7.8
CVE-2021-34570
- EPSS 0.45%
- Veröffentlicht 27.09.2021 09:15:07
- Zuletzt bearbeitet 21.11.2024 06:10:43
- Quelle info@cert.vde.com
- Teams Watchlist Login
- Unerledigt Login
Multiple Phoenix Contact PLCnext control devices in versions prior to 2021.0.5 LTS are prone to a DoS attack through special crafted JSON requests.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Phoenixcontact ≫ Plcnext Technology Starterkit Firmware SwEditionlts Version < 2021.0.5
Phoenixcontact ≫ Axc F 2152 Starterkit Firmware SwEditionlts Version < 2021.0.5
Phoenixcontact ≫ Rfc 4072s Firmware SwEditionlts Version < 2021.0.5
Phoenixcontact ≫ Axc F 3152 Firmware SwEditionlts Version < 2021.0.5
Phoenixcontact ≫ Axc F 1152 Firmware SwEditionlts Version < 2021.0.5
Phoenixcontact ≫ Axc F 2152 Firmware SwEditionlts Version < 2021.0.5
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.45% | 0.605 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 7.8 | 10 | 6.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:C
|
| info@cert.vde.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.