CVE-2020-12521

CWE-20 — Improper Input Validation3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.1%

top 75.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phoenix Contact AXC F 1152 (1151412)Phoenix Contact AXC F 2152 (2404267)Phoenix Contact AXC F 2152 Starterkit (1046568)+4 more

Timeline

PublishedDec 17

Latest updateMay 24

Description

On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS a specially crafted LLDP packet may lead to a high system load in the PROFINET stack. An attacker can cause failure of system services or a complete reboot.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages7 packages

▶NVDphoenixcontact/plcnext_firmware< 2021.0

▶CVEListV5phoenix_contact/plcnext_technology_starterkit_(1188165)unspecified — 2021.0 LTS

▶CVEListV5phoenix_contact/rfc_4072s_(1051328unspecified — 2021.0 LTS

▶CVEListV5phoenix_contact/axc_f_1152_(1151412)unspecified — 2021.0 LTS

▶CVEListV5phoenix_contact/axc_f_2152_(2404267)unspecified — 2021.0 LTS

🔴Vulnerability Details

GHSA

GHSA-vp46-jgwp-q8w3: On Phoenix Contact PLCnext Control Devices versions before 2021↗2022-05-24

▶

CVEList

Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS: A specially crafted LLDP packet may lead to a high system load in the PROFINET stack.↗2020-12-17

▶