CVE-2021-34570

CWE-20Improper Input Validation3 documents3 sources
Severity
7.5HIGH
EPSS
0.3%
top 47.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Phoenix Contact AXC FPhoenix Contact PlcnextPhoenix Contact RFC+6 more
Timeline
PublishedSep 27
Latest updateMay 24

Description

Multiple Phoenix Contact PLCnext control devices in versions prior to 2021.0.5 LTS are prone to a DoS attack through special crafted JSON requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages9 packages

CVEListV5phoenix_contact/plcnextPLCnext Technology Starterkit (1188165)2021.0.5 LTS
CVEListV5phoenix_contact/rfcRFC 4072S (1051328)2021.0.5 LTS
CVEListV5phoenix_contact/axc_fAXC F 1152 (1151412)2021.0.5 LTS+3

Patches

Patch: cert.vde.comPatch: cert.vde.com

🔴Vulnerability Details

2
GHSA
GHSA-5jgp-38vj-293v: Multiple Phoenix Contact PLCnext control devices in versions prior to 20212022-05-24
CVEList
Phoenix Contact: DoS for PLCnext Control devices in versions prior to 2021.0.5 LTS2021-09-27
CVE-2021-34570 (HIGH CVSS 7.5) | Multiple Phoenix Contact PLCnext co | cvebase.io