Lucene search
K

Phoenix Contact PLCnext Improper Input Validation (CVE-2021-34570)

🗓️ 04 Dec 2024 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 7 Views

Phoenix Contact PLCnext devices are vulnerable to denial of service due to improper input validation.

Related
Refs
Code
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2021-34570
3 Aug 202122:00
attackerkb
Circl
CVE-2021-34570
27 Sep 202112:34
circl
CNNVD
Phoenix Contact PLCnext Control Devices 输入验证错误漏洞
27 Sep 202100:00
cnnvd
CVE
CVE-2021-34570
27 Sep 202108:25
cve
Cvelist
CVE-2021-34570 Phoenix Contact: DoS for PLCnext Control devices in versions prior to 2021.0.5 LTS
27 Sep 202108:25
cvelist
EUVD
EUVD-2021-21220
7 Oct 202500:30
euvd
NVD
CVE-2021-34570
27 Sep 202109:15
nvd
OSV
CVE-2021-34570
27 Sep 202109:15
osv
Prion
Code injection
27 Sep 202109:15
prion
Tenable Nessus
Phoenix Contact PLCnext Improper Input Validation (CVE-2021-34570)
25 Jan 202300:00
nessus
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(502751);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/12/04");

  script_cve_id("CVE-2021-34570");

  script_name(english:"Phoenix Contact PLCnext Improper Input Validation (CVE-2021-34570)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"Multiple Phoenix Contact PLCnext control devices in versions prior to
2021.0.5 LTS are prone to a DoS attack through special crafted JSON
requests.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"https://cert.vde.com/en/advisories/VDE-2021-029/");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-34570");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(20);

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/09/27");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/09/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/12/04");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:phoenixcontact:axc_f_1152_firmware:::~~lts~~~");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:phoenixcontact:axc_f_2152_firmware:::~~lts~~~");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:phoenixcontact:axc_f_2152_starterkit_firmware:::~~lts~~~");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:phoenixcontact:axc_f_3152_firmware:::~~lts~~~");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:phoenixcontact:rfc_4072s_firmware:::~~lts~~~");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/PhoenixContact");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/PhoenixContact');

var asset = tenable_ot::assets::get(vendor:'PhoenixContact');

var vuln_cpes = {
    "cpe:/o:phoenixcontact:axc_f_2152_starterkit_firmware:::~~lts~~~" :
        {"versionEndExcluding" : "2021.0.5", "family" : "AXC"},
    "cpe:/o:phoenixcontact:rfc_4072s_firmware:::~~lts~~~" :
        {"versionEndExcluding" : "2021.0.5", "family" : "RFC"},
    "cpe:/o:phoenixcontact:axc_f_3152_firmware:::~~lts~~~" :
        {"versionEndExcluding" : "2021.0.5", "family" : "AXC"},
    "cpe:/o:phoenixcontact:axc_f_1152_firmware:::~~lts~~~" :
        {"versionEndExcluding" : "2021.0.5", "family" : "AXC"},
    "cpe:/o:phoenixcontact:axc_f_2152_firmware:::~~lts~~~" :
        {"versionEndExcluding" : "2021.0.5", "family" : "AXC"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Dec 2024 00:00Current
7.4High risk
Vulners AI Score7.4
CVSS 3.17.5
CVSS 27.8
EPSS0.00947
7