CVE-2021-34570
HIGHPhoenix Contact PLCnext Control Devices < 2021.0.5 - Denial of Service via Crafted JSON Request
Title source: llmDescription
Multiple Phoenix Contact PLCnext control devices in versions prior to 2021.0.5 LTS are prone to a DoS attack through special crafted JSON requests.
References (1)
Core 1
Core References
Patch, Third Party Advisory x_refsource_confirm
https://cert.vde.com/en/advisories/VDE-2021-029/
Scores
CVSS v3
7.5
EPSS
0.0095
EPSS Percentile
56.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-20
Status
published
Products (6)
phoenixcontact/axc_f_1152_firmware
< 2021.0.5
phoenixcontact/axc_f_2152_firmware
< 2021.0.5
phoenixcontact/axc_f_2152_starterkit_firmware
< 2021.0.5
phoenixcontact/axc_f_3152_firmware
< 2021.0.5
phoenixcontact/plcnext_technology_starterkit_firmware
< 2021.0.5
phoenixcontact/rfc_4072s_firmware
< 2021.0.5
Published
Sep 27, 2021
Tracked Since
Feb 18, 2026