Phoenix Contact Classic Line Controllers ILC1x0 and ILC1x1 in all versions/variants are affected by a Denial-of-Service vulnerability. The communication protocols and device access do not feature authentication measures. Remote attackers can use specially crafted IP packets to cause a denial of service on the PLC's network communication module. A successful attack stops all network communication. To restore the network connectivity the device needs to be restarted. The automation task is not affected.
References
Link | Resource |
---|---|
https://cert.vde.com/en-us/advisories/vde-2021-019 | Third Party Advisory |
https://cert.vde.com/en-us/advisories/vde-2021-019 | Third Party Advisory |
Configurations
History
21 Nov 2024, 06:09
Type | Values Removed | Values Added |
---|---|---|
References | () https://cert.vde.com/en-us/advisories/vde-2021-019 - Third Party Advisory |
Information
Published : 2021-06-25 19:15
Updated : 2024-11-21 06:09
NVD link : CVE-2021-33541
Mitre link : CVE-2021-33541
CVE.ORG link : CVE-2021-33541
JSON object : View
Products Affected
phoenixcontact
- ilc1x0_firmware
- ilc1x0
- ilc1x1
- ilc1x1_firmware
CWE
CWE-770
Allocation of Resources Without Limits or Throttling