CVE-2021-21003

Summary

In Phoenix Contact FL SWITCH SMCS series products in multiple versions fragmented TCP-Packets may cause a Denial of Service of Web-, SNMP- and ICMP-Echo services. The switching functionality of the device is not affected.

Affected Software

VendorProductVersion RangeStatus
Phoenix ContactFL SWITCHSMCS 16TX (2700996) <= 4.70affected
Phoenix ContactFL SWITCHSMCS 14TX/2FX (2700997) <= 4.70affected
Phoenix ContactFL SWITCHSMCS 14TX/2FX-SM (2701466) <= 4.70affected
Phoenix ContactFL SWITCHSMCS 8GT (2891123) <= 4.70affected
Phoenix ContactFL SWITCHSMCS 6GT/2SFP (2891479) <= 4.70affected
Phoenix ContactFL SWITCHSMCS 8TX-PN (2989103) <= 4.70affected
Phoenix ContactFL SWITCHSMCS 4TX-PN (2989093) <= 4.70affected
Phoenix ContactFL SWITCHSMCS 8TX (2989226) <= 4.70affected
Phoenix ContactFL SWITCHSMCS 6TX/2SFP (2989323) <= 4.70affected
Phoenix ContactFL SWITCHSMN 6TX/2POF-PN (2700290) <= 4.70affected
Phoenix ContactFL SWITCHSMN 8TX-PN (2989501) <= 4.70affected
Phoenix ContactFL SWITCHSMN 6TX/2FX (2989543) <= 4.70affected
Phoenix ContactFL SWITCHSMN 6TX/2FX SM (2989556) <= 4.70affected
Phoenix ContactFL NATSMN 8TX (2989365) <= 4.63affected
Phoenix ContactFL NATSMN 8TX-M (2702443) <= 4.63affected

Weaknesses

  • CWE-404: CWE-404 Improper Resource Shutdown or Release

Workarounds

Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note: Measures to protect network-capable devices with Ethernet connection https://dam-mdc.phoenixcontact.com/asset/156443151564/0a870ae433c19148b80bd760f3a1c1f2/107913_en_03.pdf

ADP Enrichment

CVE Program Container

Additional References

References