applicable

https://nvd.nist.gov/vuln/detail/CVE-2021-21004

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-21004

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-21004

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2021-21004