Lucene search

CERTVDECVELIST:CVE-2021-33541

HistoryJun 25, 2021 - 6:26 p.m.

CVE-2021-33541 Phoenix Contact: ILC1x Industrial controllers affected by Denial-of-Service vulnerability

2021-06-2518:26:05

CWE-770

CERTVDE

www.cve.org

phoenix contact

ilc1x

industrial controllers

denial-of-service

vulnerability

communication protocols

authentication

remote attackers

ip packets

plc

network communication

restart

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

60.0%

JSON

Phoenix Contact Classic Line Controllers ILC1x0 and ILC1x1 in all versions/variants are affected by a Denial-of-Service vulnerability. The communication protocols and device access do not feature authentication measures. Remote attackers can use specially crafted IP packets to cause a denial of service on the PLC’s network communication module. A successful attack stops all network communication. To restore the network connectivity the device needs to be restarted. The automation task is not affected.

CNA Affected

[
  {
    "product": "ILC1x",
    "vendor": "Phoenix Contact",
    "versions": [
      {
        "status": "affected",
        "version": "ILC1x0 all variants"
      },
      {
        "status": "affected",
        "version": "ILC1x1 all variants"
      }
    ]
  }
]

References

cert.vde.com/en-us/advisories/vde-2021-019

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

60.0%

JSON

Related for CVELIST:CVE-2021-33541