PT-2021-20188 · Phoenix Contact · Phoenix Contact Classic Line Controllers Ilc1X1+1
The Industrial
·
Published
2021-06-25
·
Updated
2021-07-02
·
CVE-2021-33541
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Phoenix Contact Classic Line Controllers ILC1x0 and ILC1x1 (affected versions not specified)
Description
The issue is related to a Denial-of-Service condition where the communication protocols and device access lack authentication measures. Remote attackers can exploit this by sending specially crafted IP packets to cause a denial of service on the PLC's network communication module, effectively stopping all network communication. The automation task remains unaffected. To restore network connectivity, the device must be restarted.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Phoenix Contact Classic Line Controllers Ilc1X0
Phoenix Contact Classic Line Controllers Ilc1X1