Advisories | CERT@VDE

1
2 (current)

2021-08-04 09:57 VDE-2021-032

PHOENIX CONTACT: Niche Ethernet Stack for ILC1x0, ILC1x1 and AXC 1050 Industrial controllers and CHARX control DC

Third party Niche Ethernet stack has several vulnerabilities announced by the security researcher’s community.
Phoenix Contact Classic Line industrial controllers are developed and designed for the use in closed industrial networks. The communication protocols and device access do not feature authentication measures. Remote attackers can use specially crafted IP packets to cause a Denial of Service or a Breach of Integrity of the PLC.

CVE-2020-35685: 9.1

CVE-2021-31401: 7.5

CVE-2021-31400: 7.5

CVE-2020-35684: 7.5

CVE-2020-35683: 7.5

CVE-2021-31227: 7.5

2021-08-04 09:56 VDE-2021-036

PHOENIX CONTACT: Products utilizing WIBU SYSTEMS CodeMeter components in versions prior to V7.21a

Please consult the CVE entries above for more details.

CVE-2021-20994: 6.1

CVE-2021-20993: 5.3

1
2 (current)

Feeds

RSS / Atom

Nach Hersteller

ADS-TEC Industrial IT (2)

Auma (4)

Beckhoff (9)

Bender (2)

CODESYS (8)

Endress+Hauser (10)

Festo (11)

Festo Didactic (6)

Frauscher (3)

Carlo Gavazzi Controls (1)

Helmholz (7)

HIMA (2)

ifm (1)

Innominate (2)

Lenze (2)

MB connect line (9)

Miele (4)

M&M Software (1)

Pepperl+Fuchs (26)

PHOENIX CONTACT (80)

Pilz (13)

Red Lion Europe (2)

SWARCO (1)

TECSON/GOK (1)

TRUMPF SE (2)

TRUMPF Laser (7)

TRUMPF Werkzeugmaschinen (8)

VARTA Storage (1)

VMT (1)

WAGO (55)

Weidmueller (10)

Welotec (1)

Wiesemann & Theis (3)

Archiv

2024

April (2)
März (2)
Februar (6)
Januar (7)

2023

Dezember (14)
November (5)
Oktober (5)
September (5)
August (13)
Juli (5)
Juni (3)
Mai (4)
April (1)
März (3)
Februar (3)
Januar (2)

2022

Dezember (5)
November (10)
Oktober (5)
September (7)
August (4)
Juli (4)
Juni (7)
Mai (3)
April (11)
März (5)
Januar (5)

2021

Dezember (2)
November (6)
Oktober (5)
September (2)
August (10)
Juli (3)
Juni (9)
Mai (6)
April (2)
März (3)
Februar (3)
Januar (4)

2020

Dezember (4)
November (3)
Oktober (6)
September (8)
August (1)
Juli (3)
Juni (4)
Mai (2)
März (12)
Februar (2)

2019

Dezember (2)
Oktober (3)
September (1)
Juni (4)
Mai (2)
März (6)
Januar (1)

2018

Oktober (1)
September (1)
August (2)
Juli (3)
Mai (4)
März (1)
Februar (1)
Januar (2)

2017

Dezember (2)
November (1)
September (1)
März (1)

Legende

(Scoring für CVSS 2.0,3.0+3.1)

keine

Kein CVE verfügbar

Niedrig

0.1 <= 3.9

Mittel

4.0 <= 6.9

Hoch

7.0 <= 8.9

Kritisch

9.0 <= 10.0