{"containers":{"cna":{"affected":[{"platforms":["HW < 01"],"product":"AXL F BK","vendor":"Phoenix Contact","versions":[{"lessThan":"1.30","status":"affected","version":"AXL F PN TPS XC (1068857)","versionType":"custom"},{"lessThan":"1.30","status":"affected","version":"AXL F EIP EF (2702782)","versionType":"custom"}]},{"platforms":["HW < 02"],"product":"AXL F BK","vendor":"Phoenix Contact","versions":[{"lessThan":"1.30","status":"affected","version":"AXL F PN TPS (2403869)","versionType":"custom"}]},{"platforms":["HW < 05"],"product":"AXL F BK","vendor":"Phoenix Contact","versions":[{"lessThan":"1.30","status":"affected","version":"AXL F EIP (2688394)","versionType":"custom"},{"lessThan":"1.30","status":"affected","version":"AXL F ETH (2688459)","versionType":"custom"},{"lessThan":"1.30","status":"affected","version":"AXL F ETH XC (2701949)","versionType":"custom"},{"lessThan":"1.40","status":"affected","version":"AXL F S3 (2701686)","versionType":"custom"}]},{"product":"AXL F BK","vendor":"Phoenix Contact","versions":[{"status":"affected","version":"AXL F PN (2701815) all revisions"},{"status":"affected","version":"AXL F PN XC (2701222) all revisions"},{"status":"affected","version":"AXL F ETH NET2 (2702177) all revisions"},{"status":"affected","version":"AXL F SAS (2701457) all revisions"}]},{"product":"IL","vendor":"Phoenix Contact","versions":[{"status":"affected","version":"IL PN BK-PAC (2403696) all revisions"},{"status":"affected","version":"IL PN BK DI8 DO4 2TX-PAC (2703994) all revisions"},{"status":"affected","version":"IL PN BK DI8 DO4 2SCRJ-PAC (2878379) all revisions"},{"status":"affected","version":"IL ETH BK DI8 DO4 2TX-XC-PAC (2701388) all revisions"},{"status":"affected","version":"IL ETH BK DI8 DO4 2TX-PAC (2703981) all revisions"},{"status":"affected","version":"IL EIP BK DI8 DO4 2TX-PAC (2897758) all revisions"},{"status":"affected","version":"IL S3 BK DI8 DO4 2TX-PAC (2692380) all revisions"}]}],"credits":[{"lang":"en","value":"This vulnerability was discovered by Secuvera. PHOENIX CONTACT thanks CERT@VDE for the coordination and support with this publication."}],"datePublic":"2021-06-23T00:00:00.000Z","descriptions":[{"lang":"en","value":"In certain devices of the Phoenix Contact AXL F BK and IL BK product families an undocumented password protected FTP access to the root directory exists."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":7.3,"baseSeverity":"HIGH","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","version":"3.1"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-798","description":"CWE-798 Use of Hard-coded Credentials","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2021-06-25T18:26:04.000Z","orgId":"270ccfa6-a436-4e77-922e-914ec3a9685c","shortName":"CERTVDE"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://cert.vde.com/en-us/advisories/vde-2021-021"}],"solutions":[{"lang":"en","value":"Please refer to the advisory (https://cert.vde.com/en-us/advisories/vde-2021-021) for a list of updated firmware versions for remediation."}],"source":{"advisory":"VDE-2021-021","defect":["VDE-2021-021"],"discovery":"EXTERNAL"},"title":"Phoenix Contact: Undocumented FTP acces in certain AXL F BK and IL BK devices","x_generator":{"engine":"Vulnogram 0.0.9"},"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"info@cert.vde.com","DATE_PUBLIC":"2021-06-23T10:00:00.000Z","ID":"CVE-2021-33540","STATE":"PUBLIC","TITLE":"Phoenix Contact: Undocumented FTP acces in certain AXL F BK and IL BK devices"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"AXL F BK","version":{"version_data":[{"platform":"HW < 01","version_affected":"<","version_name":"AXL F PN TPS XC (1068857)","version_value":"1.30"},{"platform":"HW < 02","version_affected":"<","version_name":"AXL F PN TPS (2403869)","version_value":"1.30"},{"platform":"HW < 05","version_affected":"<","version_name":"AXL F EIP (2688394)","version_value":"1.30"},{"platform":"HW < 01","version_affected":"<","version_name":"AXL F EIP EF (2702782)","version_value":"1.30"},{"platform":"HW < 05","version_affected":"<","version_name":"AXL F ETH (2688459)","version_value":"1.30"},{"platform":"HW < 05","version_affected":"<","version_name":"AXL F ETH XC (2701949)","version_value":"1.30"},{"platform":"HW < 05","version_affected":"<","version_name":"AXL F S3 (2701686)","version_value":"1.40"},{"version_affected":"=","version_name":"AXL F PN (2701815)","version_value":"all revisions"},{"version_affected":"=","version_name":"AXL F PN XC (2701222)","version_value":"all revisions"},{"version_affected":"=","version_name":"AXL F ETH NET2 (2702177)","version_value":"all revisions"},{"version_affected":"=","version_name":"AXL F SAS (2701457)","version_value":"all revisions"}]}},{"product_name":"IL","version":{"version_data":[{"version_affected":"=","version_name":"IL PN BK-PAC (2403696)","version_value":"all revisions"},{"version_affected":"=","version_name":"IL PN BK DI8 DO4 2TX-PAC (2703994)","version_value":"all revisions"},{"version_affected":"=","version_name":"IL PN BK DI8 DO4 2SCRJ-PAC (2878379)","version_value":"all revisions"},{"version_affected":"=","version_name":"IL ETH BK DI8 DO4 2TX-XC-PAC (2701388)","version_value":"all revisions"},{"version_affected":"=","version_name":"IL ETH BK DI8 DO4 2TX-PAC (2703981)","version_value":"all revisions"},{"version_affected":"=","version_name":"IL EIP BK DI8 DO4 2TX-PAC (2897758)","version_value":"all revisions"},{"version_affected":"=","version_name":"IL S3 BK DI8 DO4 2TX-PAC (2692380)","version_value":"all revisions"}]}}]},"vendor_name":"Phoenix Contact"}]}},"credit":[{"lang":"eng","value":"This vulnerability was discovered by Secuvera. PHOENIX CONTACT thanks CERT@VDE for the coordination and support with this publication."}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"In certain devices of the Phoenix Contact AXL F BK and IL BK product families an undocumented password protected FTP access to the root directory exists."}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":7.3,"baseSeverity":"HIGH","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-798 Use of Hard-coded Credentials"}]}]},"references":{"reference_data":[{"name":"https://cert.vde.com/en-us/advisories/vde-2021-021","refsource":"CONFIRM","url":"https://cert.vde.com/en-us/advisories/vde-2021-021"}]},"solution":[{"lang":"en","value":"Please refer to the advisory (https://cert.vde.com/en-us/advisories/vde-2021-021) for a list of updated firmware versions for remediation."}],"source":{"advisory":"VDE-2021-021","defect":["VDE-2021-021"],"discovery":"EXTERNAL"}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T23:50:42.999Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://cert.vde.com/en-us/advisories/vde-2021-021"}]}]},"cveMetadata":{"assignerOrgId":"270ccfa6-a436-4e77-922e-914ec3a9685c","assignerShortName":"CERTVDE","cveId":"CVE-2021-33540","datePublished":"2021-06-25T18:26:04.688Z","dateReserved":"2021-05-24T00:00:00.000Z","dateUpdated":"2024-09-17T03:18:18.324Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}