Race Condition Vulnerability in Phoenix Contact FL SWITCH SMCS series products
Description
In Phoenix Contact FL SWITCH SMCS series products in multiple versions if an attacker sends a hand-crafted TCP-Packet with the Urgent-Flag set and the Urgent-Pointer set to 0, the network stack will crash. The device needs to be rebooted afterwards.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A crafted TCP packet with Urgent-Flag set and Urgent-Pointer 0 causes a denial-of-service crash on Phoenix Contact FL SWITCH SMCS series devices.
Vulnerability
A denial-of-service vulnerability exists in Phoenix Contact FL SWITCH SMCS series products across multiple versions. When an attacker sends a hand-crafted TCP packet with the Urgent-Flag set and the Urgent-Pointer set to 0, the network stack of the device crashes, requiring a reboot [1].
Exploitation
The attacker must be able to send a specially crafted TCP packet to the target device over the network. No authentication is required, and the attack can be performed remotely. The single packet with the urgent pointer set to zero triggers the crash [1].
Impact
Successful exploitation results in a denial-of-service condition: the network stack crashes, rendering the device inoperative until manually rebooted. This can disrupt network communication and cause downtime in industrial environments [1].
Mitigation
As of the publication date (25 June 2021), no fix or workaround has been disclosed in the available references. Users should monitor vendor advisories for future patches. The vulnerability is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Phoenix Contact/FL NATv5Range: SMN 8TX (2989365)
- Range: SMCS 16TX (2700996)
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- cert.vde.com/en-us/advisories/vde-2021-023mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.