CVE-2021-21004

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

6.1MEDIUM

EPSS

0.2%

top 52.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phoenix Contact FL NAT Phoenix Contact FL Switch Phoenixcontact FL NAT SMN 8tx-m Firmware +14 more

Timeline

PublishedJun 25

Latest updateMay 24

Description

In Phoenix Contact FL SWITCH SMCS series products in multiple versions an attacker may insert malicious code via LLDP frames into the web-based management which could then be executed by the client.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:NExploitability: 2.1 | Impact: 4.7

Affected Packages17 packages

▶NVDphoenixcontact/fl_switch_smcs_8gt_firmware4.70

▶NVDphoenixcontact/fl_switch_smcs_8tx_firmware4.70

▶NVDphoenixcontact/fl_switch_smcs_16tx_firmware4.70

▶NVDphoenixcontact/fl_switch_smcs_4tx-pn_firmware4.70

▶NVDphoenixcontact/fl_switch_smcs_8tx-pn_firmware4.70

🔴Vulnerability Details

GHSA

GHSA-p92q-6vw3-958m: In Phoenix Contact FL SWITCH SMCS series products in multiple versions an attacker may insert malicious code via LLDP frames into the web-based manage↗2022-05-24

▶

CVEList

Cross-site Scripting Vulnerability in Phoenix Contact FL SWITCH SMCS series products↗2021-06-25

▶