Share: Email | Twitter




2021-06-23 14:17 (CEST)

Last update

2021-07-07 13:19 (CEST)




Product number Product name Firmware version
2700996 FL SWITCH SMCS 16TX <= 4.70
2700997 FL SWITCH SMCS 14TX/2FX <= 4.70
2701466 FL SWITCH SMCS 14TX/2FX-SM <= 4.70
2891123 FL SWITCH SMCS 8GT <= 4.70
2891479 FL SWITCH SMCS 6GT/2SFP <= 4.70
2989103 FL SWITCH SMCS 8TX-PN <= 4.70
2989093 FL SWITCH SMCS 4TX-PN <= 4.70
2989226 FL SWITCH SMCS 8TX <= 4.70
2989323 FL SWITCH SMCS 6TX/2SFP <= 4.70
2700290 FL SWITCH SMN 6TX/2POF-PN <= 4.70
2989501 FL SWITCH SMN 8TX-PN <= 4.70
2989543 FL SWITCH SMN 6TX/2FX <= 4.70
2989556 FL SWITCH SMN 6TX/2FX SM <= 4.70
2989365 FL NAT SMN 8TX <= 4.63
2702443 FL NAT SMN 8TX-M <= 4.63


Multiple vulnerabilities have been discovered in the current firmware of the PHOENIX CONTACT FL SWITCH SMCS series switches.


Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') ( CWE-362 )
In Phoenix Contact FL SWITCH SMCS series products in multiple versions if an attacker sends a hand-crafted TCP-Packet with the Urgent-Flag set and the Urgent-Pointer set to 0, the network ...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') ( CWE-79 )
In Phoenix Contact FL SWITCH SMCS series products in multiple versions an attacker may insert malicious code via LLDP frames into the web-based management which could then be executed by ...
Improper Resource Shutdown or Release ( CWE-404 )
In Phoenix Contact FL SWITCH SMCS series products in multiple versions fragmented TCP-Packets may cause a Denial of Service of Web-, SNMP- and ICMP-Echo services. The switching functionality of the ...


Temporary Fix / Mitigation

Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection

Reported by

These vulnerabilities have been discovered and reported by Anne Borcherding, Fraunhofer- Institut für Optronik, Systemtechnik und Bildauswertung IOSB.
We kindly appreciate the coordinated disclosure of this vulnerability by the finder.
PHOENIX CONTACT thanks CERT@VDE for the coordination and support with this publication.