CVE-2021-33541

EPSS 1.31%
Veröffentlicht 25.06.2021 19:15:09
Zuletzt bearbeitet 21.11.2024 06:09:02
Quelle info@cert.vde.com
Teams Watchlist Login
Unerledigt Login

Phoenix Contact Classic Line Controllers ILC1x0 and ILC1x1 in all versions/variants are affected by a Denial-of-Service vulnerability. The communication protocols and device access do not feature authentication measures. Remote attackers can use specially crafted IP packets to cause a denial of service on the PLC's network communication module. A successful attack stops all network communication. To restore the network connectivity the device needs to be restarted. The automation task is not affected.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Phoenixcontact ≫ Ilc1x0 Firmware

Phoenixcontact ≫ Ilc1x0 Version-

Phoenixcontact ≫ Ilc1x1 Firmware

Phoenixcontact ≫ Ilc1x1 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.31%	0.779

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	7.8	10	6.9	AV:N/AC:L/Au:N/C:N/I:N/A:C
info@cert.vde.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

https://cert.vde.com/en-us/advisories/vde-2021-019

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-33541

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-33541

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-33541

EUVD