CVE-2021-34570

EPSS 0.45%
Published 27.09.2021 09:15:07
Last modified 21.11.2024 06:10:43
Source info@cert.vde.com
Teams watchlist Login
Open Login

Multiple Phoenix Contact PLCnext control devices in versions prior to 2021.0.5 LTS are prone to a DoS attack through special crafted JSON requests.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Phoenixcontact ≫ Plcnext Technology Starterkit Firmware SwEditionlts Version < 2021.0.5

Phoenixcontact ≫ Plcnext Technology Starterkit Version-

Phoenixcontact ≫ Axc F 2152 Starterkit Firmware SwEditionlts Version < 2021.0.5

Phoenixcontact ≫ Axc F 2152 Starterkit Version-

Phoenixcontact ≫ Rfc 4072s Firmware SwEditionlts Version < 2021.0.5

Phoenixcontact ≫ Rfc 4072s Version-

Phoenixcontact ≫ Axc F 3152 Firmware SwEditionlts Version < 2021.0.5

Phoenixcontact ≫ Axc F 3152 Version-

Phoenixcontact ≫ Axc F 1152 Firmware SwEditionlts Version < 2021.0.5

Phoenixcontact ≫ Axc F 1152 Version-

Phoenixcontact ≫ Axc F 2152 Firmware SwEditionlts Version < 2021.0.5

Phoenixcontact ≫ Axc F 2152 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.45%	0.605

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	7.8	10	6.9	AV:N/AC:L/Au:N/C:N/I:N/A:C
info@cert.vde.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://cert.vde.com/en/advisories/VDE-2021-029/

Patch

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-34570

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-34570

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-34570

EUVD