7.8
CVE-2021-34570
- EPSS 0.3%
- Veröffentlicht 27.09.2021 09:15:07
- Zuletzt bearbeitet 21.11.2024 06:10:43
- Quelle info@cert.vde.com
- CVE-Watchlists
- Unerledigt
LoginPhoenix Contact: DoS for PLCnext Control devices in versions prior to 2021.0.5 LTS
Multiple Phoenix Contact PLCnext control devices in versions prior to 2021.0.5 LTS are prone to a DoS attack through special crafted JSON requests.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Phoenixcontact ≫ Plcnext Technology Starterkit Firmware SwEditionlts Version < 2021.0.5
Phoenixcontact ≫ Axc F 2152 Starterkit Firmware SwEditionlts Version < 2021.0.5
Phoenixcontact ≫ Rfc 4072s Firmware SwEditionlts Version < 2021.0.5
Phoenixcontact ≫ Axc F 3152 Firmware SwEditionlts Version < 2021.0.5
Phoenixcontact ≫ Axc F 1152 Firmware SwEditionlts Version < 2021.0.5
Phoenixcontact ≫ Axc F 2152 Firmware SwEditionlts Version < 2021.0.5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.3% | 0.525 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 7.8 | 10 | 6.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:C
|
| info@cert.vde.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.