CVE-2021-21005
moderate-risk
Published 2021-06-25
In Phoenix Contact FL SWITCH SMCS series products in multiple versions if an attacker sends a hand-crafted TCP-Packet with the Urgent-Flag set and the Urgent-Pointer set to 0, the network stack will crash. The device needs to be rebooted afterwards.
Do I need to act?
-
0.04% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10
High
NETWORK
/ LOW complexity
Affected Products (15)
Fl Switch Smcs 16Tx Firmware
Fl Switch Smcs 14Tx\/2Fx Firmware
Fl Switch Smcs 14Tx\/2Fx-Sm Firmware
Fl Switch Smcs 8Gt Firmware
Fl Switch Smcs 6Gt\/2Sfp Firmware
Fl Switch Smcs 8Tx-Pn Firmware
Fl Switch Smcs 4Tx-Pn Firmware
Fl Switch Smcs 8Tx Firmware
Fl Switch Smcs 6Tx\/2Sfp Firmware
Fl Switch Smn 6Tx\/2Pof-Pn Firmware
Fl Switch Smn 8Tx-Pn Firmware
Fl Switch Smn 6Tx\/2Fx Firmware
Fl Switch Smn 6Tx\/2Fx Sm Firmware
Fl Nat Smn 8Tx Firmware
Fl Nat Smn 8Tx-M Firmware
Affected Vendors
References (2)
Third Party Advisory
https://cert.vde.com/en-us/advisories/vde-2021-023
Third Party Advisory
https://cert.vde.com/en-us/advisories/vde-2021-023
44
/ 100
moderate-risk
Severity
26/34 · High
Exploitability
0/34 · Minimal
Exposure
18/34 · Moderate