Back to overview

PHOENIX CONTACT: Security Advisory for FL SWITCH SMCS series

VDE-2021-023
Last update
05/14/2025 14:28
Published at
06/23/2021 14:17
Vendor(s)
Phoenix Contact GmbH & Co. KG
External ID
VDE-2021-023
CSAF Document
Download

Summary

Multiple vulnerabilities have been discovered in the current firmware of the PHOENIX CONTACT FL SWITCH SMCS series switches.

Impact

Affected Product(s)

Model no. Product name Affected versions
2989365 FL NAT SMN 8TX Firmware <=4.63
2702443 FL NAT SMN 8TX-M Firmware <=4.63
2700997 FL SWITCH SMCS 14TX/2FX Firmware <=4.70
2701466 FL SWITCH SMCS 14TX/2FX-SM Firmware <=4.63, Firmware <=4.70
2700996 FL SWITCH SMCS 16TX Firmware <=4.70
2989093 FL SWITCH SMCS 4TX-PN Firmware <=4.70
2891479 FL SWITCH SMCS 6GT/2SFP Firmware <=4.70
2989323 FL SWITCH SMCS 6TX/2SFP Firmware <=4.70
2891123 FL SWITCH SMCS 8GT Firmware <=4.70
2989226 FL SWITCH SMCS 8TX Firmware <=4.70
2989103 FL SWITCH SMCS 8TX-PN Firmware <=4.70
2989556 FL SWITCH SMN 6TX/2FX SM Firmware <=4.70
2700290 FL SWITCH SMN 6TX/2POF-PN Firmware <=4.70
2989501 FL SWITCH SMN 8TX-PN Firmware <=4.70

Vulnerabilities

Expand / Collapse all

Published
09/22/2025 14:57
Severity
7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Weakness
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (CWE-362)
Summary

In Phoenix Contact FL SWITCH SMCS series products in multiple versions if an attacker sends a hand-crafted TCP-Packet with the Urgent-Flag set and the Urgent-Pointer set to 0, the network stack will crash. The device needs to be rebooted afterwards.

References
cve.org | nvd.nist.gov

Published
09/22/2025 14:57
Severity
6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Weakness
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)
Summary

In Phoenix Contact FL SWITCH SMCS series products in multiple versions an attacker may insert malicious code via LLDP frames into the web-based management which could then be executed by the client.

References
cve.org | nvd.nist.gov

Published
09/22/2025 14:57
Severity
5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Weakness
Improper Resource Shutdown or Release (CWE-404)
Summary

In Phoenix Contact FL SWITCH SMCS series products in multiple versions fragmented TCP-Packets may cause a Denial of Service of Web-, SNMP- and ICMP-Echo services. The switching functionality of the device is not affected.

References
cve.org | nvd.nist.gov

Mitigation

Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection

Revision History

Version Date Summary
1 05/04/2021 10:17 Initial revision.
2 02/10/2025 10:00 Update: Provider data has been corrected
3 05/14/2025 14:28 Fix: version space, added distribution