Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS: A specially crafted LLDP packet may lead to a high system load in the PROFINET stack.
CVE-2020-12521

6.5MEDIUM

Key Information:

Vendor
Phoenix Contact
Status
Axc F 1152 (1151412)
Axc F 2152 (2404267)
Axc F 3152 (1069208)
Rfc 4072s (1051328
Vendor
CVE Published:
17 December 2020

Summary

On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS a specially crafted LLDP packet may lead to a high system load in the PROFINET stack. An attacker can cause failure of system services or a complete reboot.

Affected Version(s)

AXC F 1152 (1151412) < 2021.0 LTS

AXC F 2152 (2404267) < 2021.0 LTS

AXC F 2152 Starterkit (1046568) < 2021.0 LTS

References

https://cert.vde.com/en-us/advisories/vde-2020-049
x_refsource_CONFIRM

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Phoenix Contact reported to CERT@VDE
.
CVE-2020-12521 : Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS: A specially crafted LLDP packet may lead to a high system load in the PROFINET stack. | SecurityVulnerability.io