Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS: A specially crafted LLDP packet may lead to a high system load in the PROFINET stack.
CVE-2020-12521

6.5MEDIUM

Key Information:

Vendor: Phoenix Contact
Status: Axc F 1152 (1151412); Axc F 2152 (2404267); Axc F 3152 (1069208); Rfc 4072s (1051328
Vendor: CVE Published:; 17 December 2020

🔔 Create Phoenix Contact Vulnerability Alert

What is CVE-2020-12521?

On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS a specially crafted LLDP packet may lead to a high system load in the PROFINET stack. An attacker can cause failure of system services or a complete reboot.

Affected Version(s)

AXC F 1152 (1151412) < 2021.0 LTS

AXC F 2152 (2404267) < 2021.0 LTS

AXC F 2152 Starterkit (1046568) < 2021.0 LTS

References

https://cert.vde.com/en-us/advisories/vde-2020-049

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 17, 2020
Vulnerability Reserved
Apr 30, 2020

Credit

Phoenix Contact reported to CERT@VDE