CVE-2021-33540: Phoenix Contact: Undocumented FTP acces in certain AXL F BK and IL BK devices
First published: Wed Jun 23 2021(Updated: )
In certain devices of the Phoenix Contact AXL F BK and IL BK product families an undocumented password protected FTP access to the root directory exists.
Credit: info@cert.vde.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Phoenixcontact Axl F Bk Pn Tps Xc Firmware | <1.30 | |
| Phoenixcontact Axl F Bk Pn Tps Xc | ||
| Phoenixcontact Axl F Bk Pn Tps Firmware | <1.30 | |
| Phoenixcontact Axl F Bk Pn Tps | ||
| Phoenixcontact Axl F Bk Eip Firmware | <1.30 | |
| Phoenixcontact Axl F Bk Eip | ||
| Phoenixcontact Axl F Bk Eip Ef Firmware | <1.30 | |
| Phoenixcontact Axl F Bk Eip Ef | ||
| Phoenixcontact Axl F Bk Eth Firmware | <1.30 | |
| Phoenixcontact Axl F Bk Eth | ||
| Phoenixcontact Axl F Bk Eth Xc Firmware | <1.30 | |
| Phoenixcontact Axl F Bk Eth Xc | ||
| Phoenixcontact Axl F Bk S35 Firmware | <1.40 | |
| Phoenixcontact Axl F Bk S35 | ||
| Phoenixcontact Axl F Bk Pn Firmware | ||
| Phoenixcontact Axl F Bk Pn | ||
| Phoenixcontact Axl F Bk Pn Xc Firmware | ||
| Phoenixcontact Axl F Bk Pn Xc | ||
| Phoenixcontact Axl F Bk Eth Net2 Firmware | ||
| Phoenixcontact Axl F Bk Eth Net2 | ||
| Phoenixcontact Axl F Bk Sas Firmware | ||
| Phoenixcontact Axl F Bk Sas | ||
| Phoenixcontact Il Pn Bk-pac Firmware | ||
| Phoenixcontact Il Pn Bk-pac | ||
| Phoenixcontact Il Pn Bk Di8 Do4 2tx-pac Firmware | ||
| Phoenixcontact Il Pn Bk Di8 Do4 2tx-pac | ||
| Phoenixcontact Il Pn Bk Di8 Do4 2scrj-pac Firmware | ||
| Phoenixcontact Il Pn Bk Di8 Do4 2scrj-pac | ||
| Phoenixcontact Il Eth Bk Di8 Do4 2tx-xc-pac Firmware | ||
| Phoenixcontact Il Eth Bk Di8 Do4 2tx-xc-pac | ||
| Phoenixcontact Il Eth Bk Di8 Do4 2tx-pac Firmware | ||
| Phoenixcontact Il Eth Bk Di8 Do4 2tx-pac | ||
| Phoenixcontact Il Eip Bk Di8 Do4 2tx-pac Firmware | ||
| Phoenixcontact Il Eip Bk Di8 Do4 2tx-pac | ||
| Phoenixcontact Il S3 Bk Di8 Do4 2tx-pac Firmware | ||
| Phoenixcontact Il S3 Bk Di8 Do4 2tx-pac |
Remedy
Please refer to the advisory (https://cert.vde.com/en-us/advisories/vde-2021-021) for a list of updated firmware versions for remediation.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-33540?
CVE-2021-33540 is a vulnerability in certain devices of the Phoenix Contact AXL F BK and IL BK product families that allows undocumented password-protected FTP access to the root directory.
Which devices are affected by CVE-2021-33540?
Devices of the Phoenix Contact AXL F BK and IL BK product families are affected by CVE-2021-33540.
What is the severity of CVE-2021-33540?
CVE-2021-33540 has a severity rating of 7.3 (high).
How can I fix CVE-2021-33540?
To fix CVE-2021-33540, it is recommended to apply the necessary patches and updates provided by Phoenix Contact.
Where can I find more information about CVE-2021-33540?
You can find more information about CVE-2021-33540 on the VDE CERT advisory page: https://cert.vde.com/en-us/advisories/vde-2021-021
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/references
- agent/title
- agent/severity
- agent/remedy
- agent/last-modified-date
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/phoenixcontact
- canonical/phoenixcontact axl f bk pn tps xc firmware
- canonical/phoenixcontact axl f bk pn tps xc
- canonical/phoenixcontact axl f bk pn tps firmware
- canonical/phoenixcontact axl f bk pn tps
- canonical/phoenixcontact axl f bk eip firmware
- canonical/phoenixcontact axl f bk eip
- canonical/phoenixcontact axl f bk eip ef firmware
- canonical/phoenixcontact axl f bk eip ef
- canonical/phoenixcontact axl f bk eth firmware
- canonical/phoenixcontact axl f bk eth
- canonical/phoenixcontact axl f bk eth xc firmware
- canonical/phoenixcontact axl f bk eth xc
- canonical/phoenixcontact axl f bk s35 firmware
- canonical/phoenixcontact axl f bk s35
- canonical/phoenixcontact axl f bk pn firmware
- canonical/phoenixcontact axl f bk pn
- canonical/phoenixcontact axl f bk pn xc firmware
- canonical/phoenixcontact axl f bk pn xc
- canonical/phoenixcontact axl f bk eth net2 firmware
- canonical/phoenixcontact axl f bk eth net2
- canonical/phoenixcontact axl f bk sas firmware
- canonical/phoenixcontact axl f bk sas
- canonical/phoenixcontact il pn bk-pac firmware
- canonical/phoenixcontact il pn bk-pac
- canonical/phoenixcontact il pn bk di8 do4 2tx-pac firmware
- canonical/phoenixcontact il pn bk di8 do4 2tx-pac
- canonical/phoenixcontact il pn bk di8 do4 2scrj-pac firmware
- canonical/phoenixcontact il pn bk di8 do4 2scrj-pac
- canonical/phoenixcontact il eth bk di8 do4 2tx-xc-pac firmware
- canonical/phoenixcontact il eth bk di8 do4 2tx-xc-pac
- canonical/phoenixcontact il eth bk di8 do4 2tx-pac firmware
- canonical/phoenixcontact il eth bk di8 do4 2tx-pac
- canonical/phoenixcontact il eip bk di8 do4 2tx-pac firmware
- canonical/phoenixcontact il eip bk di8 do4 2tx-pac
- canonical/phoenixcontact il s3 bk di8 do4 2tx-pac firmware
- canonical/phoenixcontact il s3 bk di8 do4 2tx-pac