CVE-2021-21002 - Vulnerability Details - OpenCVE

In Phoenix Contact FL COMSERVER UNI in versions < 2.40 a invalid Modbus exception response can lead to a temporary denial of service.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00334.

Key SSVC decision points have not yet been added.

Vendors	Products
Phoenixcontact	Fl Comserver Uni 232\/422\/485 Fl Comserver Uni 232\/422\/485-t Fl Comserver Uni 232\/422\/485-t Firmware Fl Comserver Uni 232\/422\/485 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:phoenixcontact:fl_comserver_uni_232\/422\/485_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:fl_comserver_uni_232\/422\/485:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:phoenixcontact:fl_comserver_uni_232\/422\/485-t_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:fl_comserver_uni_232\/422\/485-t:-:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2021-8411	In Phoenix Contact FL COMSERVER UNI in versions < 2.40 a invalid Modbus exception response can lead to a temporary denial of service.

Fixes

Solution

Upgrade to the latest firmware, fixed firmware includes versions >= 2.41.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://cert.vde.com/en-us/advisories/vde-2021-022

History

No history.

MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published: 2021-06-25T18:25:50.373345Z

Updated: 2024-09-17T03:58:42.845Z

Reserved: 2020-12-17T00:00:00

Link: CVE-2021-21002

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-06-25T19:15:08.587

Modified: 2024-11-21T05:47:22.927

Link: CVE-2021-21002

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "FL COMSERVER", "vendor": "Phoenix Contact", "versions": [{"lessThan": "2.40", "status": "affected", "version": "UNI 232/422/485 (2313452)", "versionType": "custom"}, {"lessThan": "2.40", "status": "affected", "version": "UNI 232/422/485-T (2904817)", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "This vulnerability was found by Petri Tuomio and reported to PHOENIX CONTACT by Waertsilae PSIRT. PHOENIX CONTACT thanks CERT@VDE for the coordination and support with this publication."}], "datePublic": "2021-06-23T00:00:00", "descriptions": [{"lang": "en", "value": "In Phoenix Contact FL COMSERVER UNI in versions < 2.40 a invalid Modbus exception response can lead to a temporary denial of service."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-772", "description": "CWE-772 Missing Release of Resource after Effective Lifetime", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-06-25T18:25:50", "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://cert.vde.com/en-us/advisories/vde-2021-022"}], "solutions": [{"lang": "en", "value": "Upgrade to the latest firmware, fixed firmware includes versions >= 2.41."}], "source": {"advisory": "VDE-2021-022", "defect": ["VDE-2021-022"], "discovery": "EXTERNAL"}, "title": "Denial of Service in Phoenix Contact FL COMSERVER UNI products", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "info@cert.vde.com", "DATE_PUBLIC": "2021-06-23T10:00:00.000Z", "ID": "CVE-2021-21002", "STATE": "PUBLIC", "TITLE": "Denial of Service in Phoenix Contact FL COMSERVER UNI products"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "FL COMSERVER", "version": {"version_data": [{"version_affected": "<", "version_name": "UNI 232/422/485 (2313452)", "version_value": "2.40"}, {"version_affected": "<", "version_name": "UNI 232/422/485-T (2904817)", "version_value": "2.40"}]}}]}, "vendor_name": "Phoenix Contact"}]}}, "credit": [{"lang": "eng", "value": "This vulnerability was found by Petri Tuomio and reported to PHOENIX CONTACT by Waertsilae PSIRT. PHOENIX CONTACT thanks CERT@VDE for the coordination and support with this publication."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Phoenix Contact FL COMSERVER UNI in versions < 2.40 a invalid Modbus exception response can lead to a temporary denial of service."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-772 Missing Release of Resource after Effective Lifetime"}]}]}, "references": {"reference_data": [{"name": "https://cert.vde.com/en-us/advisories/vde-2021-022", "refsource": "CONFIRM", "url": "https://cert.vde.com/en-us/advisories/vde-2021-022"}]}, "solution": [{"lang": "en", "value": "Upgrade to the latest firmware, fixed firmware includes versions >= 2.41."}], "source": {"advisory": "VDE-2021-022", "defect": ["VDE-2021-022"], "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:53:23.033Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://cert.vde.com/en-us/advisories/vde-2021-022"}]}]}, "cveMetadata": {"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "assignerShortName": "CERTVDE", "cveId": "CVE-2021-21002", "datePublished": "2021-06-25T18:25:50.373345Z", "dateReserved": "2020-12-17T00:00:00", "dateUpdated": "2024-09-17T03:58:42.845Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:fl_comserver_uni_232\\/422\\/485_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3023023F-972B-4C84-B7B6-171CAA6837C1", "versionEndExcluding": "2.40", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:fl_comserver_uni_232\\/422\\/485:-:*:*:*:*:*:*:*", "matchCriteriaId": "C89572EB-2036-4F7F-9C43-419866640274", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:fl_comserver_uni_232\\/422\\/485-t_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C2457A4F-1FC9-4C03-BCC9-E9A11FFD5CD9", "versionEndExcluding": "2.40", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:fl_comserver_uni_232\\/422\\/485-t:-:*:*:*:*:*:*:*", "matchCriteriaId": "CC1C16BB-64BC-4751-825C-2C17181E8F5B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "In Phoenix Contact FL COMSERVER UNI in versions < 2.40 a invalid Modbus exception response can lead to a temporary denial of service."}, {"lang": "es", "value": "En Phoenix Contact FL COMSERVER UNI en versiones anteriores a 2.40, una respuesta de excepci\u00f3n Modbus no v\u00e1lida puede conllevar a una denegaci\u00f3n de servicio temporal"}], "id": "CVE-2021-21002", "lastModified": "2024-11-21T05:47:22.927", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "info@cert.vde.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-06-25T19:15:08.587", "references": [{"source": "info@cert.vde.com", "tags": ["Third Party Advisory"], "url": "https://cert.vde.com/en-us/advisories/vde-2021-022"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://cert.vde.com/en-us/advisories/vde-2021-022"}], "sourceIdentifier": "info@cert.vde.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-772"}], "source": "info@cert.vde.com", "type": "Secondary"}]}