On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS a specially crafted LLDP packet may lead to a high system load in the PROFINET stack. An attacker can cause failure of system services or a complete reboot.
Advisories
Source ID Title
EUVD EUVD EUVD-2020-4823 On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS a specially crafted LLDP packet may lead to a high system load in the PROFINET stack. An attacker can cause failure of system services or a complete reboot.
Fixes

Solution

Phoenix Contact recommends affected users to upgrade to the current Firmware 2021.0 LTS or higher which fixes these vulnerabilities.


Workaround

Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published:

Updated: 2024-09-17T04:14:26.064Z

Reserved: 2020-04-30T00:00:00

Link: CVE-2020-12521

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-12-17T23:15:13.137

Modified: 2024-11-21T04:59:51.477

Link: CVE-2020-12521

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.