CVE-2021-21005 — HIGH (7.5)

Q: How severe is CVE-2021-21005?

CVE-2021-21005 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-21005?

Check the references section above for vendor advisories and patch information. Affected products include: Phoenixcontact Fl Switch Smcs 16Tx Firmware, Phoenixcontact Fl Switch Smcs 16Tx, Phoenixcontact Fl Switch Smcs 14Tx\/2Fx Firmware, Phoenixcontact Fl Switch Smcs 14Tx\/2Fx, Phoenixcontact Fl Switch Smcs 14Tx\/2Fx-Sm Firmware.

Vulnerability Description

In Phoenix Contact FL SWITCH SMCS series products in multiple versions if an attacker sends a hand-crafted TCP-Packet with the Urgent-Flag set and the Urgent-Pointer set to 0, the network stack will crash. The device needs to be rebooted afterwards.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Phoenixcontact	Fl Switch Smcs 16Tx Firmware	<= 4.70
Phoenixcontact	Fl Switch Smcs 16Tx	-
Phoenixcontact	Fl Switch Smcs 14Tx\/2Fx Firmware	<= 4.70
Phoenixcontact	Fl Switch Smcs 14Tx\/2Fx	-
Phoenixcontact	Fl Switch Smcs 14Tx\/2Fx-Sm Firmware	<= 4.70
Phoenixcontact	Fl Switch Smcs 14Tx\/2Fx-Sm	-
Phoenixcontact	Fl Switch Smcs 8Gt Firmware	<= 4.70
Phoenixcontact	Fl Switch Smcs 8Gt	-
Phoenixcontact	Fl Switch Smcs 6Gt\/2Sfp Firmware	<= 4.70
Phoenixcontact	Fl Switch Smcs 6Gt\/2Sfp	-
Phoenixcontact	Fl Switch Smcs 8Tx-Pn Firmware	<= 4.70
Phoenixcontact	Fl Switch Smcs 8Tx-Pn	-
Phoenixcontact	Fl Switch Smcs 4Tx-Pn Firmware	<= 4.70
Phoenixcontact	Fl Switch Smcs 4Tx-Pn	-
Phoenixcontact	Fl Switch Smcs 8Tx Firmware	<= 4.70
Phoenixcontact	Fl Switch Smcs 8Tx	-
Phoenixcontact	Fl Switch Smcs 6Tx\/2Sfp Firmware	<= 4.70
Phoenixcontact	Fl Switch Smcs 6Tx\/2Sfp	-
Phoenixcontact	Fl Switch Smn 6Tx\/2Pof-Pn Firmware	<= 4.70
Phoenixcontact	Fl Switch Smn 6Tx\/2Pof-Pn	-

Related Weaknesses (CWE)

CWE-362

References

https://cert.vde.com/en-us/advisories/vde-2021-023Third Party Advisory
https://cert.vde.com/en-us/advisories/vde-2021-023Third Party Advisory

FAQ

What is CVE-2021-21005?

CVE-2021-21005 is a vulnerability with a CVSS score of 7.5 (HIGH). In Phoenix Contact FL SWITCH SMCS series products in multiple versions if an attacker sends a hand-crafted TCP-Packet with the Urgent-Flag set and the Urgent-Pointer set to 0, the network stack will c...

How severe is CVE-2021-21005?

CVE-2021-21005 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-21005?

Check the references section above for vendor advisories and patch information. Affected products include: Phoenixcontact Fl Switch Smcs 16Tx Firmware, Phoenixcontact Fl Switch Smcs 16Tx, Phoenixcontact Fl Switch Smcs 14Tx\/2Fx Firmware, Phoenixcontact Fl Switch Smcs 14Tx\/2Fx, Phoenixcontact Fl Switch Smcs 14Tx\/2Fx-Sm Firmware.