CVE-2021-33540
Phoenix Contact: Undocumented FTP acces in certain AXL F BK and IL BK devices
Severity Score
7.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
In certain devices of the Phoenix Contact AXL F BK and IL BK product families an undocumented password protected FTP access to the root directory exists.
En determinados dispositivos de las familias de productos Phoenix Contact AXL F BK e IL BK se presenta un acceso FTP protegido por contraseƱa no documentado al directorio root
*Credits:
This vulnerability was discovered by Secuvera. PHOENIX CONTACT thanks CERT@VDE for the coordination and support with this publication.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-05-24 CVE Reserved
- 2021-06-25 CVE Published
- 2024-03-08 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-798: Use of Hard-coded Credentials
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://cert.vde.com/en-us/advisories/vde-2021-021 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Phoenixcontact Search vendor "Phoenixcontact" | Axl F Bk Pn Tps Xc Firmware Search vendor "Phoenixcontact" for product "Axl F Bk Pn Tps Xc Firmware" | < 1.30 Search vendor "Phoenixcontact" for product "Axl F Bk Pn Tps Xc Firmware" and version " < 1.30" | - |
Affected
| in | Phoenixcontact Search vendor "Phoenixcontact" | Axl F Bk Pn Tps Xc Search vendor "Phoenixcontact" for product "Axl F Bk Pn Tps Xc" | - | - |
Safe
|
| Phoenixcontact Search vendor "Phoenixcontact" | Axl F Bk Pn Tps Firmware Search vendor "Phoenixcontact" for product "Axl F Bk Pn Tps Firmware" | < 1.30 Search vendor "Phoenixcontact" for product "Axl F Bk Pn Tps Firmware" and version " < 1.30" | - |
Affected
| in | Phoenixcontact Search vendor "Phoenixcontact" | Axl F Bk Pn Tps Search vendor "Phoenixcontact" for product "Axl F Bk Pn Tps" | - | - |
Safe
|
| Phoenixcontact Search vendor "Phoenixcontact" | Axl F Bk Eip Firmware Search vendor "Phoenixcontact" for product "Axl F Bk Eip Firmware" | < 1.30 Search vendor "Phoenixcontact" for product "Axl F Bk Eip Firmware" and version " < 1.30" | - |
Affected
| in | Phoenixcontact Search vendor "Phoenixcontact" | Axl F Bk Eip Search vendor "Phoenixcontact" for product "Axl F Bk Eip" | - | - |
Safe
|
| Phoenixcontact Search vendor "Phoenixcontact" | Axl F Bk Eip Ef Firmware Search vendor "Phoenixcontact" for product "Axl F Bk Eip Ef Firmware" | < 1.30 Search vendor "Phoenixcontact" for product "Axl F Bk Eip Ef Firmware" and version " < 1.30" | - |
Affected
| in | Phoenixcontact Search vendor "Phoenixcontact" | Axl F Bk Eip Ef Search vendor "Phoenixcontact" for product "Axl F Bk Eip Ef" | - | - |
Safe
|
| Phoenixcontact Search vendor "Phoenixcontact" | Axl F Bk Eth Firmware Search vendor "Phoenixcontact" for product "Axl F Bk Eth Firmware" | < 1.30 Search vendor "Phoenixcontact" for product "Axl F Bk Eth Firmware" and version " < 1.30" | - |
Affected
| in | Phoenixcontact Search vendor "Phoenixcontact" | Axl F Bk Eth Search vendor "Phoenixcontact" for product "Axl F Bk Eth" | - | - |
Safe
|
| Phoenixcontact Search vendor "Phoenixcontact" | Axl F Bk Eth Xc Firmware Search vendor "Phoenixcontact" for product "Axl F Bk Eth Xc Firmware" | < 1.30 Search vendor "Phoenixcontact" for product "Axl F Bk Eth Xc Firmware" and version " < 1.30" | - |
Affected
| in | Phoenixcontact Search vendor "Phoenixcontact" | Axl F Bk Eth Xc Search vendor "Phoenixcontact" for product "Axl F Bk Eth Xc" | - | - |
Safe
|
| Phoenixcontact Search vendor "Phoenixcontact" | Axl F Bk S35 Firmware Search vendor "Phoenixcontact" for product "Axl F Bk S35 Firmware" | < 1.40 Search vendor "Phoenixcontact" for product "Axl F Bk S35 Firmware" and version " < 1.40" | - |
Affected
| in | Phoenixcontact Search vendor "Phoenixcontact" | Axl F Bk S35 Search vendor "Phoenixcontact" for product "Axl F Bk S35" | - | - |
Safe
|
| Phoenixcontact Search vendor "Phoenixcontact" | Axl F Bk Pn Firmware Search vendor "Phoenixcontact" for product "Axl F Bk Pn Firmware" | * | - |
Affected
| in | Phoenixcontact Search vendor "Phoenixcontact" | Axl F Bk Pn Search vendor "Phoenixcontact" for product "Axl F Bk Pn" | - | - |
Safe
|
| Phoenixcontact Search vendor "Phoenixcontact" | Axl F Bk Pn Xc Firmware Search vendor "Phoenixcontact" for product "Axl F Bk Pn Xc Firmware" | * | - |
Affected
| in | Phoenixcontact Search vendor "Phoenixcontact" | Axl F Bk Pn Xc Search vendor "Phoenixcontact" for product "Axl F Bk Pn Xc" | - | - |
Safe
|
| Phoenixcontact Search vendor "Phoenixcontact" | Axl F Bk Eth Net2 Firmware Search vendor "Phoenixcontact" for product "Axl F Bk Eth Net2 Firmware" | * | - |
Affected
| in | Phoenixcontact Search vendor "Phoenixcontact" | Axl F Bk Eth Net2 Search vendor "Phoenixcontact" for product "Axl F Bk Eth Net2" | - | - |
Safe
|
| Phoenixcontact Search vendor "Phoenixcontact" | Axl F Bk Sas Firmware Search vendor "Phoenixcontact" for product "Axl F Bk Sas Firmware" | * | - |
Affected
| in | Phoenixcontact Search vendor "Phoenixcontact" | Axl F Bk Sas Search vendor "Phoenixcontact" for product "Axl F Bk Sas" | - | - |
Safe
|
| Phoenixcontact Search vendor "Phoenixcontact" | Il Pn Bk-pac Firmware Search vendor "Phoenixcontact" for product "Il Pn Bk-pac Firmware" | * | - |
Affected
| in | Phoenixcontact Search vendor "Phoenixcontact" | Il Pn Bk-pac Search vendor "Phoenixcontact" for product "Il Pn Bk-pac" | - | - |
Safe
|
| Phoenixcontact Search vendor "Phoenixcontact" | Il Pn Bk Di8 Do4 2tx-pac Firmware Search vendor "Phoenixcontact" for product "Il Pn Bk Di8 Do4 2tx-pac Firmware" | * | - |
Affected
| in | Phoenixcontact Search vendor "Phoenixcontact" | Il Pn Bk Di8 Do4 2tx-pac Search vendor "Phoenixcontact" for product "Il Pn Bk Di8 Do4 2tx-pac" | - | - |
Safe
|
| Phoenixcontact Search vendor "Phoenixcontact" | Il Pn Bk Di8 Do4 2scrj-pac Firmware Search vendor "Phoenixcontact" for product "Il Pn Bk Di8 Do4 2scrj-pac Firmware" | * | - |
Affected
| in | Phoenixcontact Search vendor "Phoenixcontact" | Il Pn Bk Di8 Do4 2scrj-pac Search vendor "Phoenixcontact" for product "Il Pn Bk Di8 Do4 2scrj-pac" | - | - |
Safe
|
| Phoenixcontact Search vendor "Phoenixcontact" | Il Eth Bk Di8 Do4 2tx-xc-pac Firmware Search vendor "Phoenixcontact" for product "Il Eth Bk Di8 Do4 2tx-xc-pac Firmware" | * | - |
Affected
| in | Phoenixcontact Search vendor "Phoenixcontact" | Il Eth Bk Di8 Do4 2tx-xc-pac Search vendor "Phoenixcontact" for product "Il Eth Bk Di8 Do4 2tx-xc-pac" | - | - |
Safe
|
| Phoenixcontact Search vendor "Phoenixcontact" | Il Eth Bk Di8 Do4 2tx-pac Firmware Search vendor "Phoenixcontact" for product "Il Eth Bk Di8 Do4 2tx-pac Firmware" | * | - |
Affected
| in | Phoenixcontact Search vendor "Phoenixcontact" | Il Eth Bk Di8 Do4 2tx-pac Search vendor "Phoenixcontact" for product "Il Eth Bk Di8 Do4 2tx-pac" | - | - |
Safe
|
| Phoenixcontact Search vendor "Phoenixcontact" | Il Eip Bk Di8 Do4 2tx-pac Firmware Search vendor "Phoenixcontact" for product "Il Eip Bk Di8 Do4 2tx-pac Firmware" | * | - |
Affected
| in | Phoenixcontact Search vendor "Phoenixcontact" | Il Eip Bk Di8 Do4 2tx-pac Search vendor "Phoenixcontact" for product "Il Eip Bk Di8 Do4 2tx-pac" | - | - |
Safe
|
| Phoenixcontact Search vendor "Phoenixcontact" | Il S3 Bk Di8 Do4 2tx-pac Firmware Search vendor "Phoenixcontact" for product "Il S3 Bk Di8 Do4 2tx-pac Firmware" | * | - |
Affected
| in | Phoenixcontact Search vendor "Phoenixcontact" | Il S3 Bk Di8 Do4 2tx-pac Search vendor "Phoenixcontact" for product "Il S3 Bk Di8 Do4 2tx-pac" | - | - |
Safe
|