VDE-2021-032 — Vulnetix

VDE-2021-032 PUBLISHED CVSS 9.100000381469727 CRITICAL

Third party Niche Ethernet stack has several vulnerabilities announced by the security researcher's community. Phoenix Contact Classic Line industrial controllers are developed and designed for the use in closed industrial networks. The communication protocols and device access do not feature authentication measures. Remote attackers can use specially crafted IP packets to cause a Denial of Service or a Breach of Integrity of the PLC.

Risk Scores

CVSS v3.1

9.100000381469727

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected Products

Vendor	Product	Versions
	EV-PLCC-AC1-DC1
	ILC1x0
	Firmware vers:all/*
	AXC 1050
	ILC1x1

Timeline

Aug 4, 2021 CVE Published
May 22, 2025 CVE Updated

References

https://certvde.com/en/advisories/VDE-2021-032 advisory
https://certvde.com/de/advisories/vendor/phoenixcontact/ url
https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2021/vde-2021-032.json advisory

Open in Interactive Console →