CVE-2021-21003

In Phoenix Contact FL SWITCH SMCS series products in multiple versions fragmented TCP-Packets may cause a Denial of Service of Web-, SNMP- and ICMP-Echo services. The switching functionality of the device is not affected.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CERTVDECNA
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 53%
VendorProductVersion
phoenixcontactfl_switch_smcs_16tx_firmware
𝑥
≤ 4.70
phoenixcontactfl_switch_smcs_14tx\/2fx_firmware
𝑥
≤ 4.70
phoenixcontactfl_switch_smcs_14tx\/2fx-sm_firmware
𝑥
≤ 4.70
phoenixcontactfl_switch_smcs_8gt_firmware
𝑥
≤ 4.70
phoenixcontactfl_switch_smcs_6gt\/2sfp_firmware
𝑥
≤ 4.70
phoenixcontactfl_switch_smcs_8tx-pn_firmware
𝑥
≤ 4.70
phoenixcontactfl_switch_smcs_4tx-pn_firmware
𝑥
≤ 4.70
phoenixcontactfl_switch_smcs_8tx_firmware
𝑥
≤ 4.70
phoenixcontactfl_switch_smcs_6tx\/2sfp_firmware
𝑥
≤ 4.70
phoenixcontactfl_switch_smn_6tx\/2pof-pn_firmware
𝑥
≤ 4.70
phoenixcontactfl_switch_smn_8tx-pn_firmware
𝑥
≤ 4.70
phoenixcontactfl_switch_smn_6tx\/2fx_firmware
𝑥
≤ 4.70
phoenixcontactfl_switch_smn_6tx\/2fx_sm_firmware
𝑥
≤ 4.70
phoenixcontactfl_nat_smn_8tx_firmware
𝑥
≤ 4.63
phoenixcontactfl_nat_smn_8tx-m_firmware
𝑥
≤ 4.63
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://cert.vde.com/en-us/advisories/vde-2021-023
https://cert.vde.com/en-us/advisories/vde-2021-023