PHOENIX CONTACT : Security Advisory for ILC1x1 Industrial controllers

Denial of Service vulnerability triggered by specially crafted IP packets.

VDE-2021-019 (2021-06-23 14:14 UTC+0200)

CVE Identifier


Affected Vendors

Phoenix Contact

Affected Products

Article No. Product name Affected version
ILC1x0 All variants All variants


Phoenix Contact Classic Line industrial controllers are developed and designed for the use in closed industrial networks. The communication protocols and device access do not feature authentication measures. Remote attackers can use specially crafted IP packets to cause a denial of service on the PLC's network communication module (CWE-770).


A successful attack stops all network communication. To restore the network connectivity the device needs to be restarted. The automation task is not affected.


Temporary Fix / Mitigation

Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note:
Measures to protect network-capable devices with Ethernet connection

Reported by

This vulnerability was discovered by the Industrial Control Security Laboratory of Qi An Xin Technology Group Inc. from China and reported to CERT@VDE.
We kindly appreciate the coordinated disclosure of this vulnerability by the finder.
PHOENIX CONTACT thanks CERT@VDE for the coordination and support with this publication.