CVE-2021-21003 — MEDIUM (5.3)

Q: How severe is CVE-2021-21003?

CVE-2021-21003 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-21003?

Check the references section above for vendor advisories and patch information. Affected products include: Phoenixcontact Fl Switch Smcs 16Tx Firmware, Phoenixcontact Fl Switch Smcs 16Tx, Phoenixcontact Fl Switch Smcs 14Tx\/2Fx Firmware, Phoenixcontact Fl Switch Smcs 14Tx\/2Fx, Phoenixcontact Fl Switch Smcs 14Tx\/2Fx-Sm Firmware.

Vulnerability Description

In Phoenix Contact FL SWITCH SMCS series products in multiple versions fragmented TCP-Packets may cause a Denial of Service of Web-, SNMP- and ICMP-Echo services. The switching functionality of the device is not affected.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

LOW

Affected Products

Vendor	Product	Versions
Phoenixcontact	Fl Switch Smcs 16Tx Firmware	<= 4.70
Phoenixcontact	Fl Switch Smcs 16Tx	-
Phoenixcontact	Fl Switch Smcs 14Tx\/2Fx Firmware	<= 4.70
Phoenixcontact	Fl Switch Smcs 14Tx\/2Fx	-
Phoenixcontact	Fl Switch Smcs 14Tx\/2Fx-Sm Firmware	<= 4.70
Phoenixcontact	Fl Switch Smcs 14Tx\/2Fx-Sm	-
Phoenixcontact	Fl Switch Smcs 8Gt Firmware	<= 4.70
Phoenixcontact	Fl Switch Smcs 8Gt	-
Phoenixcontact	Fl Switch Smcs 6Gt\/2Sfp Firmware	<= 4.70
Phoenixcontact	Fl Switch Smcs 6Gt\/2Sfp	-
Phoenixcontact	Fl Switch Smcs 8Tx-Pn Firmware	<= 4.70
Phoenixcontact	Fl Switch Smcs 8Tx-Pn	-
Phoenixcontact	Fl Switch Smcs 4Tx-Pn Firmware	<= 4.70
Phoenixcontact	Fl Switch Smcs 4Tx-Pn	-
Phoenixcontact	Fl Switch Smcs 8Tx Firmware	<= 4.70
Phoenixcontact	Fl Switch Smcs 8Tx	-
Phoenixcontact	Fl Switch Smcs 6Tx\/2Sfp Firmware	<= 4.70
Phoenixcontact	Fl Switch Smcs 6Tx\/2Sfp	-
Phoenixcontact	Fl Switch Smn 6Tx\/2Pof-Pn Firmware	<= 4.70
Phoenixcontact	Fl Switch Smn 6Tx\/2Pof-Pn	-

Related Weaknesses (CWE)

CWE-404

References

https://cert.vde.com/en-us/advisories/vde-2021-023Third Party Advisory
https://cert.vde.com/en-us/advisories/vde-2021-023Third Party Advisory

FAQ

What is CVE-2021-21003?

CVE-2021-21003 is a vulnerability with a CVSS score of 5.3 (MEDIUM). In Phoenix Contact FL SWITCH SMCS series products in multiple versions fragmented TCP-Packets may cause a Denial of Service of Web-, SNMP- and ICMP-Echo services. The switching functionality of the de...

How severe is CVE-2021-21003?

CVE-2021-21003 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-21003?

Check the references section above for vendor advisories and patch information. Affected products include: Phoenixcontact Fl Switch Smcs 16Tx Firmware, Phoenixcontact Fl Switch Smcs 16Tx, Phoenixcontact Fl Switch Smcs 14Tx\/2Fx Firmware, Phoenixcontact Fl Switch Smcs 14Tx\/2Fx, Phoenixcontact Fl Switch Smcs 14Tx\/2Fx-Sm Firmware.