Cross-site Scripting Vulnerability in Phoenix Contact FL SWITCH SMCS series products
CVE-2021-21004

7.4HIGH

Key Information:

Vendor: Phoenix Contact
Status: Fl Switch; Fl Nat
Vendor: CVE Published:; 25 June 2021

🔔 Create Phoenix Contact Vulnerability Alert

What is CVE-2021-21004?

In Phoenix Contact FL SWITCH SMCS series products in multiple versions an attacker may insert malicious code via LLDP frames into the web-based management which could then be executed by the client.

Affected Version(s)

FL NAT SMN 8TX (2989365) <= 4.63

FL NAT SMN 8TX-M (2702443) <= 4.63

FL SWITCH SMCS 16TX (2700996) <= 4.70

References

https://cert.vde.com/en-us/advisories/vde-2021-023

x_refsource_CONFIRM

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2021
Vulnerability Reserved
Dec 17, 2020

Credit

This vulnerability has been discovered and reported by Anne Borcherding, Fraunhofer- Institut für Optronik, Systemtechnik und Bildauswertung IOSB. PHOENIX CONTACT thanks CERT@VDE for the coordination and support with this publication.