CVE-2021-33540

moderate-risk
Published 2021-06-25

In certain devices of the Phoenix Contact AXL F BK and IL BK product families an undocumented password protected FTP access to the root directory exists.

Do I need to act?

-
0.24% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.3/10 High
NETWORK / LOW complexity

Affected Products (18)

Axl F Bk Pn Tps Xc Firmware
Axl F Bk Pn Tps Firmware
Axl F Bk Eip Firmware
Axl F Bk Eip Ef Firmware
Axl F Bk Eth Firmware
Axl F Bk Eth Xc Firmware
Axl F Bk S35 Firmware
Axl F Bk Pn Firmware
Axl F Bk Pn Xc Firmware
Axl F Bk Eth Net2 Firmware
Axl F Bk Sas Firmware
Il Pn Bk-Pac Firmware
Il Pn Bk Di8 Do4 2Tx-Pac Firmware
Il Pn Bk Di8 Do4 2Scrj-Pac Firmware
Il Eth Bk Di8 Do4 2Tx-Xc-Pac Firmware
Il Eth Bk Di8 Do4 2Tx-Pac Firmware
Il Eip Bk Di8 Do4 2Tx-Pac Firmware
Il S3 Bk Di8 Do4 2Tx-Pac Firmware

Affected Vendors

Phoenixcontact

References (2)

Third Party Advisory https://cert.vde.com/en-us/advisories/vde-2021-021
Third Party Advisory https://cert.vde.com/en-us/advisories/vde-2021-021
46
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 1/34 · Minimal
Exposure 19/34 · Moderate