CVE-2021-21004

In Phoenix Contact FL SWITCH SMCS series products in multiple versions an attacker may insert malicious code via LLDP frames into the web-based management which could then be executed by the client.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.4 HIGH
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N
CERTVDECNA
7.4 HIGH
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 47%
VendorProductVersion
phoenixcontactfl_switch_smcs_16tx_firmware
𝑥
≤ 4.70
phoenixcontactfl_switch_smcs_14tx\/2fx_firmware
𝑥
≤ 4.70
phoenixcontactfl_switch_smcs_14tx\/2fx-sm_firmware
𝑥
≤ 4.70
phoenixcontactfl_switch_smcs_8gt_firmware
𝑥
≤ 4.70
phoenixcontactfl_switch_smcs_6gt\/2sfp_firmware
𝑥
≤ 4.70
phoenixcontactfl_switch_smcs_8tx-pn_firmware
𝑥
≤ 4.70
phoenixcontactfl_switch_smcs_4tx-pn_firmware
𝑥
≤ 4.70
phoenixcontactfl_switch_smcs_8tx_firmware
𝑥
≤ 4.70
phoenixcontactfl_switch_smcs_6tx\/2sfp_firmware
𝑥
≤ 4.70
phoenixcontactfl_switch_smn_6tx\/2pof-pn_firmware
𝑥
≤ 4.70
phoenixcontactfl_switch_smn_8tx-pn_firmware
𝑥
≤ 4.70
phoenixcontactfl_switch_smn_6tx\/2fx_firmware
𝑥
≤ 4.70
phoenixcontactfl_switch_smn_6tx\/2fx_sm_firmware
𝑥
≤ 4.70
phoenixcontactfl_nat_smn_8tx_firmware
𝑥
≤ 4.63
phoenixcontactfl_nat_smn_8tx-m_firmware
𝑥
≤ 4.63
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://cert.vde.com/en-us/advisories/vde-2021-023
https://cert.vde.com/en-us/advisories/vde-2021-023