Denial of Service Vulnerability in Phoenix Contact FL SWITCH SMCS series products
CVE-2021-21003

5.3MEDIUM

Key Information:

Vendor: Phoenix Contact
Status: Fl Switch; Fl Nat
Vendor: CVE Published:; 25 June 2021

Summary

In Phoenix Contact FL SWITCH SMCS series products in multiple versions fragmented TCP-Packets may cause a Denial of Service of Web-, SNMP- and ICMP-Echo services. The switching functionality of the device is not affected.

Affected Version(s)

FL NAT SMN 8TX (2989365) <= 4.63

FL NAT SMN 8TX-M (2702443) <= 4.63

FL SWITCH SMCS 16TX (2700996) <= 4.70

References

https://cert.vde.com/en-us/advisories/vde-2021-023

x_refsource_CONFIRM

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 25, 2021
Vulnerability Reserved
Dec 17, 2020

Credit

This vulnerability has been discovered and reported by Anne Borcherding, Fraunhofer- Institut für Optronik, Systemtechnik und Bildauswertung IOSB. PHOENIX CONTACT thanks CERT@VDE for the coordination and support with this publication.