CVE-2021-21004 HIGH

CVE-2021-21004: Cross-site Scripting Vulnerability in Phoenix Contact FL SWITCH SMCS series products

Vendor Phoenix Contact
Product FL SWITCH
Weakness CWE-79 · XSS
Published June 25, 2021
Last update September 16, 2024

CVSS base score

7.4/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N

What the vulnerability does

01Description

In Phoenix Contact FL SWITCH SMCS series products in multiple versions an attacker may insert malicious code via LLDP frames into the web-based management which could then be executed by the client.

Key dates

02Disclosure timeline

June 25, 2021 CVE published
September 16, 2024 Record updated