CVE-2021-33541

Phoenix Contact Classic Line Controllers ILC1x0 and ILC1x1 in all versions/variants are affected by a Denial-of-Service vulnerability. The communication protocols and device access do not feature authentication measures. Remote attackers can use specially crafted IP packets to cause a denial of service on the PLC's network communication module. A successful attack stops all network communication. To restore the network connectivity the device needs to be restarted. The automation task is not affected.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:phoenixcontact:ilc1x0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:phoenixcontact:ilc1x0:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:phoenixcontact:ilc1x1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:phoenixcontact:ilc1x1:-:*:*:*:*:*:*:*

History

21 Nov 2024, 06:09

Type Values Removed Values Added
References () https://cert.vde.com/en-us/advisories/vde-2021-019 - Third Party Advisory () https://cert.vde.com/en-us/advisories/vde-2021-019 - Third Party Advisory

Information

Published : 2021-06-25 19:15

Updated : 2024-11-21 06:09


NVD link : CVE-2021-33541

Mitre link : CVE-2021-33541

CVE.ORG link : CVE-2021-33541


JSON object : View

Products Affected

phoenixcontact

  • ilc1x0_firmware
  • ilc1x0
  • ilc1x1
  • ilc1x1_firmware
CWE
CWE-770

Allocation of Resources Without Limits or Throttling