CVE-2021-33540

Published: Jun 25, 2021Modified: Nov 21, 2024

7.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Exploitability: 3.9 / Impact: 3.4

Source: NVD

Description

In certain devices of the Phoenix Contact AXL F BK and IL BK product families an undocumented password protected FTP access to the root directory exists.

Affected (18)

Products: Phoenixcontact: Axl F Bk Pn Tps Xc Firmware, Axl F Bk Pn Tps Firmware, Axl F Bk Eip Firmware, Axl F Bk Eip Ef Firmware, Axl F Bk Eth Firmware, Axl F Bk Eth Xc Firmware, Axl F Bk S35 Firmware, Axl F Bk Pn Firmware, Axl F Bk Pn Xc Firmware, Axl F Bk Eth Net2 Firmware, Axl F Bk Sas Firmware, Il Pn Bk Pac Firmware, Il Pn Bk Di8 Do4 2tx Pac Firmware, Il Pn Bk Di8 Do4 2scrj Pac Firmware, Il Eth Bk Di8 Do4 2tx Xc Pac Firmware, Il Eth Bk Di8 Do4 2tx Pac Firmware, Il Eip Bk Di8 Do4 2tx Pac Firmware, Il S3 Bk Di8 Do4 2tx Pac Firmware

Phoenixcontact

18 products

Axl F Bk Pn Tps Xc Firmware

Axl F Bk Pn Tps Firmware

Axl F Bk Eip Firmware

Axl F Bk Eip Ef Firmware

Axl F Bk Eth Firmware

Axl F Bk Eth Xc Firmware

Axl F Bk S35 Firmware

Axl F Bk Pn Firmware

Axl F Bk Pn Xc Firmware

Axl F Bk Eth Net2 Firmware

Axl F Bk Sas Firmware

Il Pn Bk Pac Firmware

Il Pn Bk Di8 Do4 2tx Pac Firmware

Il Pn Bk Di8 Do4 2scrj Pac Firmware

Il Eth Bk Di8 Do4 2tx Xc Pac Firmware

Il Eth Bk Di8 Do4 2tx Pac Firmware

Il Eip Bk Di8 Do4 2tx Pac Firmware

Il S3 Bk Di8 Do4 2tx Pac Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Phoenixcontact Axl F Bk Pn Tps Xc Firmware	Before 1.30

Running on/with	Platform Versions
Phoenixcontact Axl F Bk Pn Tps Xc	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Phoenixcontact Axl F Bk Pn Tps Firmware	Before 1.30

Running on/with	Platform Versions
Phoenixcontact Axl F Bk Pn Tps	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Phoenixcontact Axl F Bk Eip Firmware	Before 1.30

Running on/with	Platform Versions
Phoenixcontact Axl F Bk Eip	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Phoenixcontact Axl F Bk Eip Ef Firmware	Before 1.30

Running on/with	Platform Versions
Phoenixcontact Axl F Bk Eip Ef	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Phoenixcontact Axl F Bk Eth Firmware	Before 1.30

Running on/with	Platform Versions
Phoenixcontact Axl F Bk Eth	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Phoenixcontact Axl F Bk Eth Xc Firmware	Before 1.30

Running on/with	Platform Versions
Phoenixcontact Axl F Bk Eth Xc	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Phoenixcontact Axl F Bk S35 Firmware	Before 1.40

Running on/with	Platform Versions
Phoenixcontact Axl F Bk S35	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Phoenixcontact Axl F Bk Pn Firmware	All versions

Running on/with	Platform Versions
Phoenixcontact Axl F Bk Pn	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Phoenixcontact Axl F Bk Pn Xc Firmware	All versions

Running on/with	Platform Versions
Phoenixcontact Axl F Bk Pn Xc	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Phoenixcontact Axl F Bk Eth Net2 Firmware	All versions

Running on/with	Platform Versions
Phoenixcontact Axl F Bk Eth Net2	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Phoenixcontact Axl F Bk Sas Firmware	All versions

Running on/with	Platform Versions
Phoenixcontact Axl F Bk Sas	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Phoenixcontact Il Pn Bk Pac Firmware	All versions

Running on/with	Platform Versions
Phoenixcontact Il Pn Bk Pac	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Phoenixcontact Il Pn Bk Di8 Do4 2tx Pac Firmware	All versions

Running on/with	Platform Versions
Phoenixcontact Il Pn Bk Di8 Do4 2tx Pac	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Phoenixcontact Il Pn Bk Di8 Do4 2scrj Pac Firmware	All versions

Running on/with	Platform Versions
Phoenixcontact Il Pn Bk Di8 Do4 2scrj Pac	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Phoenixcontact Il Eth Bk Di8 Do4 2tx Xc Pac Firmware	All versions

Running on/with	Platform Versions
Phoenixcontact Il Eth Bk Di8 Do4 2tx Xc Pac	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Phoenixcontact Il Eth Bk Di8 Do4 2tx Pac Firmware	All versions

Running on/with	Platform Versions
Phoenixcontact Il Eth Bk Di8 Do4 2tx Pac	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Phoenixcontact Il Eip Bk Di8 Do4 2tx Pac Firmware	All versions

Running on/with	Platform Versions
Phoenixcontact Il Eip Bk Di8 Do4 2tx Pac	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Phoenixcontact Il S3 Bk Di8 Do4 2tx Pac Firmware	All versions

Running on/with	Platform Versions
Phoenixcontact Il S3 Bk Di8 Do4 2tx Pac	All versions

Related CWEs

CWE-798

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (2)

https://cert.vde.com/en-us/advisories/vde-2021-021

Source: info@cert.vde.com

Third Party Advisory

https://cert.vde.com/en-us/advisories/vde-2021-021

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.