CVE-2021-21005 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CERTVDE	CNA	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 12%

Vendor	Product	Version
phoenixcontact	fl_switch_smcs_16tx_firmware	𝑥 ≤ 4.70
phoenixcontact	fl_switch_smcs_14tx\/2fx_firmware	𝑥 ≤ 4.70
phoenixcontact	fl_switch_smcs_14tx\/2fx-sm_firmware	𝑥 ≤ 4.70
phoenixcontact	fl_switch_smcs_8gt_firmware	𝑥 ≤ 4.70
phoenixcontact	fl_switch_smcs_6gt\/2sfp_firmware	𝑥 ≤ 4.70
phoenixcontact	fl_switch_smcs_8tx-pn_firmware	𝑥 ≤ 4.70
phoenixcontact	fl_switch_smcs_4tx-pn_firmware	𝑥 ≤ 4.70
phoenixcontact	fl_switch_smcs_8tx_firmware	𝑥 ≤ 4.70
phoenixcontact	fl_switch_smcs_6tx\/2sfp_firmware	𝑥 ≤ 4.70
phoenixcontact	fl_switch_smn_6tx\/2pof-pn_firmware	𝑥 ≤ 4.70
phoenixcontact	fl_switch_smn_8tx-pn_firmware	𝑥 ≤ 4.70
phoenixcontact	fl_switch_smn_6tx\/2fx_firmware	𝑥 ≤ 4.70
phoenixcontact	fl_switch_smn_6tx\/2fx_sm_firmware	𝑥 ≤ 4.70
phoenixcontact	fl_nat_smn_8tx_firmware	𝑥 ≤ 4.63
phoenixcontact	fl_nat_smn_8tx-m_firmware	𝑥 ≤ 4.63

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

References

https://cert.vde.com/en-us/advisories/vde-2021-023

https://cert.vde.com/en-us/advisories/vde-2021-023