CVE-2021-21002 - OpenCVE

In Phoenix Contact FL COMSERVER UNI in versions < 2.40 a invalid Modbus exception response can lead to a temporary denial of service.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Phoenixcontact	Fl Comserver Uni 232\/422\/485 Fl Comserver Uni 232\/422\/485-t Fl Comserver Uni 232\/422\/485-t Firmware Fl Comserver Uni 232\/422\/485 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:phoenixcontact:fl_comserver_uni_232\/422\/485_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:fl_comserver_uni_232\/422\/485:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:phoenixcontact:fl_comserver_uni_232\/422\/485-t_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:fl_comserver_uni_232\/422\/485-t:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://cert.vde.com/en-us/advisories/vde-2021-022

History

No history.

MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published: 2021-06-25T18:25:50.373345Z

Updated: 2024-09-17T03:58:42.845Z

Reserved: 2020-12-17T00:00:00

Link: CVE-2021-21002

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-06-25T19:15:08.587

Modified: 2021-07-01T19:43:58.987

Link: CVE-2021-21002

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "FL COMSERVER", "vendor": "Phoenix Contact", "versions": [{"lessThan": "2.40", "status": "affected", "version": "UNI 232/422/485 (2313452)", "versionType": "custom"}, {"lessThan": "2.40", "status": "affected", "version": "UNI 232/422/485-T (2904817)", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "This vulnerability was found by Petri Tuomio and reported to PHOENIX CONTACT by Waertsilae PSIRT. PHOENIX CONTACT thanks CERT@VDE for the coordination and support with this publication."}], "datePublic": "2021-06-23T00:00:00", "descriptions": [{"lang": "en", "value": "In Phoenix Contact FL COMSERVER UNI in versions < 2.40 a invalid Modbus exception response can lead to a temporary denial of service."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-772", "description": "CWE-772 Missing Release of Resource after Effective Lifetime", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-06-25T18:25:50", "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://cert.vde.com/en-us/advisories/vde-2021-022"}], "solutions": [{"lang": "en", "value": "Upgrade to the latest firmware, fixed firmware includes versions >= 2.41."}], "source": {"advisory": "VDE-2021-022", "defect": ["VDE-2021-022"], "discovery": "EXTERNAL"}, "title": "Denial of Service in Phoenix Contact FL COMSERVER UNI products", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "info@cert.vde.com", "DATE_PUBLIC": "2021-06-23T10:00:00.000Z", "ID": "CVE-2021-21002", "STATE": "PUBLIC", "TITLE": "Denial of Service in Phoenix Contact FL COMSERVER UNI products"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "FL COMSERVER", "version": {"version_data": [{"version_affected": "<", "version_name": "UNI 232/422/485 (2313452)", "version_value": "2.40"}, {"version_affected": "<", "version_name": "UNI 232/422/485-T (2904817)", "version_value": "2.40"}]}}]}, "vendor_name": "Phoenix Contact"}]}}, "credit": [{"lang": "eng", "value": "This vulnerability was found by Petri Tuomio and reported to PHOENIX CONTACT by Waertsilae PSIRT. PHOENIX CONTACT thanks CERT@VDE for the coordination and support with this publication."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Phoenix Contact FL COMSERVER UNI in versions < 2.40 a invalid Modbus exception response can lead to a temporary denial of service."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-772 Missing Release of Resource after Effective Lifetime"}]}]}, "references": {"reference_data": [{"name": "https://cert.vde.com/en-us/advisories/vde-2021-022", "refsource": "CONFIRM", "url": "https://cert.vde.com/en-us/advisories/vde-2021-022"}]}, "solution": [{"lang": "en", "value": "Upgrade to the latest firmware, fixed firmware includes versions >= 2.41."}], "source": {"advisory": "VDE-2021-022", "defect": ["VDE-2021-022"], "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:53:23.033Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://cert.vde.com/en-us/advisories/vde-2021-022"}]}]}, "cveMetadata": {"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "assignerShortName": "CERTVDE", "cveId": "CVE-2021-21002", "datePublished": "2021-06-25T18:25:50.373345Z", "dateReserved": "2020-12-17T00:00:00", "dateUpdated": "2024-09-17T03:58:42.845Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:fl_comserver_uni_232\\/422\\/485_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3023023F-972B-4C84-B7B6-171CAA6837C1", "versionEndExcluding": "2.40", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:fl_comserver_uni_232\\/422\\/485:-:*:*:*:*:*:*:*", "matchCriteriaId": "C89572EB-2036-4F7F-9C43-419866640274", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:fl_comserver_uni_232\\/422\\/485-t_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C2457A4F-1FC9-4C03-BCC9-E9A11FFD5CD9", "versionEndExcluding": "2.40", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:fl_comserver_uni_232\\/422\\/485-t:-:*:*:*:*:*:*:*", "matchCriteriaId": "CC1C16BB-64BC-4751-825C-2C17181E8F5B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Phoenix Contact FL COMSERVER UNI in versions < 2.40 a invalid Modbus exception response can lead to a temporary denial of service."}, {"lang": "es", "value": "En Phoenix Contact FL COMSERVER UNI en versiones anteriores a 2.40, una respuesta de excepci\u00f3n Modbus no v\u00e1lida puede conllevar a una denegaci\u00f3n de servicio temporal"}], "id": "CVE-2021-21002", "lastModified": "2021-07-01T19:43:58.987", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "info@cert.vde.com", "type": "Secondary"}]}, "published": "2021-06-25T19:15:08.587", "references": [{"source": "info@cert.vde.com", "tags": ["Third Party Advisory"], "url": "https://cert.vde.com/en-us/advisories/vde-2021-022"}], "sourceIdentifier": "info@cert.vde.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-772"}], "source": "info@cert.vde.com", "type": "Primary"}]}