Description
In certain devices of the Phoenix Contact AXL F BK and IL BK product families an undocumented password protected FTP access to the root directory exists.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_confirm
https://cert.vde.com/en-us/advisories/vde-2021-021
Scores
CVSS v3
7.3
EPSS
0.0072
EPSS Percentile
49.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-798
Status
published
Products (18)
phoenixcontact/axl_f_bk_eip_ef_firmware
< 1.30
phoenixcontact/axl_f_bk_eip_firmware
< 1.30
phoenixcontact/axl_f_bk_eth_firmware
< 1.30
phoenixcontact/axl_f_bk_eth_net2_firmware
phoenixcontact/axl_f_bk_eth_xc_firmware
< 1.30
phoenixcontact/axl_f_bk_pn_firmware
phoenixcontact/axl_f_bk_pn_tps_firmware
< 1.30
phoenixcontact/axl_f_bk_pn_tps_xc_firmware
< 1.30
phoenixcontact/axl_f_bk_pn_xc_firmware
phoenixcontact/axl_f_bk_s35_firmware
< 1.40
... and 8 more
Published
Jun 25, 2021
Tracked Since
Feb 18, 2026