Phoenix Contact ILC PLCs Denial of Service (CVE-2021-33541)

2023-01-2500:00:00

www.tenable.com

phoenix contact

ilc plcs

denial of service

cve-2021-33541

communication protocols

authentication

remote attackers

ip packets

network communication

tenable.ot.

EPSS

0.002

Percentile

60.0%

JSON

Phoenix Contact Classic Line Controllers ILC1x0 and ILC1x1 in all versions/variants are affected by a Denial-of-Service vulnerability.
The communication protocols and device access do not feature authentication measures. Remote attackers can use specially crafted IP packets to cause a denial of service on the PLC’s network communication module. A successful attack stops all network communication. To restore the network connectivity the device needs to be restarted. The automation task is not affected.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(500739);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/17");

  script_cve_id("CVE-2021-33541");

  script_name(english:"Phoenix Contact ILC PLCs Denial of Service (CVE-2021-33541)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"Phoenix Contact Classic Line Controllers ILC1x0 and ILC1x1 in all
versions/variants are affected by a Denial-of-Service vulnerability.
The communication protocols and device access do not feature
authentication measures. Remote attackers can use specially crafted IP
packets to cause a denial of service on the PLC's network
communication module. A successful attack stops all network
communication. To restore the network connectivity the device needs to
be restarted. The automation task is not affected.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"https://cert.vde.com/en-us/advisories/vde-2021-019");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-33541");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(770);

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/06/25");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/06/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/01/25");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:phoenixcontact:ilc1x0_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:phoenixcontact:ilc1x1_firmware");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/PhoenixContact");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/PhoenixContact');

var asset = tenable_ot::assets::get(vendor:'PhoenixContact');

var vuln_cpes = {
    "cpe:/o:phoenixcontact:ilc1x0_firmware" :
        {"family" : "ILC"},
    "cpe:/o:phoenixcontact:ilc1x1_firmware" :
        {"family" : "ILC"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);