CVE-2020-12521

On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS a specially crafted LLDP packet may lead to a high system load in the PROFINET stack. An attacker can cause failure of system services or a complete reboot.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:phoenixcontact:plcnext_firmware:*:*:*:*:long_term_support:*:*:*
cpe:2.3:h:phoenixcontact:axc_f_1152:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:phoenixcontact:plcnext_firmware:*:*:*:*:long_term_support:*:*:*
cpe:2.3:h:phoenixcontact:axc_f_2152:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:phoenixcontact:plcnext_firmware:*:*:*:*:long_term_support:*:*:*
cpe:2.3:h:phoenixcontact:axc_f_3152:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:phoenixcontact:plcnext_firmware:*:*:*:*:long_term_support:*:*:*
cpe:2.3:h:phoenixcontact:rfc_4072s:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:phoenixcontact:plcnext_firmware:*:*:*:*:long_term_support:*:*:*
cpe:2.3:h:phoenixcontact:axc_f_2152_starterkit:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:phoenixcontact:plcnext_firmware:*:*:*:*:long_term_support:*:*:*
cpe:2.3:h:phoenixcontact:plcnext_technology_starterkit:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:59

Type Values Removed Values Added
References () https://cert.vde.com/en-us/advisories/vde-2020-049 - Third Party Advisory () https://cert.vde.com/en-us/advisories/vde-2020-049 - Third Party Advisory

Information

Published : 2020-12-17 23:15

Updated : 2024-11-21 04:59


NVD link : CVE-2020-12521

Mitre link : CVE-2020-12521

CVE.ORG link : CVE-2020-12521


JSON object : View

Products Affected

phoenixcontact

  • axc_f_2152
  • rfc_4072s
  • plcnext_firmware
  • axc_f_2152_starterkit
  • axc_f_3152
  • plcnext_technology_starterkit
  • axc_f_1152
CWE
CWE-20

Improper Input Validation