Lucene search

CERTVDECVE-2021-33540

HistoryJun 25, 2021 - 7:15 p.m.

CVE-2021-33540

2021-06-2519:15:09

CWE-798

CERTVDE

web.nvd.nist.gov

cve-2021-33540

phoenix contact

axl f bk

il bk

ftp access

root directory

undocumented

password protected

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

7.3

Confidence

High

EPSS

0.001

Percentile

39.4%

JSON

In certain devices of the Phoenix Contact AXL F BK and IL BK product families an undocumented password protected FTP access to the root directory exists.

Affected configurations

Nvd

Node

phoenixcontactaxl_f_bk_pn_tps_xc_firmwareRange<1.30

AND

phoenixcontactaxl_f_bk_pn_tps_xcMatch-

Node

phoenixcontactaxl_f_bk_pn_tps_firmwareRange<1.30

AND

phoenixcontactaxl_f_bk_pn_tpsMatch-

Node

phoenixcontactaxl_f_bk_eip_firmwareRange<1.30

AND

phoenixcontactaxl_f_bk_eipMatch-

Node

phoenixcontactaxl_f_bk_eip_ef_firmwareRange<1.30

AND

phoenixcontactaxl_f_bk_eip_efMatch-

Node

phoenixcontactaxl_f_bk_eth_firmwareRange<1.30

AND

phoenixcontactaxl_f_bk_ethMatch-

Node

phoenixcontactaxl_f_bk_eth_xc_firmwareRange<1.30

AND

phoenixcontactaxl_f_bk_eth_xcMatch-

Node

phoenixcontactaxl_f_bk_s35_firmwareRange<1.40

AND

phoenixcontactaxl_f_bk_s35Match-

Node

phoenixcontactaxl_f_bk_pn_firmware

AND

phoenixcontactaxl_f_bk_pnMatch-

Node

phoenixcontactaxl_f_bk_pn_xc_firmware

AND

phoenixcontactaxl_f_bk_pn_xcMatch-

Node

phoenixcontactaxl_f_bk_eth_net2_firmware

AND

phoenixcontactaxl_f_bk_eth_net2Match-

Node

phoenixcontactaxl_f_bk_sas_firmware

AND

phoenixcontactaxl_f_bk_sasMatch-

Node

phoenixcontactil_pn_bk-pac_firmware

AND

phoenixcontactil_pn_bk-pacMatch-

Node

phoenixcontactil_pn_bk_di8_do4_2tx-pac_firmware

AND

phoenixcontactil_pn_bk_di8_do4_2tx-pacMatch-

Node

phoenixcontactil_pn_bk_di8_do4_2scrj-pac_firmware

AND

phoenixcontactil_pn_bk_di8_do4_2scrj-pacMatch-

Node

phoenixcontactil_eth_bk_di8_do4_2tx-xc-pac_firmware

AND

phoenixcontactil_eth_bk_di8_do4_2tx-xc-pacMatch-

Node

phoenixcontactil_eth_bk_di8_do4_2tx-pac_firmware

AND

phoenixcontactil_eth_bk_di8_do4_2tx-pacMatch-

Node

phoenixcontactil_eip_bk_di8_do4_2tx-pac_firmware

AND

phoenixcontactil_eip_bk_di8_do4_2tx-pacMatch-

Node

phoenixcontactil_s3_bk_di8_do4_2tx-pac_firmware

AND

phoenixcontactil_s3_bk_di8_do4_2tx-pacMatch-

VendorProductVersionCPE
phoenixcontactaxl_f_bk_pn_tps_xc_firmware*cpe:2.3:o:phoenixcontact:axl_f_bk_pn_tps_xc_firmware:*:*:*:*:*:*:*:*
phoenixcontactaxl_f_bk_pn_tps_xc-cpe:2.3:h:phoenixcontact:axl_f_bk_pn_tps_xc:-:*:*:*:*:*:*:*
phoenixcontactaxl_f_bk_pn_tps_firmware*cpe:2.3:o:phoenixcontact:axl_f_bk_pn_tps_firmware:*:*:*:*:*:*:*:*
phoenixcontactaxl_f_bk_pn_tps-cpe:2.3:h:phoenixcontact:axl_f_bk_pn_tps:-:*:*:*:*:*:*:*
phoenixcontactaxl_f_bk_eip_firmware*cpe:2.3:o:phoenixcontact:axl_f_bk_eip_firmware:*:*:*:*:*:*:*:*
phoenixcontactaxl_f_bk_eip-cpe:2.3:h:phoenixcontact:axl_f_bk_eip:-:*:*:*:*:*:*:*
phoenixcontactaxl_f_bk_eip_ef_firmware*cpe:2.3:o:phoenixcontact:axl_f_bk_eip_ef_firmware:*:*:*:*:*:*:*:*
phoenixcontactaxl_f_bk_eip_ef-cpe:2.3:h:phoenixcontact:axl_f_bk_eip_ef:-:*:*:*:*:*:*:*
phoenixcontactaxl_f_bk_eth_firmware*cpe:2.3:o:phoenixcontact:axl_f_bk_eth_firmware:*:*:*:*:*:*:*:*
phoenixcontactaxl_f_bk_eth-cpe:2.3:h:phoenixcontact:axl_f_bk_eth:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
phoenixcontact	axl_f_bk_pn_tps_xc_firmware	*	cpe:2.3:o:phoenixcontact:axl_f_bk_pn_tps_xc_firmware::::::::
phoenixcontact	axl_f_bk_pn_tps_xc	-	cpe:2.3:h:phoenixcontact:axl_f_bk_pn_tps_xc:-:::::::*
phoenixcontact	axl_f_bk_pn_tps_firmware	*	cpe:2.3:o:phoenixcontact:axl_f_bk_pn_tps_firmware::::::::
phoenixcontact	axl_f_bk_pn_tps	-	cpe:2.3:h:phoenixcontact:axl_f_bk_pn_tps:-:::::::*
phoenixcontact	axl_f_bk_eip_firmware	*	cpe:2.3:o:phoenixcontact:axl_f_bk_eip_firmware::::::::
phoenixcontact	axl_f_bk_eip	-	cpe:2.3:h:phoenixcontact:axl_f_bk_eip:-:::::::*
phoenixcontact	axl_f_bk_eip_ef_firmware	*	cpe:2.3:o:phoenixcontact:axl_f_bk_eip_ef_firmware::::::::
phoenixcontact	axl_f_bk_eip_ef	-	cpe:2.3:h:phoenixcontact:axl_f_bk_eip_ef:-:::::::*
phoenixcontact	axl_f_bk_eth_firmware	*	cpe:2.3:o:phoenixcontact:axl_f_bk_eth_firmware::::::::
phoenixcontact	axl_f_bk_eth	-	cpe:2.3:h:phoenixcontact:axl_f_bk_eth:-:::::::*

Rows per page:

1-10 of 361

CNA Affected

[
  {
    "platforms": [
      "HW < 01"
    ],
    "product": "AXL F BK",
    "vendor": "Phoenix Contact",
    "versions": [
      {
        "lessThan": "1.30",
        "status": "affected",
        "version": "AXL F PN TPS XC (1068857)",
        "versionType": "custom"
      },
      {
        "lessThan": "1.30",
        "status": "affected",
        "version": "AXL F EIP EF (2702782)",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "HW < 02"
    ],
    "product": "AXL F BK",
    "vendor": "Phoenix Contact",
    "versions": [
      {
        "lessThan": "1.30",
        "status": "affected",
        "version": "AXL F PN TPS (2403869)",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "HW < 05"
    ],
    "product": "AXL F BK",
    "vendor": "Phoenix Contact",
    "versions": [
      {
        "lessThan": "1.30",
        "status": "affected",
        "version": "AXL F EIP (2688394)",
        "versionType": "custom"
      },
      {
        "lessThan": "1.30",
        "status": "affected",
        "version": "AXL F ETH (2688459)",
        "versionType": "custom"
      },
      {
        "lessThan": "1.30",
        "status": "affected",
        "version": "AXL F ETH XC (2701949)",
        "versionType": "custom"
      },
      {
        "lessThan": "1.40",
        "status": "affected",
        "version": "AXL F S3 (2701686)",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "AXL F BK",
    "vendor": "Phoenix Contact",
    "versions": [
      {
        "status": "affected",
        "version": "AXL F PN (2701815) all revisions"
      },
      {
        "status": "affected",
        "version": "AXL F PN XC (2701222) all revisions"
      },
      {
        "status": "affected",
        "version": "AXL F ETH NET2 (2702177) all revisions"
      },
      {
        "status": "affected",
        "version": "AXL F SAS (2701457) all revisions"
      }
    ]
  },
  {
    "product": "IL",
    "vendor": "Phoenix Contact",
    "versions": [
      {
        "status": "affected",
        "version": "IL PN BK-PAC (2403696) all revisions"
      },
      {
        "status": "affected",
        "version": "IL PN BK DI8 DO4 2TX-PAC (2703994) all revisions"
      },
      {
        "status": "affected",
        "version": "IL PN BK DI8 DO4 2SCRJ-PAC (2878379) all revisions"
      },
      {
        "status": "affected",
        "version": "IL ETH BK DI8 DO4 2TX-XC-PAC (2701388) all revisions"
      },
      {
        "status": "affected",
        "version": "IL ETH BK DI8 DO4 2TX-PAC (2703981) all revisions"
      },
      {
        "status": "affected",
        "version": "IL EIP BK DI8 DO4 2TX-PAC (2897758) all revisions"
      },
      {
        "status": "affected",
        "version": "IL S3 BK DI8 DO4 2TX-PAC (2692380) all revisions"
      }
    ]
  }
]

References

cert.vde.com/en-us/advisories/vde-2021-021

Social References

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

7.3

Confidence

High

EPSS

0.001

Percentile

39.4%

JSON

Related for CVE-2021-33540