CVE-2021-21005: In Phoenix Contact FL SWITCH SMCS series products in multiple versions if an attacker sends a hand-crafted TCP-Packet with the Urgent-Flag set and the…

high7.5CVSS 3.1

AVNACLPRNUINSUCNINAH

In Phoenix Contact FL SWITCH SMCS series products in multiple versions if an attacker sends a hand-crafted TCP-Packet with the Urgent-Flag set and the Urgent-Pointer set to 0, the network stack will crash. The device needs to be rebooted afterwards.

Affected

30 ranges· showing 25

Vendor	Product	Version range	Fixed in
phoenix_contact	fl_nat	SMN 8TX (2989365) – 4.63	—
phoenix_contact	fl_nat	SMN 8TX-M (2702443) – 4.63	—
phoenix_contact	fl_switch	SMCS 14TX/2FX (2700997) – 4.70	—
phoenix_contact	fl_switch	SMCS 14TX/2FX-SM (2701466) – 4.70	—
phoenix_contact	fl_switch	SMCS 16TX (2700996) – 4.70	—
phoenix_contact	fl_switch	SMCS 4TX-PN (2989093) – 4.70	—
phoenix_contact	fl_switch	SMCS 6GT/2SFP (2891479) – 4.70	—
phoenix_contact	fl_switch	SMCS 6TX/2SFP (2989323) – 4.70	—
phoenix_contact	fl_switch	SMCS 8GT (2891123) – 4.70	—
phoenix_contact	fl_switch	SMCS 8TX (2989226) – 4.70	—
phoenix_contact	fl_switch	SMCS 8TX-PN (2989103) – 4.70	—
phoenix_contact	fl_switch	SMN 6TX/2FX (2989543) – 4.70	—
phoenix_contact	fl_switch	SMN 6TX/2FX SM (2989556) – 4.70	—
phoenix_contact	fl_switch	SMN 6TX/2POF-PN (2700290) – 4.70	—
phoenix_contact	fl_switch	SMN 8TX-PN (2989501) – 4.70	—
phoenixcontact	fl_nat_smn_8tx-m_firmware	<= 4.63	—
phoenixcontact	fl_nat_smn_8tx_firmware	<= 4.63	—
phoenixcontact	fl_switch_smcs_14tx_2fx-sm_firmware	<= 4.70	—
phoenixcontact	fl_switch_smcs_14tx_2fx_firmware	<= 4.70	—
phoenixcontact	fl_switch_smcs_16tx_firmware	<= 4.70	—
phoenixcontact	fl_switch_smcs_4tx-pn_firmware	<= 4.70	—
phoenixcontact	fl_switch_smcs_6gt_2sfp_firmware	<= 4.70	—
phoenixcontact	fl_switch_smcs_6tx_2sfp_firmware	<= 4.70	—
phoenixcontact	fl_switch_smcs_8gt_firmware	<= 4.70	—
phoenixcontact	fl_switch_smcs_8tx-pn_firmware	<= 4.70	—