CVE-2021-33541 — HIGH (7.5)

Vulnerability Description

Phoenix Contact Classic Line Controllers ILC1x0 and ILC1x1 in all versions/variants are affected by a Denial-of-Service vulnerability. The communication protocols and device access do not feature authentication measures. Remote attackers can use specially crafted IP packets to cause a denial of service on the PLC's network communication module. A successful attack stops all network communication. To restore the network connectivity the device needs to be restarted. The automation task is not affected.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Phoenixcontact	Ilc1X0 Firmware	All versions
Phoenixcontact	Ilc1X0	-
Phoenixcontact	Ilc1X1 Firmware	All versions
Phoenixcontact	Ilc1X1	-

Related Weaknesses (CWE)

CWE-770

References

https://cert.vde.com/en-us/advisories/vde-2021-019Third Party Advisory
https://cert.vde.com/en-us/advisories/vde-2021-019Third Party Advisory

FAQ

What is CVE-2021-33541?

CVE-2021-33541 is a vulnerability with a CVSS score of 7.5 (HIGH). Phoenix Contact Classic Line Controllers ILC1x0 and ILC1x1 in all versions/variants are affected by a Denial-of-Service vulnerability. The communication protocols and device access do not feature auth...

How severe is CVE-2021-33541?

CVE-2021-33541 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-33541?

Check the references section above for vendor advisories and patch information. Affected products include: Phoenixcontact Ilc1X0 Firmware, Phoenixcontact Ilc1X0, Phoenixcontact Ilc1X1 Firmware, Phoenixcontact Ilc1X1.