CVE-2021-34570

Summary

Multiple Phoenix Contact PLCnext control devices in versions prior to 2021.0.5 LTS are prone to a DoS attack through special crafted JSON requests.

Affected Software

VendorProductVersion RangeStatus
Phoenix ContactAXC FAXC F 1152 (1151412) < 2021.0.5 LTSaffected
Phoenix ContactAXC FAXC F 2152 (2404267) < 2021.0.5 LTSaffected
Phoenix ContactAXC FAXC F 3152 (1069208) < 2021.0.5 LTSaffected
Phoenix ContactAXC FAXC F 2152 Starterkit (1046568) < 2021.0.5 LTSaffected
Phoenix ContactRFCRFC 4072S (1051328) < 2021.0.5 LTSaffected
Phoenix ContactPLCnextPLCnext Technology Starterkit (1188165) < 2021.0.5 LTSaffected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

Workarounds

Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note: Measures to protect network-capable devices with Ethernet connection

ADP Enrichment

CVE Program Container

Additional References

References