CVE-2021-33540

🗓️ 25 Jun 2021 18:26:04Reported by CERTVDEType

cve🔗 web.nvd.nist.gov📰️ 4 Media mentions👁 62 Views

In certain devices of Phoenix Contact AXL F BK and IL BK product families, an undocumented password protected FTP access to the root directory exists

Reporter	Title	Published	Views	Family All 6
CNNVD	Phoenix Contact AXL F BK and IL BK 信任管理问题漏洞	25 Jun 202100:00	–	cnnvd
Cvelist	CVE-2021-33540 Phoenix Contact: Undocumented FTP acces in certain AXL F BK and IL BK devices	25 Jun 202118:26	–	cvelist
EUVD	EUVD-2021-20232	7 Oct 202500:30	–	euvd
NVD	CVE-2021-33540	25 Jun 202119:15	–	nvd
OSV	CVE-2021-33540	25 Jun 202119:15	–	osv
Prion	Design/Logic Flaw	25 Jun 202119:15	–	prion

NVD

Vulners

Node

phoenixcontact axl_f_bk_pn_tps_xc_firmwareRange<1.30

AND

phoenixcontact axl_f_bk_pn_tps_xcMatch-

Node

phoenixcontact axl_f_bk_pn_tps_firmwareRange<1.30

AND

phoenixcontact axl_f_bk_pn_tpsMatch-

Node

phoenixcontact axl_f_bk_eip_firmwareRange<1.30

AND

phoenixcontact axl_f_bk_eipMatch-

Node

phoenixcontact axl_f_bk_eip_ef_firmwareRange<1.30

AND

phoenixcontact axl_f_bk_eip_efMatch-

Node

phoenixcontact axl_f_bk_eth_firmwareRange<1.30

AND

phoenixcontact axl_f_bk_ethMatch-

Node

phoenixcontact axl_f_bk_eth_xc_firmwareRange<1.30

AND

phoenixcontact axl_f_bk_eth_xcMatch-

Node

phoenixcontact axl_f_bk_s35_firmwareRange<1.40

AND

phoenixcontact axl_f_bk_s35Match-

Node

phoenixcontact axl_f_bk_pn_firmware

AND

phoenixcontact axl_f_bk_pnMatch-

Node

phoenixcontact axl_f_bk_pn_xc_firmware

AND

phoenixcontact axl_f_bk_pn_xcMatch-

Node

phoenixcontact axl_f_bk_eth_net2_firmware

AND

phoenixcontact axl_f_bk_eth_net2Match-

Node

phoenixcontact axl_f_bk_sas_firmware

AND

phoenixcontact axl_f_bk_sasMatch-

Node

phoenixcontact il_pn_bk-pac_firmware

AND

phoenixcontact il_pn_bk-pacMatch-

Node

phoenixcontact il_pn_bk_di8_do4_2tx-pac_firmware

AND

phoenixcontact il_pn_bk_di8_do4_2tx-pacMatch-

Node

phoenixcontact il_pn_bk_di8_do4_2scrj-pac_firmware

AND

phoenixcontact il_pn_bk_di8_do4_2scrj-pacMatch-

Node

phoenixcontact il_eth_bk_di8_do4_2tx-xc-pac_firmware

AND

phoenixcontact il_eth_bk_di8_do4_2tx-xc-pacMatch-

Node

phoenixcontact il_eth_bk_di8_do4_2tx-pac_firmware

AND

phoenixcontact il_eth_bk_di8_do4_2tx-pacMatch-

Node

phoenixcontact il_eip_bk_di8_do4_2tx-pac_firmware

AND

phoenixcontact il_eip_bk_di8_do4_2tx-pacMatch-

Node

phoenixcontact il_s3_bk_di8_do4_2tx-pac_firmware

AND

phoenixcontact il_s3_bk_di8_do4_2tx-pacMatch-

[
  {
    "platforms": [
      "HW < 01"
    ],
    "product": "AXL F BK",
    "vendor": "Phoenix Contact",
    "versions": [
      {
        "lessThan": "1.30",
        "status": "affected",
        "version": "AXL F PN TPS XC (1068857)",
        "versionType": "custom"
      },
      {
        "lessThan": "1.30",
        "status": "affected",
        "version": "AXL F EIP EF (2702782)",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "HW < 02"
    ],
    "product": "AXL F BK",
    "vendor": "Phoenix Contact",
    "versions": [
      {
        "lessThan": "1.30",
        "status": "affected",
        "version": "AXL F PN TPS (2403869)",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "HW < 05"
    ],
    "product": "AXL F BK",
    "vendor": "Phoenix Contact",
    "versions": [
      {
        "lessThan": "1.30",
        "status": "affected",
        "version": "AXL F EIP (2688394)",
        "versionType": "custom"
      },
      {
        "lessThan": "1.30",
        "status": "affected",
        "version": "AXL F ETH (2688459)",
        "versionType": "custom"
      },
      {
        "lessThan": "1.30",
        "status": "affected",
        "version": "AXL F ETH XC (2701949)",
        "versionType": "custom"
      },
      {
        "lessThan": "1.40",
        "status": "affected",
        "version": "AXL F S3 (2701686)",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "AXL F BK",
    "vendor": "Phoenix Contact",
    "versions": [
      {
        "status": "affected",
        "version": "AXL F PN (2701815) all revisions"
      },
      {
        "status": "affected",
        "version": "AXL F PN XC (2701222) all revisions"
      },
      {
        "status": "affected",
        "version": "AXL F ETH NET2 (2702177) all revisions"
      },
      {
        "status": "affected",
        "version": "AXL F SAS (2701457) all revisions"
      }
    ]
  },
  {
    "product": "IL",
    "vendor": "Phoenix Contact",
    "versions": [
      {
        "status": "affected",
        "version": "IL PN BK-PAC (2403696) all revisions"
      },
      {
        "status": "affected",
        "version": "IL PN BK DI8 DO4 2TX-PAC (2703994) all revisions"
      },
      {
        "status": "affected",
        "version": "IL PN BK DI8 DO4 2SCRJ-PAC (2878379) all revisions"
      },
      {
        "status": "affected",
        "version": "IL ETH BK DI8 DO4 2TX-XC-PAC (2701388) all revisions"
      },
      {
        "status": "affected",
        "version": "IL ETH BK DI8 DO4 2TX-PAC (2703981) all revisions"
      },
      {
        "status": "affected",
        "version": "IL EIP BK DI8 DO4 2TX-PAC (2897758) all revisions"
      },
      {
        "status": "affected",
        "version": "IL S3 BK DI8 DO4 2TX-PAC (2692380) all revisions"
      }
    ]
  }
]

Source	Link
cert	www.cert.vde.com/en-us/advisories/vde-2021-021

21 Nov 2024 06:09Current

7.4High risk

Vulners AI Score7.4

CVSS 3.17.3

CVSS 27.5

EPSS0.00236

CWE-798

cve-2021-33540 phoenix contact axl f bk il bk ftp access root directory undocumented password protected nvd