CVE-2021-33540

Summary

In certain devices of the Phoenix Contact AXL F BK and IL BK product families an undocumented password protected FTP access to the root directory exists.

Affected Software

VendorProductVersion RangeStatus
Phoenix ContactAXL F BKAXL F PN TPS XC (1068857) < 1.30affected
Phoenix ContactAXL F BKAXL F EIP EF (2702782) < 1.30affected
Phoenix ContactAXL F BKAXL F PN TPS (2403869) < 1.30affected
Phoenix ContactAXL F BKAXL F EIP (2688394) < 1.30affected
Phoenix ContactAXL F BKAXL F ETH (2688459) < 1.30affected
Phoenix ContactAXL F BKAXL F ETH XC (2701949) < 1.30affected
Phoenix ContactAXL F BKAXL F S3 (2701686) < 1.40affected
Phoenix ContactAXL F BKAXL F PN (2701815) all revisionsaffected
Phoenix ContactAXL F BKAXL F PN XC (2701222) all revisionsaffected
Phoenix ContactAXL F BKAXL F ETH NET2 (2702177) all revisionsaffected
Phoenix ContactAXL F BKAXL F SAS (2701457) all revisionsaffected
Phoenix ContactILIL PN BK-PAC (2403696) all revisionsaffected
Phoenix ContactILIL PN BK DI8 DO4 2TX-PAC (2703994) all revisionsaffected
Phoenix ContactILIL PN BK DI8 DO4 2SCRJ-PAC (2878379) all revisionsaffected
Phoenix ContactILIL ETH BK DI8 DO4 2TX-XC-PAC (2701388) all revisionsaffected
Phoenix ContactILIL ETH BK DI8 DO4 2TX-PAC (2703981) all revisionsaffected
Phoenix ContactILIL EIP BK DI8 DO4 2TX-PAC (2897758) all revisionsaffected
Phoenix ContactILIL S3 BK DI8 DO4 2TX-PAC (2692380) all revisionsaffected

Weaknesses

  • CWE-798: CWE-798 Use of Hard-coded Credentials

ADP Enrichment

CVE Program Container

Additional References

References