VDE-2021-022
Last update
05/14/2025 14:28
Published at
06/23/2021 14:16
Vendor(s)
Phoenix Contact GmbH & Co. KG
External ID
VDE-2021-022
CSAF Document
Summary
When the communication partner sends an invalid Modbus exception response to the FL COMSERVER UNI as a query, the Modbus communication stops, and the device will be unresponsive for some minutes before the functionality is fully restored (CWE-772).
Impact
An attacker may use this vulnerability to execute a Denial of Service (DoS) attack.
Affected Product(s)
| Model no. | Product name | Affected versions |
|---|---|---|
| 2313452 | FL COMSERVER UNI 232/422/485 | Firmware <2.40 |
| 2904817 | FL COMSERVER UNI 232/422/485-T | Firmware <2.40 |
Vulnerabilities
Expand / Collapse all
Published
09/22/2025 14:57
Severity
Weakness
Missing Release of Resource after Effective Lifetime (CWE-772)
Summary
In Phoenix Contact FL COMSERVER UNI in versions <2.40 a invalid Modbus exception response can lead to a temporary denial of service.
References
Remediation
PHOENIX CONTACT recommends affected users to upgrade to the latest firmware version which is available for download.
| Product Number | Product Name | Firmware Version |
|---|---|---|
| 2313452 | FL COMSERVER UNI 232/422/485 | 2.41 |
| 2904817 | FL COMSERVER UNI 232/422/485-T | 2.41 |
Revision History
| Version | Date | Summary |
|---|---|---|
| 1 | 06/23/2021 14:16 | Initial revision. |
| 2 | 02/10/2025 10:00 | Update: Provider data has been corrected |
| 3 | 05/14/2025 14:28 | Fix: version space, firmware category, added distribution |