|Article No°||Product Name||Affected Version(s)|
|2313452||FL COMSERVER UNI 232/422/485||< 2.40|
|2904817||FL COMSERVER UNI 232/422/485-T||< 2.40|
When the communication partner sends an invalid Modbus exception response to the FL COMSERVER UNI as a query, the Modbus communication stops, and the device will be unresponsive for some minutes before the functionality is fully restored (CWE-772).
An attacker may use this vulnerability to execute a Denial of Service (DoS) attack.
This vulnerability was found by Petri Tuomio and reported to PHOENIX CONTACT by Waertsilae PSIRT.
We kindly appreciate the coordinated disclosure of this vulnerability by the finder.
PHOENIX CONTACT thanks CERT@VDE for the coordination and support with this publication.