CVE-2020-12521

Summary

CVE	CVE-2020-12521
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2020-12-17 23:15:00 UTC
Updated	2020-12-21 18:28:00 UTC
Description	On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS a specially crafted LLDP packet may lead to a high system load in the PROFINET stack. An attacker can cause failure of system services or a complete reboot.

Risk And Classification

Problem Types: CWE-20

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Phoenixcontact	Axc F 1152	-	All	All	All
Hardware	Phoenixcontact	Axc F 1152	-	All	All	All
Hardware	Phoenixcontact	Axc F 2152	-	All	All	All
Hardware	Phoenixcontact	Axc F 2152	-	All	All	All
Hardware	Phoenixcontact	Axc F 2152 Starterkit	-	All	All	All
Hardware	Phoenixcontact	Axc F 2152 Starterkit	-	All	All	All
Hardware	Phoenixcontact	Axc F 3152	-	All	All	All
Hardware	Phoenixcontact	Axc F 3152	-	All	All	All
Operating System	Phoenixcontact	Plcnext Firmware	All	All	All	All
Operating System	Phoenixcontact	Plcnext Firmware	All	All	All	All
Hardware	Phoenixcontact	Plcnext Technology Starterkit	-	All	All	All
Hardware	Phoenixcontact	Plcnext Technology Starterkit	-	All	All	All
Hardware	Phoenixcontact	Rfc 4072s	-	All	All	All
Hardware	Phoenixcontact	Rfc 4072s	-	All	All	All

References

Reference	Source	Link	Tags
PHOENIX CONTACT: Multiple vulnerabilities in PLCnext Control devices — English (USA)	CONFIRM	cert.vde.com	Third Party Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

Vendor Comments And Credit

Discovery Credit

LEGACY: Phoenix Contact reported to CERT@VDE

There are currently no legacy QID mappings associated with this CVE.