CVE-2021-33541 HIGH

CVE-2021-33541: Phoenix Contact: ILC1x Industrial controllers affected by Denial-of-Service vulnerability

Vendor Phoenix Contact
Product ILC1x
Weakness CWE-770 · Uncontrolled resource consumption
Published June 25, 2021
Last update September 16, 2024

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

Phoenix Contact Classic Line Controllers ILC1x0 and ILC1x1 in all versions/variants are affected by a Denial-of-Service vulnerability. The communication protocols and device access do not feature authentication measures. Remote attackers can use specially crafted IP packets to cause a denial of service on the PLC's network communication module. A successful attack stops all network communication. To restore the network connectivity the device needs to be restarted. The automation task is not affected.

Key dates

02Disclosure timeline

June 25, 2021 CVE published
September 16, 2024 Record updated