CVE-2021-33540

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2021-33540
In certain devices of the Phoenix Contact AXL F BK and IL BK product families an undocumented password protected FTP access to the root directory exists.

7.3 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
https://cert.vde.com/en-us/advisories/vde-2021-021 Third Party Advisory
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:phoenixcontact:axl_f_bk_pn_tps_xc_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:phoenixcontact:axl_f_bk_pn_tps_xc:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:phoenixcontact:axl_f_bk_pn_tps_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:phoenixcontact:axl_f_bk_pn_tps:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:phoenixcontact:axl_f_bk_eip_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:phoenixcontact:axl_f_bk_eip:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:phoenixcontact:axl_f_bk_eip_ef_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:phoenixcontact:axl_f_bk_eip_ef:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:phoenixcontact:axl_f_bk_eth_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:phoenixcontact:axl_f_bk_eth:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:phoenixcontact:axl_f_bk_eth_xc_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:phoenixcontact:axl_f_bk_eth_xc:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:phoenixcontact:axl_f_bk_s35_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:phoenixcontact:axl_f_bk_s35:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:phoenixcontact:axl_f_bk_pn_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:phoenixcontact:axl_f_bk_pn:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:phoenixcontact:axl_f_bk_pn_xc_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:phoenixcontact:axl_f_bk_pn_xc:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:phoenixcontact:axl_f_bk_eth_net2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:phoenixcontact:axl_f_bk_eth_net2:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:phoenixcontact:axl_f_bk_sas_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:phoenixcontact:axl_f_bk_sas:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:phoenixcontact:il_pn_bk-pac_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:phoenixcontact:il_pn_bk-pac:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:phoenixcontact:il_pn_bk_di8_do4_2tx-pac_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:phoenixcontact:il_pn_bk_di8_do4_2tx-pac:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:phoenixcontact:il_pn_bk_di8_do4_2scrj-pac_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:phoenixcontact:il_pn_bk_di8_do4_2scrj-pac:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:phoenixcontact:il_eth_bk_di8_do4_2tx-xc-pac_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:phoenixcontact:il_eth_bk_di8_do4_2tx-xc-pac:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:phoenixcontact:il_eth_bk_di8_do4_2tx-pac_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:phoenixcontact:il_eth_bk_di8_do4_2tx-pac:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:phoenixcontact:il_eip_bk_di8_do4_2tx-pac_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:phoenixcontact:il_eip_bk_di8_do4_2tx-pac:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:phoenixcontact:il_s3_bk_di8_do4_2tx-pac_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:phoenixcontact:il_s3_bk_di8_do4_2tx-pac:-:*:*:*:*:*:*:*
Information

Published : 2021-06-25 12:15

Updated : 2021-07-01 17:05

NVD link : CVE-2021-33540

Mitre link : CVE-2021-33540

JSON object : View

CWE
CWE-798

Use of Hard-coded Credentials

Advertisement

dedicated server usa
Products Affected

phoenixcontact

  • il_pn_bk-pac
  • axl_f_bk_sas_firmware
  • axl_f_bk_eip
  • axl_f_bk_pn_tps_xc_firmware
  • axl_f_bk_pn
  • il_s3_bk_di8_do4_2tx-pac_firmware
  • axl_f_bk_eth_firmware
  • axl_f_bk_eth
  • axl_f_bk_pn_xc_firmware
  • axl_f_bk_eth_xc_firmware
  • il_pn_bk_di8_do4_2tx-pac
  • il_eth_bk_di8_do4_2tx-pac_firmware
  • axl_f_bk_s35_firmware
  • axl_f_bk_eip_firmware
  • axl_f_bk_pn_tps_xc
  • axl_f_bk_eth_net2
  • il_eth_bk_di8_do4_2tx-xc-pac
  • axl_f_bk_eth_xc
  • il_eth_bk_di8_do4_2tx-pac
  • il_pn_bk_di8_do4_2scrj-pac_firmware
  • axl_f_bk_pn_tps
  • axl_f_bk_eip_ef
  • il_pn_bk-pac_firmware
  • axl_f_bk_pn_tps_firmware
  • il_pn_bk_di8_do4_2tx-pac_firmware
  • il_s3_bk_di8_do4_2tx-pac
  • axl_f_bk_sas
  • il_eip_bk_di8_do4_2tx-pac_firmware
  • axl_f_bk_eip_ef_firmware
  • il_eth_bk_di8_do4_2tx-xc-pac_firmware
  • axl_f_bk_s35
  • axl_f_bk_eth_net2_firmware
  • axl_f_bk_pn_firmware
  • il_pn_bk_di8_do4_2scrj-pac
  • il_eip_bk_di8_do4_2tx-pac
  • axl_f_bk_pn_xc