CVE-2020-12521

Summary

On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS a specially crafted LLDP packet may lead to a high system load in the PROFINET stack. An attacker can cause failure of system services or a complete reboot.

Affected Software

VendorProductVersion RangeStatus
Phoenix ContactAXC F 1152 (1151412)unspecified < 2021.0 LTSaffected
Phoenix ContactAXC F 2152 (2404267)unspecified < 2021.0 LTSaffected
Phoenix ContactAXC F 3152 (1069208)unspecified < 2021.0 LTSaffected
Phoenix ContactRFC 4072S (1051328unspecified < 2021.0 LTSaffected
Phoenix ContactAXC F 2152 Starterkit (1046568)unspecified < 2021.0 LTSaffected
Phoenix ContactPLCnext Technology Starterkit (1188165)unspecified < 2021.0 LTSaffected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

Workarounds

Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note.

ADP Enrichment

CVE Program Container

Additional References

References