PT-2020-13154 · Phoenix Contact · Plcnext Control Devices

Published

2020-12-17

Updated

2020-12-21

CVE-2020-12521

CVSS v3.1

6.5

Medium

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Phoenix Contact PLCnext Control Devices versions prior to 2021.0 LTS

Description A specially crafted LLDP packet may lead to a high system load in the PROFINET stack, causing failure of system services or a complete reboot.

Recommendations For versions prior to 2021.0 LTS, update to version 2021.0 LTS or later to resolve the issue. As a temporary workaround, consider restricting the reception of LLDP packets to minimize the risk of exploitation.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2020-12521

Affected Products

Plcnext Control Devices

PT-2020-13154 · Phoenix Contact · Plcnext Control Devices

CVE-2020-12521

Weakness Enumeration

Related Identifiers

Affected Products

References · 4