MidnightBSD

Advisories for phoenixcontact

CVE-2016-8366 MEDIUM

Webvisit in Phoenix Contact ILC PLCs offers a password macro to protect HMI pages on the PLC against casual or coincidental opening of HMI pages by the user. The password macro can be configured in a way that the password is stored and transferred in clear text.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-312,CWE-255,

Products Affected

Vendor Product Version
phoenixcontact ilc_plcs_firmware -
CVE-2016-8371 HIGH

The web server in Phoenix Contact ILC PLCs can be accessed without authenticating even if the authentication mechanism is enabled.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-592,CWE-287,

Products Affected

Vendor Product Version
phoenixcontact ilc_plcs_firmware -
CVE-2016-8380 HIGH

The web server in Phoenix Contact ILC PLCs allows access to read and write PLC variables without authentication.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-767,CWE-287,

Products Affected

Vendor Product Version
phoenixcontact ilc_plcs_firmware -
CVE-2017-10053 MEDIUM

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netapp snapmanager -
oracle jdk 1.8.0
oracle jre 1.8.0
phoenixcontact fl_mguard_dm *
redhat enterprise_linux_server_aus 7.3
netapp oncommand_shift -
redhat enterprise_linux_eus 7.4
netapp oncommand_balance -
netapp active_iq_unified_manager *
netapp cloud_backup -
debian debian_linux 9.0
oracle jdk 1.7.0
netapp oncommand_performance_manager -
netapp vasa_provider 6.0
netapp vasa_provider *
redhat enterprise_linux_desktop 7.0
netapp virtual_storage_console *
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_eus 7.7
netapp virtual_storage_console 6.2.2
redhat enterprise_linux_desktop 6.0
oracle jre 1.7.0
redhat enterprise_linux_server_tus 7.7
oracle jre 1.6.0
redhat enterprise_linux_server_aus 7.6
netapp e-series_santricity_storage_manager -
redhat satellite 5.8
oracle jrockit r28.3.14
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_eus 7.5
netapp plug-in_for_symantec_netbackup -
netapp storage_replication_adapter_for_clustered_data_ontap 9.6
netapp e-series_santricity_os_controller *
oracle jdk 1.6.0
netapp oncommand_unified_manager -
netapp oncommand_insight -
redhat enterprise_linux_server_aus 7.4
netapp oncommand_unified_manager *
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_workstation 6.0
netapp storage_replication_adapter_for_clustered_data_ontap *
netapp steelstore_cloud_integrated_storage -
redhat enterprise_linux_server 6.0
netapp virtual_storage_console 6.0
redhat enterprise_linux_eus 7.3
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_workstation 7.0
debian debian_linux 10.0
netapp element_software -
CVE-2017-10078 MEDIUM

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Scripting). The supported version that is affected is Java SE: 8u131. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data as well as unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netapp snapmanager -
oracle jdk 1.8.0
oracle jre 1.8.0
phoenixcontact fl_mguard_dm *
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_server_aus 7.6
netapp oncommand_shift -
redhat enterprise_linux_eus 7.4
netapp e-series_santricity_storage_manager -
netapp oncommand_balance -
redhat satellite 5.8
netapp active_iq_unified_manager *
netapp cloud_backup -
debian debian_linux 9.0
redhat enterprise_linux_server_tus 7.3
netapp vasa_provider_for_clustered_data_ontap *
netapp vasa_provider_for_clustered_data_ontap 6.0
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_eus 7.5
netapp oncommand_performance_manager -
netapp plug-in_for_symantec_netbackup -
netapp e-series_santricity_os_controller *
netapp oncommand_unified_manager -
netapp oncommand_insight -
redhat enterprise_linux_server_aus 7.4
netapp oncommand_unified_manager *
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_desktop 7.0
netapp storage_replication_adapter_for_clustered_data_ontap *
netapp virtual_storage_console *
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_eus 7.7
netapp steelstore_cloud_integrated_storage -
redhat enterprise_linux_server 6.0
netapp virtual_storage_console 6.0
netapp virtual_storage_console 6.2.2
redhat enterprise_linux_eus 7.3
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_workstation 7.0
netapp element_software -
CVE-2017-10102 MEDIUM

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.0 CRITICAL CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 2.2 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netapp snapmanager -
oracle jdk 1.8.0
oracle jre 1.8.0
phoenixcontact fl_mguard_dm *
redhat enterprise_linux_server_aus 7.3
netapp oncommand_shift -
redhat enterprise_linux_eus 7.4
netapp oncommand_balance -
netapp active_iq_unified_manager *
netapp cloud_backup -
debian debian_linux 9.0
oracle jdk 1.7.0
netapp vasa_provider_for_clustered_data_ontap 6.0
netapp oncommand_performance_manager -
redhat enterprise_linux_desktop 7.0
netapp virtual_storage_console *
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_desktop 6.0
oracle jre 1.7.0
redhat enterprise_linux_server_tus 7.7
oracle jre 1.6.0
redhat enterprise_linux_server_aus 7.6
netapp e-series_santricity_storage_manager -
redhat satellite 5.8
redhat enterprise_linux_server_tus 7.3
netapp vasa_provider_for_clustered_data_ontap *
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_eus 7.5
netapp plug-in_for_symantec_netbackup -
netapp storage_replication_adapter_for_clustered_data_ontap 9.6
debian debian_linux 8.0
netapp e-series_santricity_os_controller *
oracle jdk 1.6.0
netapp oncommand_unified_manager -
netapp oncommand_insight -
redhat enterprise_linux_server_aus 7.4
netapp oncommand_unified_manager *
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_workstation 6.0
netapp storage_replication_adapter_for_clustered_data_ontap *
netapp steelstore_cloud_integrated_storage -
redhat enterprise_linux_server 6.0
netapp virtual_storage_console 6.0
redhat enterprise_linux_eus 7.3
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_workstation 7.0
netapp element_software -
CVE-2017-10108 MEDIUM

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netapp snapmanager -
oracle jdk 1.8.0
oracle jre 1.8.0
phoenixcontact fl_mguard_dm *
redhat enterprise_linux_server_aus 7.3
netapp oncommand_shift -
redhat enterprise_linux_eus 7.4
netapp oncommand_balance -
netapp active_iq_unified_manager *
netapp cloud_backup -
debian debian_linux 9.0
oracle jdk 1.7.0
netapp vasa_provider_for_clustered_data_ontap 6.0
netapp oncommand_performance_manager -
redhat enterprise_linux_desktop 7.0
netapp virtual_storage_console *
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_eus 7.7
netapp oncommand_unified_manager 7.1
redhat enterprise_linux_desktop 6.0
oracle jre 1.7.0
redhat enterprise_linux_server_tus 7.7
oracle jre 1.6.0
redhat enterprise_linux_server_aus 7.6
netapp e-series_santricity_storage_manager -
redhat satellite 5.8
oracle jrockit r28.3.14
redhat enterprise_linux_server_tus 7.3
netapp vasa_provider_for_clustered_data_ontap *
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_eus 7.5
netapp plug-in_for_symantec_netbackup -
netapp storage_replication_adapter_for_clustered_data_ontap 9.6
debian debian_linux 8.0
netapp e-series_santricity_os_controller *
oracle jdk 1.6.0
netapp oncommand_unified_manager -
netapp oncommand_insight -
redhat enterprise_linux_server_aus 7.4
netapp oncommand_unified_manager *
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_workstation 6.0
netapp storage_replication_adapter_for_clustered_data_ontap *
netapp steelstore_cloud_integrated_storage -
redhat enterprise_linux_server 6.0
netapp virtual_storage_console 6.0
redhat enterprise_linux_eus 7.3
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_workstation 7.0
netapp element_software -
CVE-2017-10115 MEDIUM

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netapp snapmanager -
oracle jdk 1.8.0
oracle jre 1.8.0
phoenixcontact fl_mguard_dm *
redhat enterprise_linux_server_aus 7.3
netapp oncommand_shift -
redhat enterprise_linux_eus 7.4
netapp oncommand_balance -
netapp active_iq_unified_manager *
netapp cloud_backup -
debian debian_linux 9.0
oracle jdk 1.7.0
netapp vasa_provider_for_clustered_data_ontap 6.0
netapp oncommand_performance_manager -
redhat enterprise_linux_desktop 7.0
netapp virtual_storage_console *
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_desktop 6.0
oracle jre 1.7.0
redhat enterprise_linux_server_tus 7.7
oracle jre 1.6.0
redhat enterprise_linux_server_aus 7.6
netapp e-series_santricity_storage_manager -
redhat satellite 5.8
oracle jrockit r28.3.14
redhat enterprise_linux_server_tus 7.3
netapp vasa_provider_for_clustered_data_ontap *
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_eus 7.5
netapp plug-in_for_symantec_netbackup -
netapp storage_replication_adapter_for_clustered_data_ontap 9.6
debian debian_linux 8.0
netapp e-series_santricity_os_controller *
oracle jdk 1.6.0
netapp oncommand_unified_manager -
netapp oncommand_insight -
redhat enterprise_linux_server_aus 7.4
netapp oncommand_unified_manager *
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_workstation 6.0
netapp storage_replication_adapter_for_clustered_data_ontap *
netapp steelstore_cloud_integrated_storage -
redhat enterprise_linux_server 6.0
netapp virtual_storage_console 6.0
redhat enterprise_linux_eus 7.3
redhat enterprise_linux_workstation 7.0
netapp element_software -
CVE-2017-10116 MEDIUM

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.3 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H 1.6 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netapp snapmanager -
oracle jdk 1.8.0
oracle jre 1.8.0
redhat enterprise_linux_server_aus 7.3
netapp oncommand_shift -
redhat enterprise_linux_eus 7.4
netapp oncommand_balance -
netapp active_iq_unified_manager *
netapp cloud_backup -
debian debian_linux 9.0
oracle jdk 1.7.0
netapp vasa_provider_for_clustered_data_ontap 6.0
netapp oncommand_performance_manager -
redhat enterprise_linux_desktop 7.0
netapp virtual_storage_console *
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_desktop 6.0
oracle jre 1.7.0
redhat enterprise_linux_server_tus 7.7
oracle jre 1.6.0
redhat enterprise_linux_server_aus 7.6
netapp e-series_santricity_storage_manager -
redhat satellite 5.8
oracle jrockit r28.3.14
redhat enterprise_linux_server_tus 7.3
netapp vasa_provider_for_clustered_data_ontap *
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_eus 7.5
netapp plug-in_for_symantec_netbackup -
netapp storage_replication_adapter_for_clustered_data_ontap 9.6
debian debian_linux 8.0
netapp e-series_santricity_os_controller *
oracle jdk 1.6.0
netapp oncommand_unified_manager -
phoenixcontact fl_mguard_dm 1.8.0
netapp oncommand_insight -
redhat enterprise_linux_server_aus 7.4
netapp oncommand_unified_manager *
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_workstation 6.0
netapp storage_replication_adapter_for_clustered_data_ontap *
netapp steelstore_cloud_integrated_storage -
redhat enterprise_linux_server 6.0
netapp virtual_storage_console 6.0
redhat enterprise_linux_eus 7.3
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_workstation 7.0
netapp element_software -
CVE-2017-10118 MEDIUM

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netapp snapmanager -
oracle jdk 1.8.0
oracle jre 1.8.0
phoenixcontact fl_mguard_dm *
netapp oncommand_shift -
netapp e-series_santricity_storage_manager -
netapp oncommand_balance -
oracle jrockit r28.3.14
netapp active_iq_unified_manager *
netapp cloud_backup -
debian debian_linux 9.0
netapp vasa_provider_for_clustered_data_ontap *
oracle jdk 1.7.0
netapp vasa_provider_for_clustered_data_ontap 6.0
netapp oncommand_performance_manager -
netapp plug-in_for_symantec_netbackup -
netapp storage_replication_adapter_for_clustered_data_ontap 9.6
debian debian_linux 8.0
netapp e-series_santricity_os_controller *
netapp oncommand_unified_manager -
netapp oncommand_insight -
netapp oncommand_unified_manager *
netapp storage_replication_adapter_for_clustered_data_ontap *
netapp virtual_storage_console *
netapp steelstore_cloud_integrated_storage -
netapp virtual_storage_console 6.0
oracle jre 1.7.0
netapp element_software -
CVE-2017-10135 MEDIUM

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netapp snapmanager -
oracle jdk 1.8.0
oracle jre 1.8.0
phoenixcontact fl_mguard_dm *
redhat enterprise_linux_server_aus 7.3
netapp oncommand_shift -
redhat enterprise_linux_eus 7.4
netapp oncommand_balance -
netapp active_iq_unified_manager *
netapp cloud_backup -
debian debian_linux 9.0
oracle jdk 1.7.0
netapp vasa_provider_for_clustered_data_ontap 6.0
netapp oncommand_performance_manager -
redhat enterprise_linux_desktop 7.0
netapp virtual_storage_console *
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_desktop 6.0
oracle jre 1.7.0
redhat enterprise_linux_server_tus 7.7
oracle jre 1.6.0
redhat enterprise_linux_server_aus 7.6
netapp e-series_santricity_storage_manager -
oracle jrockit r28.3.14
redhat enterprise_linux_server_tus 7.3
netapp vasa_provider_for_clustered_data_ontap *
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_eus 7.5
netapp plug-in_for_symantec_netbackup -
netapp storage_replication_adapter_for_clustered_data_ontap 9.6
debian debian_linux 8.0
netapp e-series_santricity_os_controller *
oracle jdk 1.6.0
netapp oncommand_unified_manager -
netapp oncommand_insight -
redhat enterprise_linux_server_aus 7.4
netapp oncommand_unified_manager *
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_workstation 6.0
netapp storage_replication_adapter_for_clustered_data_ontap *
netapp steelstore_cloud_integrated_storage -
redhat enterprise_linux_server 6.0
netapp virtual_storage_console 6.0
redhat enterprise_linux_eus 7.3
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_workstation 7.0
netapp element_software -
CVE-2017-10176 MEDIUM

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netapp snapmanager -
oracle jdk 1.8.0
oracle jre 1.8.0
phoenixcontact fl_mguard_dm *
netapp oncommand_shift -
netapp e-series_santricity_storage_manager -
netapp oncommand_balance -
oracle jrockit r28.3.14
netapp active_iq_unified_manager *
netapp cloud_backup -
debian debian_linux 9.0
netapp vasa_provider_for_clustered_data_ontap *
oracle jdk 1.7.0
netapp vasa_provider_for_clustered_data_ontap 6.0
netapp oncommand_performance_manager -
netapp plug-in_for_symantec_netbackup -
netapp e-series_santricity_os_controller *
netapp oncommand_unified_manager -
netapp oncommand_insight -
netapp oncommand_unified_manager *
netapp storage_replication_adapter_for_clustered_data_ontap *
netapp virtual_storage_console *
netapp steelstore_cloud_integrated_storage -
netapp virtual_storage_console 6.0
oracle jre 1.7.0
netapp element_software -
CVE-2017-10198 MEDIUM

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N 2.2 4.0

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netapp virtual_storage_console -
netapp snapmanager -
oracle jdk 1.8.0
oracle jre 1.8.0
phoenixcontact fl_mguard_dm *
redhat enterprise_linux_server_aus 7.3
netapp oncommand_shift -
redhat enterprise_linux_eus 7.4
netapp oncommand_balance -
netapp active_iq_unified_manager *
netapp cloud_backup -
debian debian_linux 9.0
oracle jdk 1.7.0
netapp vasa_provider_for_clustered_data_ontap 6.0
netapp oncommand_performance_manager -
redhat enterprise_linux_desktop 7.0
netapp virtual_storage_console *
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_desktop 6.0
oracle jre 1.7.0
redhat enterprise_linux_server_tus 7.7
oracle jre 1.6.0
redhat enterprise_linux_server_aus 7.6
netapp e-series_santricity_storage_manager -
oracle jrockit r28.3.14
redhat enterprise_linux_server_tus 7.3
netapp vasa_provider_for_clustered_data_ontap *
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_eus 7.5
netapp plug-in_for_symantec_netbackup -
netapp storage_replication_adapter_for_clustered_data_ontap 9.6
debian debian_linux 8.0
netapp e-series_santricity_os_controller *
oracle jdk 1.6.0
netapp oncommand_unified_manager -
netapp oncommand_insight -
redhat enterprise_linux_server_aus 7.4
netapp oncommand_unified_manager *
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_workstation 6.0
netapp storage_replication_adapter_for_clustered_data_ontap *
netapp steelstore_cloud_integrated_storage -
redhat enterprise_linux_server 6.0
netapp virtual_storage_console 6.0
redhat enterprise_linux_eus 7.3
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_workstation 7.0
netapp element_software -
CVE-2017-16723 MEDIUM

A Cross-site Scripting issue was discovered in PHOENIX CONTACT FL COMSERVER BASIC 232/422/485, FL COMSERVER UNI 232/422/485, FL COMSERVER BAS 232/422/485-T, FL COMSERVER UNI 232/422/485-T, FL COM SERVER RS232, FL COM SERVER RS485, and PSI-MODEM/ETH (running firmware versions prior to 1.99, 2.20, or 2.40). The cross-site scripting vulnerability has been identified, which may allow remote code execution.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
phoenixcontact fl_comserver_bas_232_firmware 2.40
phoenixcontact psi-modem/eth_firmware 2.20
phoenixcontact fl_comserver_basic_485_firmware 2.40
phoenixcontact fl_com_server_rs485_firmware 1.99
phoenixcontact fl_comserver_uni_485_firmware 2.40
phoenixcontact fl_comserver_uni_485-t_firmware 2.40
phoenixcontact fl_comserver_bas_422_firmware 2.40
phoenixcontact fl_comserver_uni_422_firmware 2.40
phoenixcontact fl_comserver_basic_232_firmware 2.40
phoenixcontact fl_comserver_uni_232_firmware 2.40
phoenixcontact fl_comserver_basic_422_firmware 2.40
phoenixcontact fl_com_server_rs232_firmware 1.99
phoenixcontact fl_comserver_bas_485-t_firmware 2.40
CVE-2017-16741 MEDIUM

An Information Exposure issue was discovered in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, and 48xxx Series products running firmware Version 1.0 to 1.32. A remote unauthenticated attacker may be able to use Monitor Mode on the device to read diagnostic information.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-200,

Products Affected

Vendor Product Version
phoenixcontact fl_switch_3005_firmware *
phoenixcontact fl_switch_3016e_firmware *
phoenixcontact fl_switch_4808e-16fx_lc-4gc_firmware *
phoenixcontact fl_switch_4012t_2gt_2fx_firmware *
phoenixcontact fl_switch_4008t-2gt-3fx_sm_firmware *
phoenixcontact fl_switch_4824e-4gc_firmware *
phoenixcontact fl_switch_3006t-2fx_st_firmware *
phoenixcontact fl_switch_3004t-fx_st_firmware *
phoenixcontact fl_switch_3005t_firmware *
phoenixcontact fl_switch_3004t-fx_firmware *
phoenixcontact fl_switch_4800e-24fx_sm-4gc_firmware *
phoenixcontact fl_switch_4808e-16fx_st-4gc_firmware *
phoenixcontact fl_switch_4008t-2sfp_firmware *
phoenixcontact fl_switch_3016t_firmware *
phoenixcontact fl_switch_3006t-2fx_sm_firmware *
phoenixcontact fl_switch_4808e-16fx_sm_lc-4gc_firmware *
phoenixcontact fl_switch_4808e-16fx_sm_st-4gc_firmware *
phoenixcontact fl_switch_3006t-2fx_firmware *
phoenixcontact fl_switch_4000t-8poe-2sfp-r_firmware *
phoenixcontact fl_switch_3012e-2fx_sm_firmware *
phoenixcontact fl_switch_3016_firmware *
phoenixcontact fl_switch_3012e-2sfx_firmware *
phoenixcontact fl_switch_4808e-16fx_sm-4gc_firmware *
phoenixcontact fl_switch_3008t_firmware *
phoenixcontact fl_switch_4800e-24fx-4gc_firmware *
phoenixcontact fl_switch_3008_firmware *
phoenixcontact fl_switch_4008t-2gt-4fx_sm_firmware *
phoenixcontact fl_switch_4808e-16fx-4gc_firmware *
phoenixcontact fl_switch_4012t-2gt-2fx_st_firmware *
CVE-2017-16743 HIGH

An Improper Authorization issue was discovered in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, and 48xxx Series products running firmware Version 1.0 to 1.32. A remote unauthenticated attacker may be able to craft special HTTP requests allowing an attacker to bypass web-service authentication allowing the attacker to obtain administrative privileges on the device.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-285,CWE-863,

Products Affected

Vendor Product Version
phoenixcontact fl_switch_3005_firmware *
phoenixcontact fl_switch_3016e_firmware *
phoenixcontact fl_switch_4808e-16fx_lc-4gc_firmware *
phoenixcontact fl_switch_4012t_2gt_2fx_firmware *
phoenixcontact fl_switch_4008t-2gt-3fx_sm_firmware *
phoenixcontact fl_switch_4824e-4gc_firmware *
phoenixcontact fl_switch_3006t-2fx_st_firmware *
phoenixcontact fl_switch_3004t-fx_st_firmware *
phoenixcontact fl_switch_3005t_firmware *
phoenixcontact fl_switch_3004t-fx_firmware *
phoenixcontact fl_switch_4800e-24fx_sm-4gc_firmware *
phoenixcontact fl_switch_4808e-16fx_st-4gc_firmware *
phoenixcontact fl_switch_4008t-2sfp_firmware *
phoenixcontact fl_switch_3016t_firmware *
phoenixcontact fl_switch_3006t-2fx_sm_firmware *
phoenixcontact fl_switch_4808e-16fx_sm_lc-4gc_firmware *
phoenixcontact fl_switch_4808e-16fx_sm_st-4gc_firmware *
phoenixcontact fl_switch_3006t-2fx_firmware *
phoenixcontact fl_switch_4000t-8poe-2sfp-r_firmware *
phoenixcontact fl_switch_3012e-2fx_sm_firmware *
phoenixcontact fl_switch_3016_firmware *
phoenixcontact fl_switch_3012e-2sfx_firmware *
phoenixcontact fl_switch_4808e-16fx_sm-4gc_firmware *
phoenixcontact fl_switch_3008t_firmware *
phoenixcontact fl_switch_4800e-24fx-4gc_firmware *
phoenixcontact fl_switch_3008_firmware *
phoenixcontact fl_switch_4008t-2gt-4fx_sm_firmware *
phoenixcontact fl_switch_4808e-16fx-4gc_firmware *
phoenixcontact fl_switch_4012t-2gt-2fx_st_firmware *
CVE-2017-5159 HIGH

An issue was discovered on Phoenix Contact mGuard devices that have been updated to Version 8.4.0. When updating an mGuard device to Version 8.4.0 via the update-upload facility, the update will succeed, but it will reset the password of the admin user to its default value.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-99,

Products Affected

Vendor Product Version
phoenixcontact mguard_firmware 8.4.0
CVE-2017-5753 MEDIUM

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.6 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N 1.1 4.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-203,

Products Affected

Vendor Product Version
intel core_i5 470um
intel core_i7 4710hq
intel xeon_e3_1270_v2 -
phoenixcontact vl2_ppc_9000_firmware -
oracle solaris 10
synology router_manager *
intel core_i5 2450m
intel xeon_e5 4650
intel xeon_e3_1240_v6 -
intel atom_c c2558
intel xeon x3460
intel xeon x5675
intel xeon_e7 4880_v2
intel core_i5 2540m
intel xeon_e3_1240 -
intel core_i3 6098p
intel core_i5 4690t
intel xeon_platinum 8164
intel xeon_e3_1278l_v4 -
intel core_i5 3450
intel xeon_platinum 8176
vmware workstation *
intel xeon_e5 2699r_v4
phoenixcontact dl_ppc15_1000_firmware -
intel xeon_platinum 8168
intel core_i5 6287u
intel xeon_e3_1285_v4 -
intel core_i3 370m
intel core_i7 620um
intel atom_x7-e3950 -
intel xeon_platinum 8170
intel core_i5 6200u
intel core_i5 2500
intel atom_c c3758
intel core_i3 3227u
intel xeon_phi 7230
intel xeon_phi 7285
intel core_i3 2105
intel core_i5 3230m
intel core_i7 3667u
intel core_i5 2515e
intel xeon_e5 4655_v4
intel xeon_silver 4112
intel xeon e5503
intel core_i7 860
intel xeon x5677
intel xeon_e5 2687w_v4
intel xeon_e3_1270 -
intel core_i5 2410m
intel core_i5 3439y
intel xeon_e3_1240l_v3 -
intel core_i7 2600k
intel core_i7 2637m
intel xeon e7530
intel xeon_e5 2697_v2
intel xeon_e5_2630l -
canonical ubuntu_linux 12.04
intel core_i5 3427u
intel xeon_e3_1245_v2 -
intel core_i3 2330m
intel xeon_e3 1558l_v5
intel xeon_e3_1230l_v3 -
intel xeon_phi 7295
intel celeron_n n2810
intel xeon x5670
intel core_i7 5700hq
intel xeon_e-1105c -
intel xeon_e3_1240_v2 -
intel core_i7 610e
intel core_i7 7700k
intel core_i5 2320
intel xeon_e3_1270_v5 -
intel core_i7 2920xm
intel core_i7 4720hq
intel xeon_e7 4820
intel core_i7 2630qm
phoenixcontact vl2_bpc_9000_firmware -
intel xeon l5520
intel core_i7 4650u
intel core_i7 4500u
intel xeon_e7 4809_v2
intel core_i7 5650u
intel core_i3 2310e
netapp hci -
intel core_i7 4900mq
intel core_i3 330um
intel xeon_e5 2670
siemens simatic_winac_rtx_(f)_2010_firmware *
intel xeon_e5 2690
intel core_i7 4790s
intel xeon_gold 6154
intel core_i3 2357m
intel core_i3 4370t
intel xeon_e3_1290 -
intel xeon_silver 4116t
intel xeon_e5_2650_v4 -
intel celeron_n n3050
intel xeon_e3_1290_v2 -
intel xeon l3406
intel xeon_e3_1225_v3 -
intel atom_c c2730
intel celeron_n n3350
intel xeon x5690
intel core_i5 3437u
intel core_m 5y70
intel xeon l5506
intel xeon_e5 2667_v2
intel core_i3 2310m
intel core_i7 2649m
intel xeon_e7 4850_v2
intel xeon_e7 4830_v2
intel xeon_e5_2603 -
intel xeon x3480
intel core_i7 3520m
intel xeon_e7 2850_v2
intel core_m 5y31
intel core_i3 2100t
intel core_i3 4170
phoenixcontact bl_ppc17_1000_firmware -
arm cortex-a75_firmware -
intel xeon_e5_2648l_v3 -
intel xeon_gold 6142f
phoenixcontact vl_bpc_1000_firmware -
intel atom_z z2460
phoenixcontact bl_ppc_7000_firmware -
intel core_i5 4310m
phoenixcontact vl2_ppc_7000_firmware -
intel atom_x3 c3445
intel celeron_j j3060
intel xeon_e3_1275l_v3 -
intel xeon_e5 4607
intel core_i3 4030y
intel xeon_e3_1260l_v5 -
intel xeon_gold 6130t
intel xeon_e7 4820_v2
intel xeon e5645
intel atom_x3 c3265rk
intel xeon_gold 6146
arm cortex-a9_firmware -
intel core_i3 2328m
intel core_i5 520um
intel core_i5 4460
intel xeon_e5 2667_v3
intel xeon_e5 4655_v3
intel core_i5 5575r
intel xeon_e7 8870_v3
intel core_i5 580m
intel xeon_e5_2438l_v3 -
intel xeon_e5_2650_v3 -
intel celeron_n n3160
intel xeon_e5_2603_v4 -
intel core_i5 6300u
intel xeon_e5_2450_v2 -
intel core_i3 6157u
intel xeon_e7 2830
arm neoverse_n2_firmware -
intel core_i7 4770te
intel core_i3 6100h
intel core_i5 430um
intel xeon_e5 2670_v3
intel core_i5 2500k
intel core_i5 3470
intel xeon_gold 6136
intel core_i3 560
siemens simatic_itc1900_pro_firmware *
intel core_i7 5950hq
intel core_i3 3245
intel xeon_e5_2418l_v3 -
intel core_i3 4360
intel core_i5 4302y
intel xeon_e3_1505l_v5 -
phoenixcontact el_ppc_1000_firmware -
pepperl-fuchs btc14_firmware -
intel xeon_e5 2667_v4
intel core_i3 4012y
intel core_i3 6300
intel xeon_e5_2608l_v4 -
intel core_i7 990x
intel core_i5 4670
intel atom_e e3827
intel core_i7 940xm
intel xeon x3470
intel atom_z z3775d
intel atom_z z3795
intel xeon_e7 8837
intel xeon_gold 5119t
intel core_i3 540
intel core_i3 3217u
intel core_i5 2500s
intel core_i5 4288u
intel celeron_n n3060
intel core_i7 4600u
intel xeon_e3_1125c_v2 -
intel atom_z z3735d
intel xeon_e5 2680
phoenixcontact bl_bpc_3000_firmware -
intel celeron_j j3160
intel xeon_e7 8870_v2
intel core_i5 6260u
intel celeron_j j1900
intel xeon_e5 4620_v4
intel xeon_e5_2637_v2 -
intel xeon_e7 4850_v4
arm cortex-a12_firmware -
intel core_i3 4030u
intel xeon_e7 8860_v4
intel xeon_e7 8870_v4
intel core_i3 2130
intel core_i7 2715qe
intel xeon_e5 4640_v4
intel pentium_n n3510
intel core_i7 4950hq
intel core_i5 2510e
intel core_i7 4712hq
intel xeon_e5 2695_v2
oracle local_service_management_system 13.1
intel xeon_e7 4820_v4
intel core_i7 820qm
intel xeon_e5 4610_v3
intel atom_z z3745
intel pentium_n n3530
phoenixcontact vl2_ppc9_1000_firmware -
intel xeon l5618
intel xeon_e3 1578l_v5
canonical ubuntu_linux 17.10
phoenixcontact bl2_ppc_2000_firmware -
intel core_i5 4430
intel core_i5 3340
intel atom_z z3736f
intel celeron_n n2840
intel celeron_n n3010
intel xeon e5603
intel xeon_e7 8890_v3
intel core_i7 4710mq
intel core_i7 2657m
intel xeon_e5_2418l_v2 -
synology vs960hd_firmware -
intel core_i7 5850eq
intel atom_c c3558
intel core_i3 4100u
intel atom_x3 c3295rk
intel xeon_e5 4650_v2
intel xeon_e5 4669_v3
intel core_i3 2120
intel core_i5 4210h
intel xeon_e5 4610_v2
intel core_i3 3250t
intel celeron_n n2830
intel core_i5 680
intel core_i7 4750hq
intel atom_z z3745d
intel xeon_e5_2628l_v2 -
phoenixcontact el_ppc_1000/wt_firmware -
intel xeon_e5 2683_v3
intel xeon_e5_2650l_v2 -
intel atom_c c2338
intel core_i3 3220
intel xeon_e5_2650l -
intel core_i5 4430s
intel xeon_e5_2630l_v2 -
intel core_i5 3330s
intel core_i7 3615qe
opensuse leap 42.2
intel core_i5 4360u
intel core_m 5y71
intel celeron_n n2806
intel xeon_gold 6126
intel core_i3 4010y
phoenixcontact dl_ppc21.5m_7000_firmware -
intel xeon_e5_2620_v2 -
intel core_i3 6100
intel core_i5 6585r
intel xeon l5609
intel xeon_e5_2630l_v4 -
opensuse leap 42.3
intel core_m 5y10
intel celeron_n n4100
intel core_i5 3570k
intel core_i7 8700k
intel core_i5 4260u
intel atom_c c2758
vmware esxi 6.0
intel xeon_e5_2640_v4 -
intel celeron_n n2920
intel core_i7 4850hq
intel xeon_e5_2623_v3 -
intel core_i3 6300t
intel core_i7 2655le
intel xeon e5606
intel xeon_e5 2697a_v4
intel xeon_e5 2660_v2
intel core_i5 4570te
intel core_i7 3632qm
intel xeon_e5 4627_v4
intel xeon_gold 6142
intel xeon_gold 6144
intel xeon w3670
intel xeon_e5 2658a_v3
intel core_i5 4330m
intel xeon_e7 8893_v3
intel xeon_gold 6150
intel atom_c c3538
intel xeon_e3_1220_v6 -
phoenixcontact bl2_bpc_1000_firmware -
intel core_i5 3470s
intel core_i5 8250u
intel atom_z z3460
intel atom_c c2750
intel core_i7 7920hq
intel xeon_e5_2407 -
intel celeron_j j1750
suse suse_linux_enterprise_desktop 12
intel core_i3 2312m
intel core_i5 6600k
intel core_i3 8350k
intel xeon_e5 4640
intel core_i3 4360t
intel xeon_e5_2648l_v2 -
intel xeon_e7 2820
synology skynas -
intel atom_z z3590
intel xeon_e7 8891_v4
intel core_i3 4350
intel core_i7 3740qm
intel core_i7 7820eq
intel xeon_platinum 8158
intel xeon x3430
intel xeon_e7 2860
intel xeon_e3_1105c_v2 -
synology diskstation_manager *
intel core_i3 3250
intel xeon_e7 4809_v3
phoenixcontact dl_ppc18.5m_7000_firmware -
arm cortex-a78_firmware -
intel xeon_e3 1545m_v5
intel core_i5 560um
intel xeon_e5_2428l_v3 -
intel xeon_e7 8880l_v2
intel xeon_e5_2640_v2 -
intel core_i5 6600
intel xeon_e3_1275 -
intel core_i3 2348m
intel core_i7 8650u
intel core_i7 3610qm
intel core_i7 2635qm
intel atom_c c2738
intel core_i7 3840qm
intel core_i3 4160
intel core_i3 6100te
intel core_i7 3517u
intel xeon_e7 4807
intel core_i3 380m
intel core_i3 3240t
intel core_i5 4278u
intel core_i3 4100e
intel core_i5 5250u
intel xeon x3450
intel xeon x5570
intel core_i5 520m
intel core_m3 6y30
intel xeon_e5_2428l_v2 -
intel xeon_e3_1230_v3 -
intel xeon_e3_1280 -
intel xeon_e5_1650_v3 -
intel core_i7 875k
intel xeon_e3_1225_v2 -
intel xeon_e3_1276_v3 -
intel xeon_e5_2650_v2 -
intel core_i3 4330t
intel core_i5 4460t
intel core_i5 6300hq
intel atom_c c3708
intel xeon_e5_2620_v3 -
intel xeon w5580
intel xeon_phi 7210f
intel core_i7 4610m
intel core_i7 4700eq
intel xeon_e7 8867_v4
intel xeon_e3_1245_v3 -
intel xeon_e5_2609 -
intel core_i3 3120m
intel atom_x3 c3230rk
intel core_i7 660um
intel xeon_e5_2609_v4 -
intel xeon_e5_2630l_v3 -
intel xeon x5687
intel pentium_j j3710
intel xeon_e5_2428l -
intel core_i7 3610qe
intel core_i3 2125
intel core_i5 4422e
intel core_i5 4570t
intel xeon_gold 6138
intel core_i3 4025u
intel xeon_e5 2665
arm cortex-r7_firmware -
intel xeon_e3 1585l_v5
phoenixcontact vl_bpc_2000_firmware -
intel core_i3 5015u
intel core_i5 4350u
intel xeon_e3_1230_v6 -
intel core_i7 3630qm
intel xeon_e5 2650l_v4
intel xeon_gold 5120
intel celeron_n n2808
intel xeon_e3_1285l_v3 -
intel xeon_e5 4603
intel core_i5 670
intel xeon_e5_2608l_v3 -
intel core_i7 950
intel core_i7 2600
intel core_i7 2710qe
intel core_i7 2629m
intel core_m5 6y57
intel xeon_e3_1220_v2 -
intel xeon_e5 4617
intel core_i3 3220t
intel core_i3 8100
intel xeon x5650
intel core_i7 7500u
intel core_i5 2467m
phoenixcontact bl_ppc15_7000_firmware -
phoenixcontact vl2_ppc12_1000_firmware -
intel xeon_e3_1235l_v5 -
intel xeon_e5_2408l_v3 -
intel atom_x3 c3130
intel xeon_e7 4830
intel core_i3 4160t
intel pentium_j j4205
intel xeon x7550
intel core_i7 4702mq
intel xeon_e5_1680_v4 -
intel core_i3 6100e
intel xeon_e5 2660_v3
intel core_i3 4110m
intel xeon_e7 8890_v4
intel core_i3 3217ue
intel celeron_n n2807
intel core_i5 6400
intel atom_z z3770
intel core_i7 960
synology vs360hd_firmware -
intel celeron_n n3150
intel xeon_e5 4624l_v2
intel core_i7 4765t
intel xeon_e5_2637 -
intel core_i7 640m
intel xeon_e7 4870_v2
intel core_m 5y10c
intel atom_c c2718
intel xeon_e5_2618l_v3 -
intel xeon_e5_1660 -
intel core_i5 2400s
intel xeon_e3_1265l_v2 -
arm cortex-r8_firmware -
intel xeon_phi 7290f
intel xeon_e5_2430l -
intel core_i7 4760hq
intel xeon_gold 6126f
intel core_i7 4770hq
intel core_i5 6685r
intel xeon ec5549
phoenixcontact bl_rackmount_4u_firmware -
intel core_i5 4200u
intel xeon_gold 5118
intel xeon_e5_1660_v3 -
vmware fusion *
intel atom_c c3830
intel atom_z z3740d
intel core_i3 4150t
intel atom_z z3735g
intel core_i7 3612qm
suse suse_linux_enterprise_server 11
intel atom_c c3508
intel core_i5 4570
intel core_i3 5005u
siemens simatic_itc1900_firmware *
intel xeon e5507
intel xeon_e5 2697_v3
intel core_i3 3225
intel core_i7 7820hk
intel core_i5 3340s
intel xeon_e5 2695_v4
intel core_i5 5300u
intel celeron_n n2910
intel xeon_e5_2628l_v4 -
phoenixcontact bl_rackmount_2u_firmware -
intel core_i5 4202y
intel xeon_e5_2618l_v4 -
intel xeon_e3_1265l_v3 -
intel xeon e5506
intel xeon_gold 6126t
intel xeon e5620
intel xeon_e7 2880_v2
intel core_i5 6267u
intel core_i5 6500te
intel core_i7 4790k
intel core_i5 3550
intel xeon e5520
intel xeon_gold 6152
intel xeon_e7 8880_v2
intel xeon_e3_1245_v5 -
intel xeon_e5_1620_v3 -
intel xeon_e5 2699_v4
intel core_i3 4150
intel core_i5 760
intel core_i5 4402e
debian debian_linux 8.0
intel core_i3 5157u
intel xeon_e5_2450 -
intel xeon_silver 4116
intel xeon e7520
intel core_i3 2370m
intel core_i7 3517ue
phoenixcontact bl2_bpc_2000_firmware -
intel core_i7 2675qm
intel core_i3 4170t
intel xeon e5630
intel xeon lc5528
intel xeon_e3_1505l_v6 -
intel atom_c c3958
intel core_i5 3475s
intel xeon_e5_2609_v2 -
intel core_i7 840qm
intel core_i7 2700k
intel xeon_e5 4648_v3
intel atom_x3 c3405
intel xeon_e3_1505m_v5 -
intel xeon_e5 2680_v2
intel xeon_e3_1286_v3 -
intel xeon_e7 8850
intel core_i3 4340
intel xeon_e5 4610_v4
intel core_i3 4120u
intel core_i7 2617m
intel core_i7 920
intel xeon_e3_1258l_v4 -
intel core_i7 3537u
intel xeon_e3_1220_v5 -
intel xeon_e5 2670_v2
intel xeon_e7 2850
intel xeon_e5_2630_v3 -
intel core_i5 6500
intel core_i3 4010u
intel celeron_n n2815
intel core_i5 3450s
intel xeon_e7 4809_v4
phoenixcontact bl_bpc_7001_firmware -
intel atom_z z3735e
intel xeon_e5_1660_v2 -
intel xeon_e5_2470 -
intel core_i5 4200y
intel xeon_e5 4667_v4
intel core_i7 740qm
intel xeon_gold 6138f
intel core_i5 4590t
intel core_i5 3380m
intel core_i7 4700hq
intel core_i7 4771
intel xeon_e5 4650l
intel core_i5 5287u
intel xeon_e3_1230_v5 -
intel atom_c c2350
phoenixcontact bl_ppc15_3000_firmware -
intel xeon_e7 4860
intel core_i7 4870hq
canonical ubuntu_linux 16.04
intel core_i3 4110e
intel xeon_platinum 8170m
intel xeon_e5 2660
intel core_i3 2365m
intel core_i7 2677m
intel core_i5 4670k
phoenixcontact vl2_ppc_1000_firmware -
intel core_i5 650
intel core_i5 4460s
intel xeon_e5 2690_v3
intel core_i7 4578u
intel xeon_e5 2687w_v3
intel xeon_e5_2448l_v2 -
intel xeon_e7 4830_v4
intel core_i5 3210m
intel core_i7 3540m
intel core_m3 7y32
suse suse_linux_enterprise_server 12
intel xeon_e7 8867l
intel core_i3 4005u
intel core_i7 4600m
intel xeon_platinum 8176m
intel core_i5 3317u
intel xeon_e3_1271_v3 -
intel core_i7 4770r
intel core_i5 4200h
intel core_i3 4340te
arm cortex-x1_firmware -
intel atom_c c3950
intel xeon_e5_2643_v2 -
intel core_i7 4770
intel core_i5 2450p
intel xeon_e5 4607_v2
intel xeon_e5_1428l_v3 -
intel core_i3 4100m
intel xeon e5640
intel core_i3 2100
intel xeon_e5 2660_v4
intel xeon_e7 4850_v3
phoenixcontact valueline_ipc_firmware -
intel core_i3 6102e
intel atom_z z3770d
intel xeon_gold 6142m
phoenixcontact bl2_bpc_7000_firmware -
intel core_i3 2120t
phoenixcontact bl_ppc12_1000_firmware -
intel xeon_e5_2630_v2 -
intel xeon_e3_1270_v3 -
intel core_i5 4590s
intel core_i7 3770
intel xeon_e7 4830_v3
intel core_i5 8400
intel xeon_platinum 8176f
intel celeron_j j3455
intel xeon_gold 6134
intel xeon_gold 6148f
intel core_i3 3130m
intel core_i5 2557m
intel xeon_e5 2687w_v2
intel xeon_e3_12201_v2 -
intel xeon_e3_1245 -
intel xeon_e5 2699_v3
intel pentium_n n3700
intel xeon_e5_2648l_v4 -
netapp solidfire -
intel core_i7 965
intel atom_z z3736g
intel core_i3 6006u
intel atom_z z3735f
intel xeon_e5 2658_v4
intel core_i3 330e
intel core_i7 5775c
intel xeon_e3_1268l_v5 -
intel core_i7 620lm
phoenixcontact vl_bpc_3000_firmware -
intel xeon_e5_2420_v2 -
oracle local_service_management_system 13.2
intel core_i3 3229y
intel core_i5 2400
intel xeon e7540
intel core_i7 4700mq
intel xeon_e7 8880_v4
phoenixcontact bl_bpc_2001_firmware -
intel core_i7 3635qm
intel core_i7 720qm
arm cortex-a8_firmware -
intel core_i5 6402p
intel xeon_e5_2609_v3 -
intel core_i7 3770t
intel core_i7 2640m
intel xeon l5640
intel xeon_e5 4650_v4
intel xeon_e5 2658_v3
intel core_i7 5550u
intel celeron_n n2940
intel core_i7 3612qe
intel atom_c c2530
intel xeon_e5_2640 -
arm cortex-a76_firmware -
intel xeon x5647
phoenixcontact bl_ppc17_3000_firmware -
intel core_i5 520e
intel xeon_e5_2643_v3 -
intel core_i7 3615qm
intel xeon_e5_2643_v4 -
phoenixcontact bl2_ppc_7000_firmware -
intel xeon e5504
intel xeon_e3_1241_v3 -
intel xeon_e5_2643 -
arm cortex-a77_firmware -
intel core_i5 4590
intel xeon_e3_1285_v3 -
intel xeon_e3_1280_v3 -
intel core_i3 2375m
arm cortex-a15_firmware -
intel xeon_e3_1125c -
intel xeon_e7 8891_v2
intel core_i5 5200u
intel xeon_e5_2418l -
intel xeon_e7 8857_v2
intel xeon_platinum 8153
intel xeon_e3 1535m_v5
intel core_m 5y51
intel core_i5 3340m
intel xeon_e3 1585_v5
intel xeon_gold 5115
intel xeon x5680
intel xeon x6550
intel core_i7 5850hq
phoenixcontact vl2_bpc_3000_firmware -
intel core_i5 4210m
intel core_i7 3689y
intel core_i3 3115c
intel core_i7 5557u
intel core_i5 480m
intel core_i5 3337u
intel core_i5 4440s
intel core_i7 7700
intel core_i7 4960hq
phoenixcontact vl2_ppc_2000_firmware -
intel xeon_e5_1650_v4 -
intel xeon e5502
intel atom_e e3825
intel xeon_gold 6140m
intel core_i3 6167u
intel xeon_phi 7250
intel xeon_e3_1260l -
phoenixcontact bl_bpc_3001_firmware -
intel xeon_e5_2403_v2 -
intel atom_e e3845
intel xeon_e5 2697_v4
vmware esxi 6.5
intel xeon l3426
intel xeon_platinum 8160m
intel xeon_e3_1285l_v4 -
phoenixcontact vl_ppc_2000_firmware -
arm cortex-a73_firmware -
intel core_i5 2537m
intel core_i7 880
intel xeon_e3_1235 -
intel xeon_e5_2403 -
intel core_i5 6600t
intel core_i5 4690
intel xeon_e3_1268l_v3 -
intel core_i7 3720qm
siemens simatic_winac_rtx_(f)_2010_firmware 2010
intel xeon_e5_2470_v2 -
intel core_i7 2610ue
intel xeon_e3 1565l_v5
intel xeon_e5_2630_v4 -
intel atom_z z3785
intel xeon_e3_1230_v2 -
intel xeon_e3_1246_v3 -
siemens simatic_itc1500_pro_firmware *
intel core_i5 4670t
intel core_i3 2350m
intel atom_c c3338
intel core_i3 4102e
intel xeon_e5_2628l_v3 -
intel xeon l5638
intel core_i5 5257u
intel atom_z z3480
intel core_m 5y10a
intel core_i3 4370
intel core_i5 450m
intel xeon_e7 2803
intel core_i7 870
intel core_i5 3570s
intel atom_x3 c3200rk
intel xeon_e5_2620_v4 -
intel xeon_e7 8880l_v3
intel xeon_e5 4627_v3
intel xeon_e5 2690_v2
intel xeon_e5 4660_v3
intel xeon_e7 8860
intel core_i5 8600k
intel core_i7 7700t
intel core_i5 750
intel atom_c c2518
intel xeon x5660
intel atom_z z3580
intel xeon_silver 4109t
intel core_i7 2620m
intel xeon_e5_1620_v2 -
intel xeon_e5 2698_v3
intel core_i5 4670s
intel core_i3 4000m
intel core_i5 2405s
arm cortex-a57_firmware -
intel core_i5 4670r
intel xeon_e3_1226_v3 -
intel xeon_e7 4850
intel xeon_gold 6138t
intel xeon_e5 4610
phoenixcontact vl2_bpc_7000_firmware -
intel xeon_phi 7250f
intel core_i5 2310
intel core_i5 4690s
intel atom_z z2560
phoenixcontact vl2_ppc7_1000_firmware -
intel xeon_e5_1620_v4 -
intel core_i7 3820qm
intel xeon_e7 8891_v3
intel xeon_e5_2430 -
intel celeron_n n2820
intel xeon_e3_1220_v3 -
intel celeron_n n4000
intel core_i3 2115c
intel core_i5 4402ec
intel xeon_e7 2890_v2
intel core_i5 3350p
intel core_i5 3550s
intel core_i3 5020u
intel core_i5 4410e
intel core_i7 4550u
intel atom_c c2316
intel xeon_e5_2620 -
phoenixcontact bl2_ppc_1000_firmware -
intel atom_c c3850
intel xeon e5530
intel xeon_e5_2640_v3 -
intel pentium_n n4200
intel core_i7 680um
intel core_i3 4350t
intel atom_c c2508
intel core_i3 5010u
intel xeon_e5_1428l -
intel xeon_e7 2870_v2
intel core_i7 2960xm
intel xeon_e5 2658_v2
intel xeon lc5518
intel core_i7 920xm
intel xeon_e7 8890_v2
intel core_i3 2377m
intel core_i7 860s
intel core_i5 2390t
oracle solaris 11.3
intel core_i7 970
intel core_i5 6440eq
intel xeon_e3_1281_v3 -
intel core_i7 4510u
intel core_i5 3610me
intel core_i3 6100t
intel xeon_e3_1225_v5 -
arm cortex-a72_firmware -
intel celeron_j j4105
intel xeon_e7 8893_v2
intel xeon_e7 8894_v4
intel core_i3 3110m
intel xeon_e5_1620 -
intel atom_c c3308
intel core_i5 2380p
intel atom_e e3826
intel xeon_silver 4114t
intel core_i7 660ue
intel core_i5 4340m
intel xeon_e7 4860_v2
intel xeon e5607
intel core_i3 4158u
intel atom_z z3530
intel core_i5 661
intel xeon_e5_1660_v4 -
intel core_i7 4800mq
pepperl-fuchs btc12_firmware -
intel core_i7 870s
intel core_i7 640um
intel core_i5 4690k
intel xeon l7545
intel xeon w3690
intel xeon x5672
intel xeon e5540
intel core_i7 4712mq
intel xeon_phi 7210
intel core_i7 2860qm
intel xeon_gold 6148
intel atom_z z3570
intel core_i5 4200m
intel atom_z z2420
intel atom_x3 c3205rk
intel core_i3 6100u
intel atom_c c3955
intel core_i7 3770k
intel xeon_silver 4114
intel xeon_e5_2650 -
intel xeon_e3_1275_v6 -
siemens simatic_itc2200_pro_firmware *
intel core_i7 5775r
suse suse_linux_enterprise_software_development_kit 11
phoenixcontact bl_ppc_1000_firmware -
intel core_i7 4770k
intel xeon_e3_1501m_v6 -
intel atom_z z3740
intel core_i5 3339y
intel core_i5 4250u
intel xeon_e5 2699a_v4
intel xeon_e5_2448l -
intel core_i7 4980hq
intel atom_c c2308
intel pentium_n n3520
intel xeon_e3_1275_v3 -
intel xeon_phi 7290
intel xeon_e5 4657l_v2
intel core_i7 3687u
intel xeon_e5_2430l_v2 -
intel xeon_e7 2870
intel xeon_e5_2440 -
intel xeon_gold 6128
intel core_i7 620ue
intel xeon_e5 4640_v2
intel xeon_bronze_3106 -
intel core_i5 750s
intel core_i3 4130t
phoenixcontact vl2_bpc_1000_firmware -
intel xeon_e5 4627_v2
intel xeon_phi 7230f
intel core_i7 975
intel celeron_n n3450
intel core_i3 330m
debian debian_linux 9.0
intel xeon_e5_2407_v2 -
intel core_i5 6360u
intel xeon_gold 5122
intel core_i3 550
intel atom_x3 c3235rk
intel atom_z z3775
intel core_i5 4400e
intel xeon_gold 5120t
intel core_i5 2430m
suse suse_linux_enterprise_software_development_kit 12
intel core_i3 4330te
intel core_i7 4558u
intel xeon_e3_1225 -
intel xeon_e3_1245_v6 -
intel pentium_j j2900
intel xeon_e5_2450l_v2 -
intel xeon_e3_1220l_v3 -
intel core_i7 5700eq
intel core_i5 5675c
intel xeon_e5_2630 -
intel xeon_e3_1265l_v4 -
intel xeon_e5_1680_v3 -
intel xeon_e3_1275_v2 -
intel xeon_gold 6134m
phoenixcontact vl2_ppc_3000_firmware -
intel xeon e6510
intel core_i5 430m
intel atom_e e3805
intel celeron_n n3000
intel xeon_silver 4108
intel atom_c c3858
intel xeon_e5 2683_v4
intel xeon_gold 6130f
phoenixcontact vl_ipc_p7000_firmware -
intel core_i5 4308u
intel xeon l5518
intel core_i5 460m
intel celeron_n n2805
intel xeon_platinum 8160f
intel core_i5 2500t
phoenixcontact bl_bpc_2000_firmware -
phoenixcontact dl_ppc15m_7000_firmware -
intel core_i5 5675r
intel core_i3 380um
intel xeon_e5 4650_v3
intel atom_c c3808
intel xeon_gold 6130
intel xeon_e5_1630_v3 -
intel xeon_e5 4628l_v4
intel xeon_e5_2618l_v2 -
intel xeon_e7 8850_v2
intel xeon_platinum 8160t
intel core_i7 4770t
intel core_i3 4020y
intel xeon_e3 1515m_v5
intel core_i5 560m
intel core_i5 3320m
intel core_i7 980x
intel atom_z z2480
phoenixcontact bl_ppc15_1000_firmware -
intel xeon l7555
intel core_i5 540m
intel xeon_e5 2680_v3
intel xeon_gold 6140
intel atom_c c2538
intel core_i5 2435m
siemens simatic_itc2200_firmware *
intel atom_c c3750
intel core_i7 4810mq
intel core_i3 3210
intel core_i7 980
intel core_i5 2550k
intel xeon x7542
phoenixcontact el_ppc_1000/m_firmware -
intel core_i3 4130
intel xeon_e5_2420 -
intel xeon_e7 8830
intel core_i7 2720qm
intel core_i7 4610y
intel core_i5 540um
intel xeon ec5509
intel xeon_e5 4620_v3
intel core_i7 930
intel core_m3 7y30
intel core_i5 4220y
intel xeon l5630
intel xeon_e7 8880_v3
intel xeon_e5_2603_v3 -
intel core_i5 4300m
intel atom_x5-e3940 -
intel core_i7 4790t
intel core_i5 5350h
intel core_i7 620m
arm neoverse_n1_firmware -
intel core_i5 8350u
intel xeon_e3_1220 -
intel xeon_e5_2623_v4 -
intel xeon_e5_2650l_v3 -
intel core_i7 7820hq
siemens simatic_itc1500_firmware *
intel xeon_e5 4667_v3
intel core_i5 6500t
intel xeon e6540
intel celeron_j j4005
intel core_i3 530
intel core_i3 6320
canonical ubuntu_linux 17.04
intel core_i5 4210u
intel xeon_e5_2430_v2 -
intel xeon_e7 4820_v3
intel core_i7 7560u
intel xeon_e5_2637_v3 -
phoenixcontact bl_bpc_7000_firmware -
intel pentium_j j2850
intel core_i7 5600u
intel xeon w3680
intel core_i5 3330
intel core_i5 4440
intel core_i3 2367m
intel atom_z z2760
oracle local_service_management_system 13.3
intel core_m5 6y54
intel xeon_e3_1240_v5 -
intel xeon_e5_1630_v4 -
intel xeon_e7 8860_v3
intel xeon_platinum 8180
intel core_i5 4300y
intel pentium_n n3710
intel core_i7 4910mq
intel xeon_platinum 8156
intel core_i3 4330
intel xeon_e7 4870
intel core_i7 4785t
intel xeon_e3_1286l_v3 -
intel core_i5 6400t
arm cortex-a78ae_firmware -
intel core_i7 2600s
intel celeron_n n2930
intel core_i3 3240
intel core_i7 7600u
intel atom_z z2580
intel core_i5 4570s
intel xeon_e5 2680_v4
intel core_i7 4722hq
intel core_i5 6350hq
intel xeon w5590
intel core_i7 4790
intel xeon x7560
intel xeon_e3_1270_v6 -
intel atom_c c2516
intel core_i5 3360m
intel xeon_e3_1225_v6 -
canonical ubuntu_linux 14.04
intel atom_c c2550
intel xeon_e3 1535m_v6
intel core_i7 4702ec
intel xeon_e7 4890_v2
intel xeon_e5_1650 -
phoenixcontact bl_ppc17_7000_firmware -
intel xeon_e5 4660_v4
intel core_i3 2102
intel core_i7 940
intel core_i7 620le
intel xeon_silver 4110
intel core_i5 4258u
synology virtual_machine_manager *
intel core_i5 4210y
intel celeron_j j1850
intel xeon_e5_1428l_v2 -
intel core_i3 2340ue
intel xeon_e3_1280_v5 -
intel xeon_e5_2637_v4 -
intel xeon_e3 1505m_v6
intel xeon_e5_2450l -
intel core_i7 2760qm
intel xeon_e7 8870
intel celeron_j j1800
intel xeon_e5_1650_v2 -
intel core_i5 2520m
phoenixcontact vl_ppc_3000_firmware -
intel core_i7 7567u
intel xeon_e7 8893_v4
intel xeon_e7 8867_v3
intel xeon_e3_1240_v3 -
intel atom_x5-e3930 -
intel core_i7 640lm
intel xeon_e5 4669_v4
intel core_i3 4112e
intel xeon_e5 2658
intel core_i5 2300
intel core_i7 2670qm
intel xeon_e5 2695_v3
intel core_i7 660lm
intel pentium_n n3540
intel xeon_e5 2687w
intel core_i3 390m
intel core_i5 3470t
intel core_i7 4860hq
intel xeon_phi 7235
phoenixcontact vl2_bpc_2000_firmware -
intel core_i5 6440hq
intel celeron_j j3355
intel xeon ec5539
intel core_i5 6442eq
intel atom_c c2358
intel core_i7 4770s
intel xeon x5550
intel xeon_e3 1575m_v5
intel core_i5 4300u
intel xeon_e5 2690_v4
intel atom_e e3815
intel core_i5 4310u
intel atom_z z3560
intel xeon_e5 2698_v4
intel core_i7 7y75
intel xeon_e3_1230 -
intel core_i5 655k
intel xeon_e5 2667
intel core_i7 8700
intel xeon_e5 4620_v2
vmware esxi 5.5.0
intel xeon_e3_1240l_v5 -
intel xeon x3440
intel xeon_e3_12201 -
intel xeon_e3_1280_v6 -
intel xeon_e5_2603_v2 -
intel core_i5 5350u
intel core_i7 7660u
intel core_i3 2330e
intel xeon_bronze_3104 -
intel core_i7 3770s
intel core_i7 5500u
intel xeon e5649
intel core_i3 350m
intel xeon_e5_2440_v2 -
intel xeon_gold 6132
intel xeon_e3_1501l_v6 -
intel core_i3 3120me
arm cortex-a17_firmware -
intel core_i5 660
intel core_i5 3570
intel xeon_e3_1275_v5 -
intel core_i7 4702hq
intel xeon_e5 4603_v2
intel xeon x5560
intel core_i7 2820qm
intel xeon x5667
intel xeon l5530
intel xeon_e5 4620
intel xeon_platinum 8160
intel xeon_e3_1280_v2 -
intel core_i7 7700hq
intel core_i5 3570t
intel xeon_e3_1231_v3 -
intel core_m7 6y75
intel core_i7 3555le
intel core_i5 4570r
intel core_i7 5750hq
intel atom_z z2520
intel xeon_e5_2648l -
intel core_i7 8550u
pepperl-fuchs visunet_rm_shell -
intel xeon l5508
intel xeon_e3_1285_v6 -
intel xeon_e5 4640_v3
intel core_i7 4700ec
CVE-2018-10728 MEDIUM

All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to buffer overflows (a different vulnerability than CVE-2018-10731).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
phoenixcontact fl_switch_3005_firmware *
phoenixcontact fl_switch_3016e_firmware *
phoenixcontact fl_switch_4808e-16fx_lc-4gc_firmware *
phoenixcontact fl_switch_4012t_2gt_2fx_firmware *
phoenixcontact fl_switch_4008t-2gt-3fx_sm_firmware *
phoenixcontact fl_switch_4824e-4gc_firmware *
phoenixcontact fl_switch_3006t-2fx_st_firmware *
phoenixcontact fl_switch_3004t-fx_st_firmware *
phoenixcontact fl_switch_3005t_firmware *
phoenixcontact fl_switch_3004t-fx_firmware *
phoenixcontact fl_switch_4800e-24fx_sm-4gc_firmware *
phoenixcontact fl_switch_4808e-16fx_st-4gc_firmware *
phoenixcontact fl_switch_4008t-2sfp_firmware *
phoenixcontact fl_switch_3016t_firmware *
phoenixcontact fl_switch_3006t-2fx_sm_firmware *
phoenixcontact fl_switch_4808e-16fx_sm_lc-4gc_firmware *
phoenixcontact fl_switch_4808e-16fx_sm_st-4gc_firmware *
phoenixcontact fl_switch_3006t-2fx_firmware *
phoenixcontact fl_switch_4000t-8poe-2sfp-r_firmware *
phoenixcontact fl_switch_3012e-2fx_sm_firmware *
phoenixcontact fl_switch_3016_firmware *
phoenixcontact fl_switch_3012e-2sfx_firmware *
phoenixcontact fl_switch_4808e-16fx_sm-4gc_firmware *
phoenixcontact fl_switch_3008t_firmware *
phoenixcontact fl_switch_4800e-24fx-4gc_firmware *
phoenixcontact fl_switch_3008_firmware *
phoenixcontact fl_switch_4008t-2gt-4fx_sm_firmware *
phoenixcontact fl_switch_4808e-16fx-4gc_firmware *
phoenixcontact fl_switch_4012t-2gt-2fx_st_firmware *
CVE-2018-10729 MEDIUM

All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 allow reading the configuration file by an unauthenticated user.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
phoenixcontact fl_switch_3005_firmware *
phoenixcontact fl_switch_3016e_firmware *
phoenixcontact fl_switch_4808e-16fx_lc-4gc_firmware *
phoenixcontact fl_switch_4012t_2gt_2fx_firmware *
phoenixcontact fl_switch_4008t-2gt-3fx_sm_firmware *
phoenixcontact fl_switch_4824e-4gc_firmware *
phoenixcontact fl_switch_3006t-2fx_st_firmware *
phoenixcontact fl_switch_3004t-fx_st_firmware *
phoenixcontact fl_switch_3005t_firmware *
phoenixcontact fl_switch_3004t-fx_firmware *
phoenixcontact fl_switch_4800e-24fx_sm-4gc_firmware *
phoenixcontact fl_switch_4808e-16fx_st-4gc_firmware *
phoenixcontact fl_switch_4008t-2sfp_firmware *
phoenixcontact fl_switch_3016t_firmware *
phoenixcontact fl_switch_3006t-2fx_sm_firmware *
phoenixcontact fl_switch_4808e-16fx_sm_lc-4gc_firmware *
phoenixcontact fl_switch_4808e-16fx_sm_st-4gc_firmware *
phoenixcontact fl_switch_3006t-2fx_firmware *
phoenixcontact fl_switch_4000t-8poe-2sfp-r_firmware *
phoenixcontact fl_switch_3012e-2fx_sm_firmware *
phoenixcontact fl_switch_3016_firmware *
phoenixcontact fl_switch_3012e-2sfx_firmware *
phoenixcontact fl_switch_4808e-16fx_sm-4gc_firmware *
phoenixcontact fl_switch_3008t_firmware *
phoenixcontact fl_switch_4800e-24fx-4gc_firmware *
phoenixcontact fl_switch_3008_firmware *
phoenixcontact fl_switch_4008t-2gt-4fx_sm_firmware *
phoenixcontact fl_switch_4808e-16fx-4gc_firmware *
phoenixcontact fl_switch_4012t-2gt-2fx_st_firmware *
CVE-2018-10730 HIGH

All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to OS command injection.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
phoenixcontact fl_switch_3005_firmware *
phoenixcontact fl_switch_3016e_firmware *
phoenixcontact fl_switch_4808e-16fx_lc-4gc_firmware *
phoenixcontact fl_switch_4012t_2gt_2fx_firmware *
phoenixcontact fl_switch_4008t-2gt-3fx_sm_firmware *
phoenixcontact fl_switch_4824e-4gc_firmware *
phoenixcontact fl_switch_3006t-2fx_st_firmware *
phoenixcontact fl_switch_3004t-fx_st_firmware *
phoenixcontact fl_switch_3005t_firmware *
phoenixcontact fl_switch_3004t-fx_firmware *
phoenixcontact fl_switch_4800e-24fx_sm-4gc_firmware *
phoenixcontact fl_switch_4808e-16fx_st-4gc_firmware *
phoenixcontact fl_switch_4008t-2sfp_firmware *
phoenixcontact fl_switch_3016t_firmware *
phoenixcontact fl_switch_3006t-2fx_sm_firmware *
phoenixcontact fl_switch_4808e-16fx_sm_lc-4gc_firmware *
phoenixcontact fl_switch_4808e-16fx_sm_st-4gc_firmware *
phoenixcontact fl_switch_3006t-2fx_firmware *
phoenixcontact fl_switch_4000t-8poe-2sfp-r_firmware *
phoenixcontact fl_switch_3012e-2fx_sm_firmware *
phoenixcontact fl_switch_3016_firmware *
phoenixcontact fl_switch_3012e-2sfx_firmware *
phoenixcontact fl_switch_4808e-16fx_sm-4gc_firmware *
phoenixcontact fl_switch_3008t_firmware *
phoenixcontact fl_switch_4800e-24fx-4gc_firmware *
phoenixcontact fl_switch_3008_firmware *
phoenixcontact fl_switch_4008t-2gt-4fx_sm_firmware *
phoenixcontact fl_switch_4808e-16fx-4gc_firmware *
phoenixcontact fl_switch_4012t-2gt-2fx_st_firmware *
CVE-2018-10731 HIGH

All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to buffer overflows when handling very large cookies (a different vulnerability than CVE-2018-10728).

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
phoenixcontact fl_switch_3005_firmware *
phoenixcontact fl_switch_3016e_firmware *
phoenixcontact fl_switch_4808e-16fx_lc-4gc_firmware *
phoenixcontact fl_switch_4012t_2gt_2fx_firmware *
phoenixcontact fl_switch_4008t-2gt-3fx_sm_firmware *
phoenixcontact fl_switch_4824e-4gc_firmware *
phoenixcontact fl_switch_3006t-2fx_st_firmware *
phoenixcontact fl_switch_3004t-fx_st_firmware *
phoenixcontact fl_switch_3005t_firmware *
phoenixcontact fl_switch_3004t-fx_firmware *
phoenixcontact fl_switch_4800e-24fx_sm-4gc_firmware *
phoenixcontact fl_switch_4808e-16fx_st-4gc_firmware *
phoenixcontact fl_switch_4008t-2sfp_firmware *
phoenixcontact fl_switch_3016t_firmware *
phoenixcontact fl_switch_3006t-2fx_sm_firmware *
phoenixcontact fl_switch_4808e-16fx_sm_lc-4gc_firmware *
phoenixcontact fl_switch_4808e-16fx_sm_st-4gc_firmware *
phoenixcontact fl_switch_3006t-2fx_firmware *
phoenixcontact fl_switch_4000t-8poe-2sfp-r_firmware *
phoenixcontact fl_switch_3012e-2fx_sm_firmware *
phoenixcontact fl_switch_3016_firmware *
phoenixcontact fl_switch_3012e-2sfx_firmware *
phoenixcontact fl_switch_4808e-16fx_sm-4gc_firmware *
phoenixcontact fl_switch_3008t_firmware *
phoenixcontact fl_switch_4800e-24fx-4gc_firmware *
phoenixcontact fl_switch_3008_firmware *
phoenixcontact fl_switch_4008t-2gt-4fx_sm_firmware *
phoenixcontact fl_switch_4808e-16fx-4gc_firmware *
phoenixcontact fl_switch_4012t-2gt-2fx_st_firmware *
CVE-2018-13990 MEDIUM

The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions prior to 1.35 is vulnerable to brute-force attacks, because of Improper Restriction of Excessive Authentication Attempts.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
phoenixcontact fl_switch_3005_firmware *
phoenixcontact fl_switch_3016e_firmware *
phoenixcontact fl_switch_4808e-16fx_lc-4gc_firmware *
phoenixcontact fl_switch_4012t_2gt_2fx_firmware *
phoenixcontact fl_switch_4008t-2gt-3fx_sm_firmware *
phoenixcontact fl_switch_4824e-4gc_firmware *
phoenixcontact fl_switch_3006t-2fx_st_firmware *
phoenixcontact fl_switch_3004t-fx_st_firmware *
phoenixcontact fl_switch_3005t_firmware *
phoenixcontact fl_switch_3004t-fx_firmware *
phoenixcontact fl_switch_4800e-24fx_sm-4gc_firmware *
phoenixcontact fl_switch_4808e-16fx_st-4gc_firmware *
phoenixcontact fl_switch_4008t-2sfp_firmware *
phoenixcontact fl_switch_3016t_firmware *
phoenixcontact fl_switch_3006t-2fx_sm_firmware *
phoenixcontact fl_switch_4808e-16fx_sm_lc-4gc_firmware *
phoenixcontact fl_switch_4808e-16fx_sm_st-4gc_firmware *
phoenixcontact fl_switch_3006t-2fx_firmware *
phoenixcontact fl_switch_4000t-8poe-2sfp-r_firmware *
phoenixcontact fl_switch_3012e-2fx_sm_firmware *
phoenixcontact fl_switch_3016_firmware *
phoenixcontact fl_switch_3012e-2sfx_firmware *
phoenixcontact fl_switch_4808e-16fx_sm-4gc_firmware *
phoenixcontact fl_switch_3008t_firmware *
phoenixcontact fl_switch_4800e-24fx-4gc_firmware *
phoenixcontact fl_switch_3008_firmware *
phoenixcontact fl_switch_4008t-2gt-4fx_sm_firmware *
phoenixcontact fl_switch_4808e-16fx-4gc_firmware *
phoenixcontact fl_switch_4012t-2gt-2fx_st_firmware *
CVE-2018-13991 MEDIUM

The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 leaks private information in firmware images.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
phoenixcontact fl_switch_3005_firmware *
phoenixcontact fl_switch_3016e_firmware *
phoenixcontact fl_switch_4808e-16fx_lc-4gc_firmware *
phoenixcontact fl_switch_4012t_2gt_2fx_firmware *
phoenixcontact fl_switch_4008t-2gt-3fx_sm_firmware *
phoenixcontact fl_switch_4824e-4gc_firmware *
phoenixcontact fl_switch_3006t-2fx_st_firmware *
phoenixcontact fl_switch_3004t-fx_st_firmware *
phoenixcontact fl_switch_3005t_firmware *
phoenixcontact fl_switch_3004t-fx_firmware *
phoenixcontact fl_switch_4800e-24fx_sm-4gc_firmware *
phoenixcontact fl_switch_4808e-16fx_st-4gc_firmware *
phoenixcontact fl_switch_4008t-2sfp_firmware *
phoenixcontact fl_switch_3016t_firmware *
phoenixcontact fl_switch_3006t-2fx_sm_firmware *
phoenixcontact fl_switch_4808e-16fx_sm_lc-4gc_firmware *
phoenixcontact fl_switch_4808e-16fx_sm_st-4gc_firmware *
phoenixcontact fl_switch_3006t-2fx_firmware *
phoenixcontact fl_switch_4000t-8poe-2sfp-r_firmware *
phoenixcontact fl_switch_3012e-2fx_sm_firmware *
phoenixcontact fl_switch_3016_firmware *
phoenixcontact fl_switch_3012e-2sfx_firmware *
phoenixcontact fl_switch_4808e-16fx_sm-4gc_firmware *
phoenixcontact fl_switch_3008t_firmware *
phoenixcontact fl_switch_4800e-24fx-4gc_firmware *
phoenixcontact fl_switch_3008_firmware *
phoenixcontact fl_switch_4008t-2gt-4fx_sm_firmware *
phoenixcontact fl_switch_4808e-16fx-4gc_firmware *
phoenixcontact fl_switch_4012t-2gt-2fx_st_firmware *
CVE-2018-13992 MEDIUM

The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 allows for plaintext transmission (HTTP) of user credentials by default.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-311,

Products Affected

Vendor Product Version
phoenixcontact fl_switch_3005_firmware *
phoenixcontact fl_switch_3016e_firmware *
phoenixcontact fl_switch_4808e-16fx_lc-4gc_firmware *
phoenixcontact fl_switch_4012t_2gt_2fx_firmware *
phoenixcontact fl_switch_4008t-2gt-3fx_sm_firmware *
phoenixcontact fl_switch_4824e-4gc_firmware *
phoenixcontact fl_switch_3006t-2fx_st_firmware *
phoenixcontact fl_switch_3004t-fx_st_firmware *
phoenixcontact fl_switch_3005t_firmware *
phoenixcontact fl_switch_3004t-fx_firmware *
phoenixcontact fl_switch_4800e-24fx_sm-4gc_firmware *
phoenixcontact fl_switch_4808e-16fx_st-4gc_firmware *
phoenixcontact fl_switch_4008t-2sfp_firmware *
phoenixcontact fl_switch_3016t_firmware *
phoenixcontact fl_switch_3006t-2fx_sm_firmware *
phoenixcontact fl_switch_4808e-16fx_sm_lc-4gc_firmware *
phoenixcontact fl_switch_4808e-16fx_sm_st-4gc_firmware *
phoenixcontact fl_switch_3006t-2fx_firmware *
phoenixcontact fl_switch_4000t-8poe-2sfp-r_firmware *
phoenixcontact fl_switch_3012e-2fx_sm_firmware *
phoenixcontact fl_switch_3016_firmware *
phoenixcontact fl_switch_3012e-2sfx_firmware *
phoenixcontact fl_switch_4808e-16fx_sm-4gc_firmware *
phoenixcontact fl_switch_3008t_firmware *
phoenixcontact fl_switch_4800e-24fx-4gc_firmware *
phoenixcontact fl_switch_3008_firmware *
phoenixcontact fl_switch_4008t-2gt-4fx_sm_firmware *
phoenixcontact fl_switch_4808e-16fx-4gc_firmware *
phoenixcontact fl_switch_4012t-2gt-2fx_st_firmware *
CVE-2018-13993 MEDIUM

The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is prone to CSRF.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
phoenixcontact fl_switch_3005_firmware *
phoenixcontact fl_switch_3016e_firmware *
phoenixcontact fl_switch_4808e-16fx_lc-4gc_firmware *
phoenixcontact fl_switch_4012t_2gt_2fx_firmware *
phoenixcontact fl_switch_4008t-2gt-3fx_sm_firmware *
phoenixcontact fl_switch_4824e-4gc_firmware *
phoenixcontact fl_switch_3006t-2fx_st_firmware *
phoenixcontact fl_switch_3004t-fx_st_firmware *
phoenixcontact fl_switch_3005t_firmware *
phoenixcontact fl_switch_3004t-fx_firmware *
phoenixcontact fl_switch_4800e-24fx_sm-4gc_firmware *
phoenixcontact fl_switch_4808e-16fx_st-4gc_firmware *
phoenixcontact fl_switch_4008t-2sfp_firmware *
phoenixcontact fl_switch_3016t_firmware *
phoenixcontact fl_switch_3006t-2fx_sm_firmware *
phoenixcontact fl_switch_4808e-16fx_sm_lc-4gc_firmware *
phoenixcontact fl_switch_4808e-16fx_sm_st-4gc_firmware *
phoenixcontact fl_switch_3006t-2fx_firmware *
phoenixcontact fl_switch_4000t-8poe-2sfp-r_firmware *
phoenixcontact fl_switch_3012e-2fx_sm_firmware *
phoenixcontact fl_switch_3016_firmware *
phoenixcontact fl_switch_3012e-2sfx_firmware *
phoenixcontact fl_switch_4808e-16fx_sm-4gc_firmware *
phoenixcontact fl_switch_3008t_firmware *
phoenixcontact fl_switch_4800e-24fx-4gc_firmware *
phoenixcontact fl_switch_3008_firmware *
phoenixcontact fl_switch_4008t-2gt-4fx_sm_firmware *
phoenixcontact fl_switch_4808e-16fx-4gc_firmware *
phoenixcontact fl_switch_4012t-2gt-2fx_st_firmware *
CVE-2018-13994 MEDIUM

The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is vulnerable to a denial-of-service attack by making more than 120 connections.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
phoenixcontact fl_switch_3005_firmware *
phoenixcontact fl_switch_3016e_firmware *
phoenixcontact fl_switch_4808e-16fx_lc-4gc_firmware *
phoenixcontact fl_switch_4012t_2gt_2fx_firmware *
phoenixcontact fl_switch_4008t-2gt-3fx_sm_firmware *
phoenixcontact fl_switch_4824e-4gc_firmware *
phoenixcontact fl_switch_3006t-2fx_st_firmware *
phoenixcontact fl_switch_3004t-fx_st_firmware *
phoenixcontact fl_switch_3005t_firmware *
phoenixcontact fl_switch_3004t-fx_firmware *
phoenixcontact fl_switch_4800e-24fx_sm-4gc_firmware *
phoenixcontact fl_switch_4808e-16fx_st-4gc_firmware *
phoenixcontact fl_switch_4008t-2sfp_firmware *
phoenixcontact fl_switch_3016t_firmware *
phoenixcontact fl_switch_3006t-2fx_sm_firmware *
phoenixcontact fl_switch_4808e-16fx_sm_lc-4gc_firmware *
phoenixcontact fl_switch_4808e-16fx_sm_st-4gc_firmware *
phoenixcontact fl_switch_3006t-2fx_firmware *
phoenixcontact fl_switch_4000t-8poe-2sfp-r_firmware *
phoenixcontact fl_switch_3012e-2fx_sm_firmware *
phoenixcontact fl_switch_3016_firmware *
phoenixcontact fl_switch_3012e-2sfx_firmware *
phoenixcontact fl_switch_4808e-16fx_sm-4gc_firmware *
phoenixcontact fl_switch_3008t_firmware *
phoenixcontact fl_switch_4800e-24fx-4gc_firmware *
phoenixcontact fl_switch_3008_firmware *
phoenixcontact fl_switch_4008t-2gt-4fx_sm_firmware *
phoenixcontact fl_switch_4808e-16fx-4gc_firmware *
phoenixcontact fl_switch_4012t-2gt-2fx_st_firmware *
CVE-2018-16994 HIGH

An issue was discovered on PHOENIX CONTACT AXL F BK PN <=1.0.4, AXL F BK ETH <= 1.12, and AXL F BK ETH XC <= 1.11 devices and Bosch Rexroth S20-ETH-BK and Rexroth S20-PN-BK+ (the S20-PN-BK+/S20-ETH-BK fieldbus couplers sold by Bosch Rexroth contain technology from Phoenix Contact). Incorrect handling of a request with non-standard symbols allows remote attackers to initiate a complete lock up of the bus coupler. Authentication of the request is not required.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
phoenixcontact axl_f_bk_eth_firmware *
phoenixcontact axl_f_bk_eth_xc_firmware *
phoenixcontact axl_f_bk_pn_firmware *
CVE-2018-5441 MEDIUM

An Improper Validation of Integrity Check Value issue was discovered in PHOENIX CONTACT mGuard firmware versions 7.2 to 8.6.0. mGuard devices rely on internal checksums for verification of the internal integrity of the update packages. Verification may not always be performed correctly, allowing an attacker to modify firmware update packages.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-354,CWE-20,

Products Affected

Vendor Product Version
phoenixcontact mguard_centerport_firmware *
phoenixcontact mguard_rs4000_tx/tx-p_firmware *
phoenixcontact mguard_core_tx_vpn_firmware *
phoenixcontact mguard_rs2000_tx/tx_vpn_firmware *
phoenixcontact mguard_rs2005_tx_vpn_firmware *
phoenixcontact mguard_rs2000_tx/tx-b_firmware *
phoenixcontact mguard_rs4000_tx/tx_firmware *
phoenixcontact mguard_rs2000_3g_vpn_firmware *
phoenixcontact mguard_rs4000_tx/tx_vpn_firmware *
phoenixcontact mguard_pcie4000_vpn_firmware *
phoenixcontact mguard_rs2000_4g_vpn_firmware *
phoenixcontact mguard_rs4004_tx/dtx_firmware *
phoenixcontact mguard_gt/gt_firmware *
phoenixcontact mguard_gt/gt_vpn_firmware *
phoenixcontact mguard_smart2_firmware *
phoenixcontact mguard_delta_tx/tx_firmware *
phoenixcontact mguard_pci4000_vpn_firmware *
phoenixcontact mguard_delta_tx/tx_vpn_firmware *
phoenixcontact mguard_rs4004_tx/dtx_vpn_firmware *
phoenixcontact mguard_rs4000_3g_vpn_firmware *
phoenixcontact mguard_rs4000_tx/tx_vpn-m_firmware *
phoenixcontact mguard_smart2_vpn_firmware *
phoenixcontact mguard_rs4000_4g_vpn_firmware *
CVE-2019-10953 MEDIUM

ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-770,

Products Affected

Vendor Product Version
abb pm554-tp-eth_firmware -
siemens 6es7211-1ae40-0xb0_firmware -
siemens 6ed1052-1cc01-0ba8_firmware -
phoenixcontact ilc_151_eth_firmware -
wago knx_ip_firmware -
wago pfc100_firmware -
wago ethernet_firmware -
schneider-electric modicon_m221_firmware *
wago bacnet/ip_firmware -
siemens 6es7314-6eh04-0ab0_firmware -
CVE-2019-10997 HIGH

An issue was discovered on Phoenix Contact AXC F 2152 (No.2404267) before 2019.0 LTS and AXC F 2152 STARTERKIT (No.1046568) before 2019.0 LTS devices. Protocol Fuzzing on PC WORX Engineer by a man in the middle attacker stops the PLC service. The device must be rebooted, or the PLC service must be restarted manually via a Linux shell.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
phoenixcontact axc_f_2152_starterkit_firmware *
phoenixcontact axc_f_2152_firmware *
CVE-2019-10998 MEDIUM

An issue was discovered on Phoenix Contact AXC F 2152 (No.2404267) before 2019.0 LTS and AXC F 2152 STARTERKIT (No.1046568) before 2019.0 LTS devices. Unlimited physical access to the PLC may lead to a manipulation of SD cards data. SD card manipulation may lead to an authentication bypass opportunity.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
phoenixcontact axc_f_2152_starterkit_firmware *
phoenixcontact axc_f_2152_firmware *
CVE-2019-12869 MEDIUM

An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Out-Of-Bounds Read, Information Disclosure, and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation, the attacker needs to exchange the original file with the manipulated one on the application programming workstation.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
phoenixcontact automationworx_software_suite *
CVE-2019-12870 MEDIUM

An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Uninitialized Pointer and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation, the attacker needs to exchange the original file with the manipulated one on the application programming workstation.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-824,

Products Affected

Vendor Product Version
phoenixcontact automationworx_software_suite *
CVE-2019-12871 MEDIUM

An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to a Use-After-Free and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation, the attacker needs to exchange the original file with the manipulated one on the application programming workstation.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
phoenixcontact automationworx_software_suite *
CVE-2019-16675 MEDIUM

An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Out-of-bounds Read and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project to be able to manipulate data inside. After manipulation, the attacker needs to exchange the original files with the manipulated ones on the application programming workstation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
phoenixcontact config+ *
phoenixcontact pc_worx *
phoenixcontact pc_worx_express *
CVE-2019-18352 MEDIUM

Improper access control exists on PHOENIX CONTACT FL NAT 2208 devices before V2.90 and FL NAT 2304-2GC-2SFP devices before V2.90 when using MAC-based port security.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.2 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:L 2.8 4.7

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
phoenixcontact fl_nat_2304-2gc-2sfp_firmware *
phoenixcontact fl_nat_2208_firmware *
CVE-2019-9201 HIGH

Multiple Phoenix Contact devices allow remote attackers to establish TCP sessions to port 1962 and obtain sensitive information or make changes, as demonstrated by using the Create Backup feature to traverse all directories.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-306,

Products Affected

Vendor Product Version
phoenixcontact ilc_151_eth/xc_firmware -
phoenixcontact ilc_151_eth_firmware -
phoenixcontact axc_1050_firmware -
phoenixcontact ilc_171_eth_2tx_firmware -
phoenixcontact ilc_191_eth_2tx_firmware -
phoenixcontact ilc_131_eth_firmware -
phoenixcontact ilc_131_eth/xc_firmware -
phoenixcontact ilc_191_me/an_firmware -
CVE-2019-9743 HIGH

An issue was discovered on PHOENIX CONTACT RAD-80211-XD and RAD-80211-XD/HP-BUS devices. Command injection can occur in the WebHMI component.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
phoenixcontact rad-80211-xd/hp-bus_firmware -
phoenixcontact rad-80211-xd_firmware -
CVE-2019-9744 MEDIUM

An issue was discovered on PHOENIX CONTACT FL NAT SMCS 8TX, FL NAT SMN 8TX, FL NAT SMN 8TX-M, and FL NAT SMN 8TX-M-DMG devices. There is unauthorized access to the WEB-UI by attackers arriving from the same source IP address as an authenticated user, because this IP address is used as a session identifier.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-384,

Products Affected

Vendor Product Version
phoenixcontact fl_nat_smn_8tx_firmware -
phoenixcontact fl_nat_smn_8tx-m-dmg_firmware -
phoenixcontact fl_nat_smcs_8tx_firmware -
phoenixcontact fl_nat_smn_8tx-m_firmware -
CVE-2020-10939 MEDIUM

Insecure, default path permissions in PHOENIX CONTACT PC WORX SRT through 1.14 allow for local privilege escalation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-276,

Products Affected

Vendor Product Version
phoenixcontact pc_worx_srt *
CVE-2020-10940 MEDIUM

Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO SERVER through 3.0.7 when installed to run as a service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,

Products Affected

Vendor Product Version
phoenixcontact portico_server_4_client *
phoenixcontact portico_server_16_client *
phoenixcontact portico_server_1_client *
CVE-2020-12497 MEDIUM

PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier can lead to a stack-based overflow. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-121,CWE-787,

Products Affected

Vendor Product Version
phoenixcontact pc_worx *
phoenixcontact pc_worx_express *
CVE-2020-12498 MEDIUM

mwe file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier is vulnerable to out-of-bounds read remote code execution. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-121,CWE-125,

Products Affected

Vendor Product Version
phoenixcontact pc_worx *
phoenixcontact pc_worx_express *
CVE-2020-12499 MEDIUM

In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an improper path sanitation vulnerability exists on import of project files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H 1.5 6.0
nvd@nist.gov 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
phoenixcontact plcnext_engineer *
CVE-2020-12517 MEDIUM

On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an authenticated low privileged user could embed malicious Javascript code to gain admin rights when the admin user visits the vulnerable website (local privilege escalation).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H 2.3 6.0
info@cert.vde.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
phoenixcontact plcnext_firmware *
CVE-2020-12518 MEDIUM

On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an attacker can use the knowledge gained by reading the insufficiently protected sensitive information to plan further attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-200,

Products Affected

Vendor Product Version
phoenixcontact plcnext_firmware *
CVE-2020-12519 HIGH

On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an attacker can use this vulnerability i.e. to open a reverse shell with root privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.0 6.0
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-269,CWE-269,

Products Affected

Vendor Product Version
phoenixcontact plcnext_firmware *
CVE-2020-12521 MEDIUM

On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS a specially crafted LLDP packet may lead to a high system load in the PROFINET stack. An attacker can cause failure of system services or a complete reboot.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.8 3.6
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
phoenixcontact plcnext_firmware *
CVE-2020-12523 MEDIUM

On Phoenix Contact mGuard Devices versions before 8.8.3 LAN ports get functional after reboot even if they are disabled in the device configuration. For mGuard devices with integrated switch on the LAN side, single switch ports can be disabled by device configuration. After a reboot these ports get functional independent from their configuration setting: Missing Initialization of Resource

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 3.9 5.2
info@cert.vde.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L 2.8 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-909,CWE-909,

Products Affected

Vendor Product Version
phoenixcontact innominate_mguard_rs4000_4tx/tx_vpn_firmware *
phoenixcontact innominate_mguard_rs4000_4tx/3g/tx_vpn_firmware *
phoenixcontact fl_mguard_rs4004_tx/dtx_firmware *
phoenixcontact tc_mguard_rs4000_3g_vpn_firmware -
phoenixcontact fl_mguard_rs4004_tx/dtx_vpn_firmware *
phoenixcontact innominate_mguard_rs4000_4tx/tx_firmware *
phoenixcontact tc_mguard_rs4000_4g_att_vpn_firmware *
phoenixcontact tc_mguard_rs4000_4g_vzw_vpn_firmware *
phoenixcontact tc_mguard_rs4000_4g_vpn_firmware *
CVE-2020-12524 MEDIUM

Uncontrolled Resource Consumption can be exploited to cause the Phoenix Contact HMIs BTP 2043W, BTP 2070W and BTP 2102W in all versions to become unresponsive and not accurately update the display content (Denial of Service).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
info@cert.vde.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-400,

Products Affected

Vendor Product Version
phoenixcontact btp_2043w_firmware *
phoenixcontact btp_2102w_firmware *
phoenixcontact btp_2070w_firmware *
CVE-2020-8768 HIGH

An issue was discovered on Phoenix Contact Emalytics Controller ILC 2050 BI before 1.2.3 and BI-L before 1.2.3 devices. There is an insecure mechanism for read and write access to the configuration of the device. The mechanism can be discovered by examining a link on the website of the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.4 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H 3.9 5.5

CVSS 2.0

Severity: HIGH

Problem Type: CWE-732,

Products Affected

Vendor Product Version
phoenixcontact ilc_2050_bi-l_firmware *
phoenixcontact ilc_2050_bi_firmware *
CVE-2020-9435 MEDIUM

PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through 2.03.17, and TC CLOUD CLIENT 1002-TXTX through 1.03.17 devices contain a hardcoded certificate (and key) that is used by default for web-based services on the device. Impersonation, man-in-the-middle, or passive decryption attacks are possible if the generic certificate is not replaced by a device-specific certificate during installation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-798,

Products Affected

Vendor Product Version
phoenixcontact tc_router_3002t-4g_att_firmware *
phoenixcontact tc_cloud_client_1002-4g_firmware *
phoenixcontact tc_cloud_client_1002-txtx_firmware *
phoenixcontact tc_router_3002t-4g_vzw_firmware *
phoenixcontact tc_router_2002t-3g_firmware *
phoenixcontact tc_router_3002t-4g_firmware *
CVE-2020-9436 HIGH

PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through 2.03.17, and TC CLOUD CLIENT 1002-TXTX through 1.03.17 devices allow authenticated users to inject system commands through a modified POST request to a specific URL.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
phoenixcontact tc_router_3002t-4g_att_firmware *
phoenixcontact tc_cloud_client_1002-4g_firmware *
phoenixcontact tc_cloud_client_1002-txtx_firmware *
phoenixcontact tc_router_3002t-4g_vzw_firmware *
phoenixcontact tc_router_2002t-3g_firmware *
phoenixcontact tc_router_3002t-4g_firmware *
CVE-2021-21002 MEDIUM

In Phoenix Contact FL COMSERVER UNI in versions < 2.40 a invalid Modbus exception response can lead to a temporary denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
info@cert.vde.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-772,

Products Affected

Vendor Product Version
phoenixcontact fl_comserver_uni_232/422/485-t_firmware *
phoenixcontact fl_comserver_uni_232/422/485_firmware *
CVE-2021-21003 MEDIUM

In Phoenix Contact FL SWITCH SMCS series products in multiple versions fragmented TCP-Packets may cause a Denial of Service of Web-, SNMP- and ICMP-Echo services. The switching functionality of the device is not affected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4
info@cert.vde.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-404,

Products Affected

Vendor Product Version
phoenixcontact fl_switch_smcs_14tx/2fx_firmware *
phoenixcontact fl_switch_smn_6tx/2fx_sm_firmware *
phoenixcontact fl_switch_smcs_8tx_firmware *
phoenixcontact fl_switch_smcs_6tx/2sfp_firmware *
phoenixcontact fl_switch_smcs_14tx/2fx-sm_firmware *
phoenixcontact fl_switch_smcs_8tx-pn_firmware *
phoenixcontact fl_switch_smcs_8gt_firmware *
phoenixcontact fl_nat_smn_8tx_firmware *
phoenixcontact fl_switch_smcs_4tx-pn_firmware *
phoenixcontact fl_switch_smn_6tx/2pof-pn_firmware *
phoenixcontact fl_switch_smn_6tx/2fx_firmware *
phoenixcontact fl_nat_smn_8tx-m_firmware *
phoenixcontact fl_switch_smcs_16tx_firmware *
phoenixcontact fl_switch_smn_8tx-pn_firmware *
phoenixcontact fl_switch_smcs_6gt/2sfp_firmware *
CVE-2021-21004 MEDIUM

In Phoenix Contact FL SWITCH SMCS series products in multiple versions an attacker may insert malicious code via LLDP frames into the web-based management which could then be executed by the client.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7
info@cert.vde.com 7.4 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N 2.1 4.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
phoenixcontact fl_switch_smcs_14tx/2fx_firmware *
phoenixcontact fl_switch_smn_6tx/2fx_sm_firmware *
phoenixcontact fl_switch_smcs_8tx_firmware *
phoenixcontact fl_switch_smcs_6tx/2sfp_firmware *
phoenixcontact fl_switch_smcs_14tx/2fx-sm_firmware *
phoenixcontact fl_switch_smcs_8tx-pn_firmware *
phoenixcontact fl_switch_smcs_8gt_firmware *
phoenixcontact fl_nat_smn_8tx_firmware *
phoenixcontact fl_switch_smcs_4tx-pn_firmware *
phoenixcontact fl_switch_smn_6tx/2pof-pn_firmware *
phoenixcontact fl_switch_smn_6tx/2fx_firmware *
phoenixcontact fl_nat_smn_8tx-m_firmware *
phoenixcontact fl_switch_smcs_16tx_firmware *
phoenixcontact fl_switch_smn_8tx-pn_firmware *
phoenixcontact fl_switch_smcs_6gt/2sfp_firmware *
CVE-2021-21005 HIGH

In Phoenix Contact FL SWITCH SMCS series products in multiple versions if an attacker sends a hand-crafted TCP-Packet with the Urgent-Flag set and the Urgent-Pointer set to 0, the network stack will crash. The device needs to be rebooted afterwards.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
info@cert.vde.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-362,

Products Affected

Vendor Product Version
phoenixcontact fl_switch_smcs_14tx/2fx_firmware *
phoenixcontact fl_switch_smn_6tx/2fx_sm_firmware *
phoenixcontact fl_switch_smcs_8tx_firmware *
phoenixcontact fl_switch_smcs_6tx/2sfp_firmware *
phoenixcontact fl_switch_smcs_14tx/2fx-sm_firmware *
phoenixcontact fl_switch_smcs_8tx-pn_firmware *
phoenixcontact fl_switch_smcs_8gt_firmware *
phoenixcontact fl_nat_smn_8tx_firmware *
phoenixcontact fl_switch_smcs_4tx-pn_firmware *
phoenixcontact fl_switch_smn_6tx/2pof-pn_firmware *
phoenixcontact fl_switch_smn_6tx/2fx_firmware *
phoenixcontact fl_nat_smn_8tx-m_firmware *
phoenixcontact fl_switch_smcs_16tx_firmware *
phoenixcontact fl_switch_smn_8tx-pn_firmware *
phoenixcontact fl_switch_smcs_6gt/2sfp_firmware *
CVE-2021-33540 HIGH

In certain devices of the Phoenix Contact AXL F BK and IL BK product families an undocumented password protected FTP access to the root directory exists.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 7.3 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 3.9 3.4
nvd@nist.gov 7.3 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 3.9 3.4

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,

Products Affected

Vendor Product Version
phoenixcontact il_eth_bk_di8_do4_2tx-xc-pac_firmware *
phoenixcontact il_pn_bk_di8_do4_2tx-pac_firmware *
phoenixcontact axl_f_bk_eth_xc_firmware *
phoenixcontact axl_f_bk_s35_firmware *
phoenixcontact axl_f_bk_pn_xc_firmware *
phoenixcontact il_s3_bk_di8_do4_2tx-pac_firmware *
phoenixcontact axl_f_bk_eip_firmware *
phoenixcontact axl_f_bk_sas_firmware *
phoenixcontact axl_f_bk_pn_tps_firmware *
phoenixcontact axl_f_bk_eth_firmware *
phoenixcontact il_eip_bk_di8_do4_2tx-pac_firmware *
phoenixcontact il_eth_bk_di8_do4_2tx-pac_firmware *
phoenixcontact il_pn_bk-pac_firmware *
phoenixcontact axl_f_bk_pn_tps_xc_firmware *
phoenixcontact il_pn_bk_di8_do4_2scrj-pac_firmware *
phoenixcontact axl_f_bk_eth_net2_firmware *
phoenixcontact axl_f_bk_eip_ef_firmware *
phoenixcontact axl_f_bk_pn_firmware *
CVE-2021-33541 HIGH

Phoenix Contact Classic Line Controllers ILC1x0 and ILC1x1 in all versions/variants are affected by a Denial-of-Service vulnerability. The communication protocols and device access do not feature authentication measures. Remote attackers can use specially crafted IP packets to cause a denial of service on the PLC's network communication module. A successful attack stops all network communication. To restore the network connectivity the device needs to be restarted. The automation task is not affected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-770,

Products Affected

Vendor Product Version
phoenixcontact ilc1x0_firmware *
phoenixcontact ilc1x1_firmware *
CVE-2021-33542 MEDIUM

Phoenix Contact Classic Automation Worx Software Suite in Version 1.87 and below is affected by a remote code execution vulnerability. Manipulated PC Worx or Config+ projects could lead to a remote code execution when unallocated memory is freed because of incompletely initialized data. The attacker needs to get access to an original bus configuration file (*.bcp) to be able to manipulate data inside. After manipulation the attacker needs to exchange the original file by the manipulated one on the application programming workstation. Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities. Automated systems in operation which were programmed with one of the above-mentioned products are not affected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H 1.0 5.9
info@cert.vde.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-824,CWE-824,

Products Affected

Vendor Product Version
phoenixcontact config+ *
phoenixcontact pc_worx *
phoenixcontact pc_worx_express *
CVE-2021-34570 HIGH

Multiple Phoenix Contact PLCnext control devices in versions prior to 2021.0.5 LTS are prone to a DoS attack through special crafted JSON requests.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
phoenixcontact axc_f_3152_firmware *
phoenixcontact axc_f_1152_firmware *
phoenixcontact plcnext_technology_starterkit_firmware *
phoenixcontact axc_f_2152_starterkit_firmware *
phoenixcontact axc_f_2152_firmware *
phoenixcontact rfc_4072s_firmware *
CVE-2021-34579

In Phoenix Contact: FL MGUARD DM version 1.12.0 and 1.13.0 access to the Apache web server being installed as part of the FL MGUARD DM on Microsoft Windows does not require login credentials even if configured during installation.Attackers with network access to the Apache web server can download and therefore read mGuard configuration profiles (“ATV profiles”). Such configuration profiles may contain sensitive information, e.g. private keys associated with IPsec VPN connections.

Products Affected

Vendor Product Version
phoenixcontact fl_mguard_dm 1.13.0
phoenixcontact fl_mguard_dm 1.12.0
CVE-2021-34582 LOW

In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 a user with high privileges can inject HTML code (XSS) through web-based management or the REST API with a manipulated certificate file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7
info@cert.vde.com 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
phoenixcontact fl_mguard_1102_firmware 1.4.0
phoenixcontact fl_mguard_1105_firmware 1.4.1
phoenixcontact fl_mguard_1102_firmware 1.4.1
phoenixcontact fl_mguard_1105_firmware 1.5.0
phoenixcontact fl_mguard_1102_firmware 1.5.0
phoenixcontact fl_mguard_1105_firmware 1.4.0
CVE-2021-34597 MEDIUM

Improper Input Validation vulnerability in PC Worx Automation Suite of Phoenix Contact up to version 1.88 could allow an attacker with a manipulated project file to unpack arbitrary files outside of the selected project directory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
phoenixcontact pc_worx *
phoenixcontact pc_worx_express *
CVE-2021-34598 MEDIUM

In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 the remote logging functionality is impaired by the lack of memory release for data structures from syslog-ng when remote logging is active

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-401,CWE-401,

Products Affected

Vendor Product Version
phoenixcontact fl_mguard_1102_firmware 1.4.0
phoenixcontact fl_mguard_1105_firmware 1.4.1
phoenixcontact fl_mguard_1102_firmware 1.4.1
phoenixcontact fl_mguard_1105_firmware 1.5.0
phoenixcontact fl_mguard_1102_firmware 1.5.0
phoenixcontact fl_mguard_1105_firmware 1.4.0
CVE-2022-22509 HIGH

In Phoenix Contact FL SWITCH Series 2xxx in version 3.00 an incorrect privilege assignment allows an low privileged user to enable full access to the device configuration.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-269,

Products Affected

Vendor Product Version
phoenixcontact fl_switch_2214-2sfx_firmware 3.00
phoenixcontact fl_switch_2506-2sfp_firmware 3.00
phoenixcontact fl_switch_2512-2gc-2sfp_firmware 3.00
phoenixcontact fl_switch_2208c_firmware 3.00
phoenixcontact fl_switch_2205_firmware 3.00
phoenixcontact fl_switch_2314-2sfp_firmware 3.00
phoenixcontact fl_switch_2506-2sfp/k1_firmware 3.00
phoenixcontact fl_switch_2406-2sfx_pn_firmware 3.00
phoenixcontact fl_switch_2508_firmware 3.00
phoenixcontact fl_switch_2412-2tc-2sfx_firmware 3.00
phoenixcontact fl_switch_2508_pn_firmware 3.00
phoenixcontact fl_switch_2516_firmware 3.00
phoenixcontact fl_switch_2216_firmware 3.00
phoenixcontact fl_switch_2406-2sfx_firmware 3.00
phoenixcontact fl_switch_2005_firmware 3.00
phoenixcontact fl_switch_2008_firmware 3.00
phoenixcontact fl_switch_2206-2fx_sm_firmware 3.00
phoenixcontact fl_switch_2304-2gc-2sfp_firmware 3.00
phoenixcontact fl_switch_2204-2tc-2sfx_firmware 3.00
phoenixcontact fl_switch_2708_firmware 3.00
phoenixcontact fl_switch_2206-2sfx_firmware 3.00
phoenixcontact fl_switch_2516_pn_firmware 3.00
phoenixcontact fl_switch_2514-2sfp_pn_firmware 3.00
phoenixcontact fl_switch_2316_pn_firmware 3.00
phoenixcontact fl_switch_2514-2sfp_firmware 3.00
phoenixcontact fl_switch_2208_firmware 3.00
phoenixcontact fl_switch_2108_firmware 3.00
phoenixcontact fl_switch_2308_pn_firmware 3.00
phoenixcontact fl_switch_2414-2sfx_pn_firmware 3.00
phoenixcontact fl_switch_2008f_firmware 3.00
phoenixcontact fl_switch_2416_firmware 3.00
phoenixcontact fl_switch_2608_pn_firmware 3.00
phoenixcontact fl_switch_2214-2fx_firmware 3.00
phoenixcontact fl_switch_2206c-2fx_firmware 3.00
phoenixcontact fl_switch_2504-2gc-2sfp_firmware 3.00
phoenixcontact fl_switch_2206-2fx_st_firmware 3.00
phoenixcontact fl_switch_2212-2tc-2sfx_firmware 3.00
phoenixcontact fl_switch_2316/k1_firmware 3.00
phoenixcontact fl_switch_2508/k1_firmware 3.00
phoenixcontact fl_switch_2207-fx_sm_firmware 3.00
phoenixcontact fl_switch_2016_firmware 3.00
phoenixcontact fl_switch_2408_pn_firmware 3.00
phoenixcontact fl_switch_2216_pn_firmware 3.00
phoenixcontact fl_switch_2308_firmware 3.00
phoenixcontact fl_switch_2206-2fx_sm_st_firmware 3.00
phoenixcontact fl_switch_2116_firmware 3.00
phoenixcontact fl_switch_2207-fx_firmware 3.00
phoenixcontact fl_switch_2416_pn_firmware 3.00
phoenixcontact fl_switch_2214-2fx_sm_firmware 3.00
phoenixcontact fl_switch_2708_pn_firmware 3.00
phoenixcontact fl_switch_2312-2gc-2sfp_firmware 3.00
phoenixcontact fl_switch_2404-2tc-2sfx_firmware 3.00
phoenixcontact fl_switch_2506-2sfp_pn_firmware 3.00
phoenixcontact fl_switch_2414-2sfx_firmware 3.00
phoenixcontact fl_switch_2206-2sfx_pn_firmware 3.00
phoenixcontact fl_switch_2306-2sfp_pn_firmware 3.00
phoenixcontact fl_switch_2208_pn_firmware 3.00
phoenixcontact fl_switch_2314-2sfp_pn_firmware 3.00
phoenixcontact fl_switch_2214-2sfx_pn_firmware 3.00
phoenixcontact fl_switch_2408_firmware 3.00
phoenixcontact fl_switch_2105_firmware 3.00
phoenixcontact fl_switch_2206-2fx_firmware 3.00
phoenixcontact fl_switch_2316_firmware 3.00
phoenixcontact fl_switch_2306-2sfp_firmware 3.00
phoenixcontact fl_switch_2608_firmware 3.00
CVE-2022-29897 HIGH

On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user could use the traceroute utility integrated in the WebUI to execute arbitrary code with root privileges on the OS due to an improper input validation in all versions of the firmware.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 2.3 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
phoenixcontact rad-ism-900-en-bd/b_firmware *
phoenixcontact rad-ism-900-en-bd-bus_firmware *
phoenixcontact rad-ism-900-en-bd_firmware *
CVE-2022-29898 HIGH

On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user could use the configuration file uploader in the WebUI to execute arbitrary code with root privileges on the OS due to an improper validation of an integrity check value in all versions of the firmware.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 2.3 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-354,

Products Affected

Vendor Product Version
phoenixcontact rad-ism-900-en-bd/b_firmware *
phoenixcontact rad-ism-900-en-bd-bus_firmware *
phoenixcontact rad-ism-900-en-bd_firmware *
CVE-2022-31800 HIGH

An unauthenticated, remote attacker could upload malicious logic to devices based on ProConOS/ProConOS eCLR in order to gain full control over the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-345,

Products Affected

Vendor Product Version
phoenixcontact ilc1x0_firmware *
phoenixcontact ilc_3xx_firmware *
phoenixcontact ilc1x1_firmware *
phoenixcontact pc_worx_rt_basic_firmware *
phoenixcontact rfc_480s_pn_4tx_firmware *
phoenixcontact rfc_470_pn_3tx_firmware *
phoenixcontact rfc_460r_pn_3tx-s_firmware *
phoenixcontact fc_350_pci_eth_firmware *
phoenixcontact axc_1050_firmware *
phoenixcontact pc_worx_srt_firmware *
phoenixcontact axc_1050_xc_firmware *
phoenixcontact rfc_430_eth-ib_firmware *
phoenixcontact rfc_450_eth-ib_firmware *
phoenixcontact ilc_1x1_gsm/gprs_firmware *
phoenixcontact rfc_470s_pn_3tx_firmware *
phoenixcontact axc_3050_firmware *
phoenixcontact rfc_460r_pn_3tx_firmware *
CVE-2022-31801 HIGH

An unauthenticated, remote attacker could upload malicious logic to the devices based on ProConOS/ProConOS eCLR in order to gain full control over the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-345,

Products Affected

Vendor Product Version
phoenixcontact proconos *
phoenixcontact-software proconos_eclr -
phoenixcontact multiprog *
CVE-2022-3461

In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 manipulated PC Worx or Config+ files could lead to a heap buffer overflow and a read access violation. Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities.

Products Affected

Vendor Product Version
phoenixcontact automationworx_software_suite 1.89
CVE-2022-3480

A remote, unauthenticated attacker could cause a denial-of-service of PHOENIX CONTACT FL MGUARD and TC MGUARD devices below version 8.9.0 by sending a larger number of unauthenticated HTTPS connections originating from different source IP’s. Configuring firewall limits for incoming connections cannot prevent the issue.

Products Affected

Vendor Product Version
phoenixcontact fl_mguard_core_tx_vpn_firmware *
phoenixcontact fl_mguard_rs4000_tx/tx_vpn_firmware *
phoenixcontact fl_mguard_rs4004_tx/dtx_firmware *
phoenixcontact fl_mguard_rs4000_tx/tx_firmware *
phoenixcontact fl_mguard_rs4004_tx/dtx_vpn_firmware *
phoenixcontact fl_mguard_pci4000_firmware *
phoenixcontact fl_mguard_centerport_firmware *
phoenixcontact fl_mguard_delta_tx/tx_vpn_firmware *
phoenixcontact tc_mguard_rs4000_4g_vzw_vpn_firmware *
phoenixcontact fl_mguard_rs4000_tx/tx-m_firmware *
phoenixcontact tc_mguard_rs4000_3g_vpn_firmware *
phoenixcontact tc_mguard_rs4000_4g_att_vpn_firmware *
phoenixcontact tc_mguard_rs2000_4g_vzw_vpn_firmware *
phoenixcontact fl_mguard_gt/gt_firmware *
phoenixcontact fl_mguard_pcie4000_vpn_firmware *
phoenixcontact fl_mguard_rs2000_tx/tx_vpn_firmware *
phoenixcontact tc_mguard_rs2000_4g_vpn_firmware *
phoenixcontact fl_mguard_rs2000_tx/tx-b_firmware *
phoenixcontact fl_mguard_smart2_firmware *
phoenixcontact fl_mguard_rs4000_tx/tx-p_firmware *
phoenixcontact fl_mguard_smart2_vpn_firmware *
phoenixcontact fl_mguard_core_tx_firmware *
phoenixcontact tc_mguard_rs2000_4g_att_vpn_firmware *
phoenixcontact fl_mguard_gt/gt_vpn_firmware *
phoenixcontact fl_mguard_rs2005_tx_vpn_firmware *
phoenixcontact fl_mguard_pcie4000_firmware *
phoenixcontact fl_mguard_centerport_vpn-1000_firmware *
phoenixcontact fl_mguard_pci4000_vpn_firmware *
phoenixcontact fl_mguard_delta_tx/tx_firmware *
phoenixcontact tc_mguard_rs2000_3g_vpn_firmware *
phoenixcontact tc_mguard_rs4000_4g_vpn_firmware *
CVE-2022-3737

In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 memory can be read beyond the intended scope due to insufficient validation of input data. Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities.

Products Affected

Vendor Product Version
phoenixcontact automationworx_software_suite 1.89
CVE-2023-0757

Incorrect Permission Assignment for Critical Resource vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR (SDK) allows an unauthenticated remote attacker to upload arbitrary malicious code and gain full access on the affected device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
phoenixcontact multiprog *
phoenixcontact proconos_eclr *
CVE-2023-1109

In Phoenix Contacts ENERGY AXC PU Web service an authenticated restricted user of the web frontend can access, read, write and create files throughout the file system using specially crafted URLs via the upload and download functionality of the web service. This may lead to full control of the service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
phoenixcontact smartrtu_axc_sg_firmware *
phoenixcontact infobox_firmware *
phoenixcontact smartrtu_axc_ig_firmware *
phoenixcontact energy_axc_pu *
CVE-2023-2673

Improper Input Validation vulnerability in PHOENIX CONTACT FL/TC MGUARD Family in multiple versions may allow UDP packets to bypass the filter rules and access the solely connected device behind the MGUARD which can be used for flooding attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 5.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L 3.9 1.4

Products Affected

Vendor Product Version
phoenixcontact fl_mguard_core_tx_vpn_firmware *
phoenixcontact fl_mguard_rs4000_tx/tx_vpn_firmware *
phoenixcontact fl_mguard_4302_firmware *
phoenixcontact fl_mguard_rs4004_tx/dtx_firmware *
phoenixcontact fl_mguard_rs4004_tx/dtx_vpn_firmware *
phoenixcontact fl_mguard_pci4000_firmware *
phoenixcontact fl_mguard_centerport_firmware *
phoenixcontact fl_mguard_delta_tx/tx_vpn_firmware *
phoenixcontact fl_mguard_4102_pci_firmware *
phoenixcontact fl_mguard_rs4000_tx/tx-m_firmware *
phoenixcontact fl_mguard_gt/gt_firmware *
phoenixcontact fl_mguard_pcie4000_vpn_firmware *
phoenixcontact fl_mguard_rs2000_tx/tx_vpn_firmware *
phoenixcontact fl_mguard_rs2000_tx/tx-b_firmware *
phoenixcontact fl_mguard_4102_pcie_firmware *
phoenixcontact fl_mguard_smart2_firmware *
phoenixcontact fl_mguard_2102_firmware *
phoenixcontact fl_mguard_rs4000_tx/tx-p_firmware *
phoenixcontact fl_mguard_smart2_vpn_firmware *
phoenixcontact fl_mguard_core_tx_firmware *
phoenixcontact fl_mguard_gt/gt_vpn_firmware *
phoenixcontact fl_mguard_rs2005_tx_vpn_firmware *
phoenixcontact fl_mguard_pcie4000_firmware *
phoenixcontact fl_mguard_centerport_vpn-1000_firmware *
phoenixcontact fl_mguard_pci4000_vpn_firmware *
phoenixcontact fl_mguard_delta_tx/tx_firmware *
CVE-2023-3526

In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an unauthenticated remote attacker could use a reflective XSS within the license viewer page of the devices in order to execute code in the context of the user's browser.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 9.6 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 2.8 6.0

Products Affected

Vendor Product Version
phoenixcontact cloud_client_1101t-tx_firmware *
phoenixcontact tc_cloud_client_1002-4g_vzw_firmware *
phoenixcontact tc_router_3002t-4g_att_firmware *
phoenixcontact tc_cloud_client_1002-4g_firmware *
phoenixcontact tc_router_3002t-4g_vzw_firmware *
phoenixcontact tc_cloud_client_1002-4g_att_firmware *
phoenixcontact tc_router_3002t-4g_firmware *
CVE-2023-3569

In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an authenticated remote attacker with admin privileges could upload a crafted XML file which causes a denial-of-service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

Products Affected

Vendor Product Version
phoenixcontact cloud_client_1101t-tx_firmware *
phoenixcontact tc_cloud_client_1002-4g_vzw_firmware *
phoenixcontact tc_router_3002t-4g_att_firmware *
phoenixcontact tc_cloud_client_1002-4g_firmware *
phoenixcontact tc_router_3002t-4g_vzw_firmware *
phoenixcontact tc_cloud_client_1002-4g_att_firmware *
phoenixcontact tc_router_3002t-4g_firmware *
CVE-2023-3570

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a specific HTTP DELETE request to gain full access to the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 9.9 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 3.1 6.0

Products Affected

Vendor Product Version
phoenixcontact wp_6185-whps_firmware *
phoenixcontact wp_6156-whps_firmware *
phoenixcontact wp_6215-whps_firmware *
phoenixcontact wp_6070-wvps_firmware *
phoenixcontact wp_6121-wxps_firmware *
phoenixcontact wp_6101-wxps_firmware *
CVE-2023-3571

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a specific HTTP POST releated to certificate operations to gain full access to the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 9.9 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 3.1 6.0

Products Affected

Vendor Product Version
phoenixcontact wp_6185-whps_firmware *
phoenixcontact wp_6156-whps_firmware *
phoenixcontact wp_6215-whps_firmware *
phoenixcontact wp_6070-wvps_firmware *
phoenixcontact wp_6121-wxps_firmware *
phoenixcontact wp_6101-wxps_firmware *
CVE-2023-3572

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote, unauthenticated attacker may use an attribute of a specific HTTP POST request releated to date/time operations to gain full access to the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 9.9 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 3.1 6.0

Products Affected

Vendor Product Version
phoenixcontact wp_6185-whps_firmware *
phoenixcontact wp_6156-whps_firmware *
phoenixcontact wp_6215-whps_firmware *
phoenixcontact wp_6070-wvps_firmware *
phoenixcontact wp_6121-wxps_firmware *
phoenixcontact wp_6101-wxps_firmware *
CVE-2023-3573

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a command injection in a HTTP POST request releated to font configuration operations to gain full access to the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 9.9 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 3.1 6.0

Products Affected

Vendor Product Version
phoenixcontact wp_6185-whps_firmware *
phoenixcontact wp_6156-whps_firmware *
phoenixcontact wp_6215-whps_firmware *
phoenixcontact wp_6070-wvps_firmware *
phoenixcontact wp_6121-wxps_firmware *
phoenixcontact wp_6101-wxps_firmware *
CVE-2023-37855

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem within the embedded Qt browser.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
phoenixcontact wp_6185-whps_firmware *
phoenixcontact wp_6156-whps_firmware *
phoenixcontact wp_6215-whps_firmware *
phoenixcontact wp_6070-wvps_firmware *
phoenixcontact wp_6121-wxps_firmware *
phoenixcontact wp_6101-wxps_firmware *
CVE-2023-37856

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem through a configuration dialog within the embedded Qt browser .

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
phoenixcontact wp_6185-whps_firmware *
phoenixcontact wp_6156-whps_firmware *
phoenixcontact wp_6215-whps_firmware *
phoenixcontact wp_6070-wvps_firmware *
phoenixcontact wp_6121-wxps_firmware *
phoenixcontact wp_6101-wxps_firmware *
CVE-2023-37857

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing the attacker to create valid session cookies. These session-cookies created by the attacker are not sufficient to obtain a valid session on the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 3.8 LOW CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N 1.2 2.5

Products Affected

Vendor Product Version
phoenixcontact wp_6185-whps_firmware *
phoenixcontact wp_6156-whps_firmware *
phoenixcontact wp_6215-whps_firmware *
phoenixcontact wp_6070-wvps_firmware *
phoenixcontact wp_6121-wxps_firmware *
phoenixcontact wp_6101-wxps_firmware *
CVE-2023-37858

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing to decrypt an encrypted web application login password.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 3.8 LOW CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N 1.2 2.5

Products Affected

Vendor Product Version
phoenixcontact wp_6185-whps_firmware *
phoenixcontact wp_6156-whps_firmware *
phoenixcontact wp_6215-whps_firmware *
phoenixcontact wp_6070-wvps_firmware *
phoenixcontact wp_6121-wxps_firmware *
phoenixcontact wp_6101-wxps_firmware *
CVE-2023-37859

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 the SNMP daemon is running with root privileges allowing a remote attacker with knowledge of the SNMPv2 r/w community string to execute system commands as root.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
phoenixcontact wp_6185-whps_firmware *
phoenixcontact wp_6156-whps_firmware *
phoenixcontact wp_6215-whps_firmware *
phoenixcontact wp_6070-wvps_firmware *
phoenixcontact wp_6121-wxps_firmware *
phoenixcontact wp_6101-wxps_firmware *
CVE-2023-37860

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote unauthenticated attacker can obtain the r/w community string of the SNMPv2 daemon.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N 3.9 4.0

Products Affected

Vendor Product Version
phoenixcontact wp_6185-whps_firmware *
phoenixcontact wp_6156-whps_firmware *
phoenixcontact wp_6215-whps_firmware *
phoenixcontact wp_6070-wvps_firmware *
phoenixcontact wp_6121-wxps_firmware *
phoenixcontact wp_6101-wxps_firmware *
CVE-2023-37861

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated remote attacker can execute code with root permissions with a specially crafted HTTP POST when uploading a certificate to the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
phoenixcontact wp_6185-whps_firmware *
phoenixcontact wp_6156-whps_firmware *
phoenixcontact wp_6215-whps_firmware *
phoenixcontact wp_6070-wvps_firmware *
phoenixcontact wp_6121-wxps_firmware *
phoenixcontact wp_6101-wxps_firmware *
CVE-2023-37862

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an unauthenticated remote attacker can access upload-functions of the HTTP API. This might cause certificate errors for SSL-connections and might result in a partial denial-of-service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L 3.9 4.2

Products Affected

Vendor Product Version
phoenixcontact wp_6185-whps_firmware *
phoenixcontact wp_6156-whps_firmware *
phoenixcontact wp_6215-whps_firmware *
phoenixcontact wp_6070-wvps_firmware *
phoenixcontact wp_6121-wxps_firmware *
phoenixcontact wp_6101-wxps_firmware *
CVE-2023-37863

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with SNMPv2 write privileges may use an a special SNMP request to gain full access to the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
phoenixcontact wp_6185-whps_firmware *
phoenixcontact wp_6156-whps_firmware *
phoenixcontact wp_6215-whps_firmware *
phoenixcontact wp_6070-wvps_firmware *
phoenixcontact wp_6121-wxps_firmware *
phoenixcontact wp_6101-wxps_firmware *
CVE-2023-37864

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with SNMPv2 write privileges may use an a special SNMP request to gain full access to the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
phoenixcontact wp_6185-whps_firmware *
phoenixcontact wp_6156-whps_firmware *
phoenixcontact wp_6215-whps_firmware *
phoenixcontact wp_6070-wvps_firmware *
phoenixcontact wp_6121-wxps_firmware *
phoenixcontact wp_6101-wxps_firmware *
CVE-2023-3935

A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
trumpf tubedesign *
phoenixcontact fl_network_manager *
trumpf trutopsfab_storage_smallstore *
phoenixcontact e-mobility_charging_suite *
trumpf trutopsprintmultilaserassistant *
phoenixcontact plcnext_engineer *
trumpf trutopsweld *
phoenixcontact iol-conf *
trumpf trutops *
trumpf topscalculation *
phoenixcontact module_type_package_designer *
trumpf teczonebend *
trumpf trumpflicenseexpert *
trumpf programmingtube *
trumpf tops_unfold 05.03.00.00
phoenixcontact activation_wizard *
trumpf trutops_cell_classic *
trumpf trutopsboost *
wibu codemeter_runtime *
trumpf trutopsfab *
trumpf trutops_mark_3d *
trumpf oseon *
phoenixcontact module_type_package_designer 1.2.0
trumpf trutops_cell_sw48 *
trumpf trutopsprint *
CVE-2023-46141

Incorrect Permission Assignment for Critical Resource vulnerability in multiple products of the PHOENIX CONTACT classic line allow an remote unauthenticated attacker to gain full access of the affected device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
phoenixcontact ilc1x0_firmware *
phoenixcontact ilc_3xx_firmware *
phoenixcontact pc_worx_srt *
phoenixcontact config+ *
phoenixcontact ilc1x1_firmware *
phoenixcontact pc_worx_rt_basic_firmware *
phoenixcontact rfc_480s_pn_4tx_firmware *
phoenixcontact pc_worx *
phoenixcontact pc_worx_express *
phoenixcontact fc_350_pci_eth_firmware *
phoenixcontact axc_1050_firmware *
phoenixcontact axc_1050_xc_firmware *
phoenixcontact rfc_430_eth-ib_firmware *
phoenixcontact rfc_450_eth-ib_firmware *
phoenixcontact rfc_470s_pn_3tx_firmware *
phoenixcontact axc_3050_firmware *
phoenixcontact rfc_460r_pn_3tx_firmware *
phoenixcontact automationworx_software_suite *
CVE-2023-46142

A incorrect permission assignment for critical resource vulnerability in PLCnext products allows an remote attacker with low privileges to gain full access on the affected devices.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
phoenixcontact axc_f_3152_firmware *
phoenixcontact plcnext_engineer *
phoenixcontact axc_f_1152_firmware *
phoenixcontact epc_1502_firmware *
phoenixcontact epc_1522_firmware *
phoenixcontact axc_f_2152_firmware *
phoenixcontact rfc_4072r_firmware *
phoenixcontact bpc_9102s_firmware *
phoenixcontact rfc_4072s_firmware *
CVE-2023-46143

Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT classic line PLCs allows an unauthenticated remote attacker to modify some or all applications on a PLC.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

Products Affected

Vendor Product Version
phoenixcontact ilc1x0_firmware *
phoenixcontact ilc_3xx_firmware *
phoenixcontact pc_worx_srt *
phoenixcontact config+ *
phoenixcontact ilc1x1_firmware *
phoenixcontact pc_worx_rt_basic_firmware *
phoenixcontact rfc_480s_pn_4tx_firmware *
phoenixcontact pc_worx *
phoenixcontact pc_worx_express *
phoenixcontact fc_350_pci_eth_firmware *
phoenixcontact axc_1050_firmware *
phoenixcontact axc_1050_xc_firmware *
phoenixcontact rfc_430_eth-ib_firmware *
phoenixcontact rfc_450_eth-ib_firmware *
phoenixcontact rfc_470s_pn_3tx_firmware *
phoenixcontact axc_3050_firmware *
phoenixcontact rfc_460r_pn_3tx_firmware *
phoenixcontact automationworx_software_suite *
CVE-2023-46144

A download of code without integrity check vulnerability in PLCnext products allows an remote attacker with low privileges to compromise integrity on the affected engineering station and the connected devices.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6
info@cert.vde.com 7.7 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N 3.1 4.0

Products Affected

Vendor Product Version
phoenixcontact axc_f_3152_firmware *
phoenixcontact plcnext_engineer *
phoenixcontact axc_f_1152_firmware *
phoenixcontact epc_1502_firmware *
phoenixcontact epc_1522_firmware *
phoenixcontact axc_f_2152_firmware *
phoenixcontact rfc_4072r_firmware *
phoenixcontact bpc_9102s_firmware *
phoenixcontact rfc_4072s_firmware *
CVE-2023-5592

Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR (SDK) allows an unauthenticated remote attacker to download and execute applications without integrity checks on the device which may result in a complete loss of integrity.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

Products Affected

Vendor Product Version
phoenixcontact multiprog *
phoenixcontact proconos_eclr *
CVE-2024-25994

An unauthenticated remote attacker can upload a arbitrary script file due to improper input validation. The upload destination is fixed and is write only.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

Products Affected

Vendor Product Version
phoenixcontact charx_sec-3000_firmware *
phoenixcontact charx_sec-3100_firmware *
phoenixcontact charx_sec-3150_firmware *
phoenixcontact charx_sec-3050_firmware *
CVE-2024-25995

An unauthenticated remote attacker can modify configurations to perform a remote code execution, gain root rights or perform an DoS due to improper input validation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
phoenixcontact charx_sec-3000_firmware *
phoenixcontact charx_sec-3100_firmware *
phoenixcontact charx_sec-3150_firmware *
phoenixcontact charx_sec-3050_firmware *
CVE-2024-25996

An unauthenticated remote attacker can perform a remote code execution due to an origin validation error. The access is limited to the service user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

Products Affected

Vendor Product Version
phoenixcontact charx_sec-3000_firmware *
phoenixcontact charx_sec-3100_firmware *
phoenixcontact charx_sec-3150_firmware *
phoenixcontact charx_sec-3050_firmware *
CVE-2024-25997

An unauthenticated remote attacker can perform a log injection due to improper input validation. Only a certain log file is affected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

Products Affected

Vendor Product Version
phoenixcontact charx_sec-3000_firmware *
phoenixcontact charx_sec-3100_firmware *
phoenixcontact charx_sec-3150_firmware *
phoenixcontact charx_sec-3050_firmware *
CVE-2024-25998

An unauthenticated remote attacker can perform a command injection in the OCPP Service with limited privileges due to improper input validation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 7.3 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 3.9 3.4

Products Affected

Vendor Product Version
phoenixcontact charx_sec-3000_firmware *
phoenixcontact charx_sec-3100_firmware *
phoenixcontact charx_sec-3150_firmware *
phoenixcontact charx_sec-3050_firmware *
CVE-2024-25999

An unauthenticated local attacker can perform a privilege escalation due to improper input validation in the OCPP agent service. 

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 8.4 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.5 5.9

Products Affected

Vendor Product Version
phoenixcontact charx_sec-3000_firmware *
phoenixcontact charx_sec-3100_firmware *
phoenixcontact charx_sec-3150_firmware *
phoenixcontact charx_sec-3050_firmware *
CVE-2024-26000

An unauthenticated remote attacker can read memory out of bounds due to improper input validation in the MQTT stack. The brute force attack is not always successful because of memory randomization.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

Products Affected

Vendor Product Version
phoenixcontact charx_sec-3000_firmware *
phoenixcontact charx_sec-3100_firmware *
phoenixcontact charx_sec-3150_firmware *
phoenixcontact charx_sec-3050_firmware *
CVE-2024-26001

An unauthenticated remote attacker can write memory out of bounds due to improper input validation in the MQTT stack. The brute force attack is not always successful because of memory randomization.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H 2.2 5.2

Products Affected

Vendor Product Version
phoenixcontact charx_sec-3000_firmware *
phoenixcontact charx_sec-3100_firmware *
phoenixcontact charx_sec-3150_firmware *
phoenixcontact charx_sec-3050_firmware *
CVE-2024-26002

An improper input validation in the Qualcom plctool allows a local attacker with low privileges to gain root access by changing the ownership of specific files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
phoenixcontact charx_sec-3000_firmware *
phoenixcontact charx_sec-3100_firmware *
phoenixcontact charx_sec-3150_firmware *
phoenixcontact charx_sec-3050_firmware *
CVE-2024-26003

An unauthenticated remote attacker can DoS the control agent due to a out-of-bounds read which may prevent or disrupt the charging functionality. 

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
phoenixcontact charx_sec-3000_firmware *
phoenixcontact charx_sec-3100_firmware *
phoenixcontact charx_sec-3150_firmware *
phoenixcontact charx_sec-3050_firmware *
CVE-2024-26004

An unauthenticated remote attacker can DoS a control agent due to access of a uninitialized pointer which may prevent or disrupt the charging functionality.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
phoenixcontact charx_sec-3000_firmware *
phoenixcontact charx_sec-3100_firmware *
phoenixcontact charx_sec-3150_firmware *
phoenixcontact charx_sec-3050_firmware *
CVE-2024-26005

An unauthenticated remote attacker can gain service level privileges through an incomplete cleanup during service restart after a DoS. 

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 4.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N 2.2 2.5

Products Affected

Vendor Product Version
phoenixcontact charx_sec-3000_firmware *
phoenixcontact charx_sec-3100_firmware *
phoenixcontact charx_sec-3150_firmware *
phoenixcontact charx_sec-3050_firmware *
CVE-2024-26288

An unauthenticated remote attacker can influence the communication due to the lack of encryption of sensitive data via a MITM. Charging is not affected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 8.7 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N 2.2 5.8

Products Affected

Vendor Product Version
phoenixcontact charx_sec-3000_firmware *
phoenixcontact charx_sec-3100_firmware *
phoenixcontact charx_sec-3150_firmware *
phoenixcontact charx_sec-3050_firmware *
CVE-2024-28133

A local low privileged attacker can use an untrusted search path in a CHARX system utility to gain root privileges. 

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
phoenixcontact charx_sec-3000_firmware *
phoenixcontact charx_sec-3100_firmware *
phoenixcontact charx_sec-3150_firmware *
phoenixcontact charx_sec-3050_firmware *
CVE-2024-28134

An unauthenticated remote attacker can extract a session token with a MitM attack and gain web-based management access with the privileges of the currently logged in user due to cleartext transmission of sensitive information. No additional user interaction is required. The access is limited as only non-sensitive information can be obtained but the availability can be seriously affected. 

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 7.0 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H 2.2 4.7

Products Affected

Vendor Product Version
phoenixcontact charx_sec-3000_firmware *
phoenixcontact charx_sec-3100_firmware *
phoenixcontact charx_sec-3150_firmware *
phoenixcontact charx_sec-3050_firmware *
CVE-2024-28135

A low privileged remote attacker can use a command injection vulnerability in the API which performs remote code execution as the user-app user due to improper input validation. The confidentiality is partly affected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 5.0 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N 3.1 1.4

Products Affected

Vendor Product Version
phoenixcontact charx_sec-3000_firmware *
phoenixcontact charx_sec-3100_firmware *
phoenixcontact charx_sec-3150_firmware *
phoenixcontact charx_sec-3050_firmware *
CVE-2024-28136

A local attacker with low privileges can use a command injection vulnerability to gain root privileges due to improper input validation using the OCPP Remote service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
phoenixcontact charx_sec-3000_firmware *
phoenixcontact charx_sec-3100_firmware *
phoenixcontact charx_sec-3150_firmware *
phoenixcontact charx_sec-3050_firmware *
CVE-2024-28137

A local attacker with low privileges can perform a privilege escalation with an init script due to a TOCTOU vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
phoenixcontact charx_sec-3000_firmware *
phoenixcontact charx_sec-3100_firmware *
phoenixcontact charx_sec-3150_firmware *
phoenixcontact charx_sec-3050_firmware *
CVE-2024-3913

An unauthenticated remote attacker can use this vulnerability to change the device configuration due to a file writeable for short time after system startup.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
phoenixcontact charx_sec-3000_firmware *
phoenixcontact charx_sec-3100_firmware *
phoenixcontact charx_sec-3150_firmware *
phoenixcontact charx_sec-3050_firmware *
CVE-2024-43388

A low privileged remote attacker with write permissions can reconfigure the SNMP service due to improper input validation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
phoenixcontact fl_mguard_core_tx_vpn_firmware *
phoenixcontact fl_mguard_rs4000_tx/tx_vpn_firmware *
phoenixcontact fl_mguard_4302_firmware *
phoenixcontact fl_mguard_rs4004_tx/dtx_firmware *
phoenixcontact fl_mguard_rs4000_tx/tx_firmware *
phoenixcontact fl_mguard_rs4004_tx/dtx_vpn_firmware *
phoenixcontact fl_mguard_pci4000_firmware *
phoenixcontact fl_mguard_delta_tx/tx_vpn_firmware *
phoenixcontact tc_mguard_rs4000_4g_vzw_vpn_firmware *
phoenixcontact fl_mguard_4102_pci_firmware *
phoenixcontact fl_mguard_4305_firmware *
phoenixcontact fl_mguard_rs4000_tx/tx-m_firmware *
phoenixcontact tc_mguard_rs4000_3g_vpn_firmware *
phoenixcontact tc_mguard_rs4000_4g_att_vpn_firmware *
phoenixcontact tc_mguard_rs2000_4g_vzw_vpn_firmware *
phoenixcontact fl_mguard_gt/gt_firmware *
phoenixcontact fl_mguard_pcie4000_vpn_firmware *
phoenixcontact fl_mguard_rs2000_tx/tx_vpn_firmware *
phoenixcontact tc_mguard_rs2000_4g_vpn_firmware *
phoenixcontact fl_mguard_rs2000_tx/tx-b_firmware *
phoenixcontact fl_mguard_2105_firmware *
phoenixcontact fl_mguard_4102_pcie_firmware *
phoenixcontact fl_mguard_smart2_firmware *
phoenixcontact fl_mguard_2102_firmware *
phoenixcontact fl_mguard_rs4000_tx/tx-p_firmware *
phoenixcontact fl_mguard_smart2_vpn_firmware *
phoenixcontact fl_mguard_core_tx_firmware *
phoenixcontact tc_mguard_rs2000_4g_att_vpn_firmware *
phoenixcontact fl_mguard_gt/gt_vpn_firmware *
phoenixcontact fl_mguard_rs2005_tx_vpn_firmware *
phoenixcontact fl_mguard_pcie4000_firmware *
phoenixcontact fl_mguard_centerport_vpn-1000_firmware *
phoenixcontact fl_mguard_pci4000_vpn_firmware *
phoenixcontact fl_mguard_delta_tx/tx_firmware *
phoenixcontact tc_mguard_rs2000_3g_vpn_firmware *
phoenixcontact tc_mguard_rs4000_4g_vpn_firmware *
CVE-2024-43389

A low privileged remote attacker can perform configuration changes of the ospf service through OSPF_INTERFACE.SIMPLE_KEY, OSPF_INTERFACE.DIGEST_KEY environment variables which can lead to a DoS.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
phoenixcontact fl_mguard_core_tx_vpn_firmware *
phoenixcontact fl_mguard_rs4000_tx/tx_vpn_firmware *
phoenixcontact fl_mguard_4302_firmware *
phoenixcontact fl_mguard_rs4004_tx/dtx_firmware *
phoenixcontact fl_mguard_rs4000_tx/tx_firmware *
phoenixcontact fl_mguard_rs4004_tx/dtx_vpn_firmware *
phoenixcontact fl_mguard_pci4000_firmware *
phoenixcontact fl_mguard_delta_tx/tx_vpn_firmware *
phoenixcontact tc_mguard_rs4000_4g_vzw_vpn_firmware *
phoenixcontact fl_mguard_4102_pci_firmware *
phoenixcontact fl_mguard_4305_firmware *
phoenixcontact fl_mguard_rs4000_tx/tx-m_firmware *
phoenixcontact tc_mguard_rs4000_3g_vpn_firmware *
phoenixcontact tc_mguard_rs4000_4g_att_vpn_firmware *
phoenixcontact tc_mguard_rs2000_4g_vzw_vpn_firmware *
phoenixcontact fl_mguard_gt/gt_firmware *
phoenixcontact fl_mguard_pcie4000_vpn_firmware *
phoenixcontact fl_mguard_rs2000_tx/tx_vpn_firmware *
phoenixcontact tc_mguard_rs2000_4g_vpn_firmware *
phoenixcontact fl_mguard_rs2000_tx/tx-b_firmware *
phoenixcontact fl_mguard_2105_firmware *
phoenixcontact fl_mguard_4102_pcie_firmware *
phoenixcontact fl_mguard_smart2_firmware *
phoenixcontact fl_mguard_2102_firmware *
phoenixcontact fl_mguard_rs4000_tx/tx-p_firmware *
phoenixcontact fl_mguard_smart2_vpn_firmware *
phoenixcontact fl_mguard_core_tx_firmware *
phoenixcontact tc_mguard_rs2000_4g_att_vpn_firmware *
phoenixcontact fl_mguard_gt/gt_vpn_firmware *
phoenixcontact fl_mguard_rs2005_tx_vpn_firmware *
phoenixcontact fl_mguard_pcie4000_firmware *
phoenixcontact fl_mguard_centerport_vpn-1000_firmware *
phoenixcontact fl_mguard_pci4000_vpn_firmware *
phoenixcontact fl_mguard_delta_tx/tx_firmware *
phoenixcontact tc_mguard_rs2000_3g_vpn_firmware *
phoenixcontact tc_mguard_rs4000_4g_vpn_firmware *
CVE-2024-43390

A low privileged remote attacker can perform configuration changes of the firewall services, including packet forwarding or NAT through the FW_NAT.IN_IP environment variable which can lead to a DoS.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
phoenixcontact fl_mguard_core_tx_vpn_firmware *
phoenixcontact fl_mguard_rs4000_tx/tx_vpn_firmware *
phoenixcontact fl_mguard_4302_firmware *
phoenixcontact fl_mguard_rs4004_tx/dtx_firmware *
phoenixcontact fl_mguard_rs4000_tx/tx_firmware *
phoenixcontact fl_mguard_rs4004_tx/dtx_vpn_firmware *
phoenixcontact fl_mguard_pci4000_firmware *
phoenixcontact fl_mguard_delta_tx/tx_vpn_firmware *
phoenixcontact tc_mguard_rs4000_4g_vzw_vpn_firmware *
phoenixcontact fl_mguard_4102_pci_firmware *
phoenixcontact fl_mguard_4305_firmware *
phoenixcontact fl_mguard_rs4000_tx/tx-m_firmware *
phoenixcontact tc_mguard_rs4000_3g_vpn_firmware *
phoenixcontact tc_mguard_rs4000_4g_att_vpn_firmware *
phoenixcontact tc_mguard_rs2000_4g_vzw_vpn_firmware *
phoenixcontact fl_mguard_gt/gt_firmware *
phoenixcontact fl_mguard_pcie4000_vpn_firmware *
phoenixcontact fl_mguard_rs2000_tx/tx_vpn_firmware *
phoenixcontact tc_mguard_rs2000_4g_vpn_firmware *
phoenixcontact fl_mguard_rs2000_tx/tx-b_firmware *
phoenixcontact fl_mguard_2105_firmware *
phoenixcontact fl_mguard_4102_pcie_firmware *
phoenixcontact fl_mguard_smart2_firmware *
phoenixcontact fl_mguard_2102_firmware *
phoenixcontact fl_mguard_rs4000_tx/tx-p_firmware *
phoenixcontact fl_mguard_smart2_vpn_firmware *
phoenixcontact fl_mguard_core_tx_firmware *
phoenixcontact tc_mguard_rs2000_4g_att_vpn_firmware *
phoenixcontact fl_mguard_gt/gt_vpn_firmware *
phoenixcontact fl_mguard_rs2005_tx_vpn_firmware *
phoenixcontact fl_mguard_pcie4000_firmware *
phoenixcontact fl_mguard_centerport_vpn-1000_firmware *
phoenixcontact fl_mguard_pci4000_vpn_firmware *
phoenixcontact fl_mguard_delta_tx/tx_firmware *
phoenixcontact tc_mguard_rs2000_3g_vpn_firmware *
phoenixcontact tc_mguard_rs4000_4g_vpn_firmware *
CVE-2024-43391

A low privileged remote attacker can perform configuration changes of the firewall services, including packet filter, packet forwarding, network access control or NAT through the FW_PORTFORWARDING.SRC_IP environment variable which can lead to a DoS.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
phoenixcontact fl_mguard_core_tx_vpn_firmware *
phoenixcontact fl_mguard_rs4000_tx/tx_vpn_firmware *
phoenixcontact fl_mguard_4302_firmware *
phoenixcontact fl_mguard_rs4004_tx/dtx_firmware *
phoenixcontact fl_mguard_rs4000_tx/tx_firmware *
phoenixcontact fl_mguard_rs4004_tx/dtx_vpn_firmware *
phoenixcontact fl_mguard_pci4000_firmware *
phoenixcontact fl_mguard_delta_tx/tx_vpn_firmware *
phoenixcontact tc_mguard_rs4000_4g_vzw_vpn_firmware *
phoenixcontact fl_mguard_4102_pci_firmware *
phoenixcontact fl_mguard_4305_firmware *
phoenixcontact fl_mguard_rs4000_tx/tx-m_firmware *
phoenixcontact tc_mguard_rs4000_3g_vpn_firmware *
phoenixcontact tc_mguard_rs4000_4g_att_vpn_firmware *
phoenixcontact tc_mguard_rs2000_4g_vzw_vpn_firmware *
phoenixcontact fl_mguard_gt/gt_firmware *
phoenixcontact fl_mguard_pcie4000_vpn_firmware *
phoenixcontact fl_mguard_rs2000_tx/tx_vpn_firmware *
phoenixcontact tc_mguard_rs2000_4g_vpn_firmware *
phoenixcontact fl_mguard_rs2000_tx/tx-b_firmware *
phoenixcontact fl_mguard_2105_firmware *
phoenixcontact fl_mguard_4102_pcie_firmware *
phoenixcontact fl_mguard_smart2_firmware *
phoenixcontact fl_mguard_2102_firmware *
phoenixcontact fl_mguard_rs4000_tx/tx-p_firmware *
phoenixcontact fl_mguard_smart2_vpn_firmware *
phoenixcontact fl_mguard_core_tx_firmware *
phoenixcontact tc_mguard_rs2000_4g_att_vpn_firmware *
phoenixcontact fl_mguard_gt/gt_vpn_firmware *
phoenixcontact fl_mguard_rs2005_tx_vpn_firmware *
phoenixcontact fl_mguard_pcie4000_firmware *
phoenixcontact fl_mguard_centerport_vpn-1000_firmware *
phoenixcontact fl_mguard_pci4000_vpn_firmware *
phoenixcontact fl_mguard_delta_tx/tx_firmware *
phoenixcontact tc_mguard_rs2000_3g_vpn_firmware *
phoenixcontact tc_mguard_rs4000_4g_vpn_firmware *
CVE-2024-43392

A low privileged remote attacker can perform configuration changes of the firewall services, including packet filter, packet forwarding, network access control or NAT through the FW_INCOMING.FROM_IP FW_INCOMING.IN_IP FW_OUTGOING.FROM_IP FW_OUTGOING.IN_IP environment variable which can lead to a DoS.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
phoenixcontact fl_mguard_core_tx_vpn_firmware *
phoenixcontact fl_mguard_rs4000_tx/tx_vpn_firmware *
phoenixcontact fl_mguard_rs4004_tx/dtx_firmware *
phoenixcontact fl_mguard_rs4000_tx/tx_firmware *
phoenixcontact fl_mguard_rs4004_tx/dtx_vpn_firmware *
phoenixcontact fl_mguard_pci4000_firmware *
phoenixcontact fl_mguard_delta_tx/tx_vpn_firmware *
phoenixcontact tc_mguard_rs4000_4g_vzw_vpn_firmware *
phoenixcontact fl_mguard_rs4000_tx/tx-m_firmware *
phoenixcontact tc_mguard_rs4000_3g_vpn_firmware *
phoenixcontact tc_mguard_rs4000_4g_att_vpn_firmware *
phoenixcontact tc_mguard_rs2000_4g_vzw_vpn_firmware *
phoenixcontact fl_mguard_gt/gt_firmware *
phoenixcontact fl_mguard_pcie4000_vpn_firmware *
phoenixcontact fl_mguard_rs2000_tx/tx_vpn_firmware *
phoenixcontact tc_mguard_rs2000_4g_vpn_firmware *
phoenixcontact fl_mguard_rs2000_tx/tx-b_firmware *
phoenixcontact fl_mguard_smart2_firmware *
phoenixcontact fl_mguard_rs4000_tx/tx-p_firmware *
phoenixcontact fl_mguard_smart2_vpn_firmware *
phoenixcontact fl_mguard_core_tx_firmware *
phoenixcontact tc_mguard_rs2000_4g_att_vpn_firmware *
phoenixcontact fl_mguard_gt/gt_vpn_firmware *
phoenixcontact fl_mguard_rs2005_tx_vpn_firmware *
phoenixcontact fl_mguard_pcie4000_firmware *
phoenixcontact fl_mguard_centerport_vpn-1000_firmware *
phoenixcontact fl_mguard_pci4000_vpn_firmware *
phoenixcontact fl_mguard_delta_tx/tx_firmware *
phoenixcontact tc_mguard_rs2000_3g_vpn_firmware *
phoenixcontact tc_mguard_rs4000_4g_vpn_firmware *
CVE-2024-43393

A low privileged remote attacker can perform configuration changes of the firewall services, including packet filter, packet forwarding, network access control or NAT through the FW_INCOMING.FROM_IP FW_INCOMING.IN_IP FW_OUTGOING.FROM_IP FW_OUTGOING.IN_IP FW_RULESETS.FROM_IP FW_RULESETS.IN_IP environment variable which can lead to a DoS.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
phoenixcontact fl_mguard_core_tx_vpn_firmware *
phoenixcontact fl_mguard_rs4000_tx/tx_vpn_firmware *
phoenixcontact fl_mguard_4302_firmware *
phoenixcontact fl_mguard_rs4004_tx/dtx_firmware *
phoenixcontact fl_mguard_rs4000_tx/tx_firmware *
phoenixcontact fl_mguard_rs4004_tx/dtx_vpn_firmware *
phoenixcontact fl_mguard_pci4000_firmware *
phoenixcontact fl_mguard_delta_tx/tx_vpn_firmware *
phoenixcontact tc_mguard_rs4000_4g_vzw_vpn_firmware *
phoenixcontact fl_mguard_4102_pci_firmware *
phoenixcontact fl_mguard_4305_firmware *
phoenixcontact fl_mguard_rs4000_tx/tx-m_firmware *
phoenixcontact tc_mguard_rs4000_3g_vpn_firmware *
phoenixcontact tc_mguard_rs4000_4g_att_vpn_firmware *
phoenixcontact tc_mguard_rs2000_4g_vzw_vpn_firmware *
phoenixcontact fl_mguard_gt/gt_firmware *
phoenixcontact fl_mguard_pcie4000_vpn_firmware *
phoenixcontact fl_mguard_rs2000_tx/tx_vpn_firmware *
phoenixcontact tc_mguard_rs2000_4g_vpn_firmware *
phoenixcontact fl_mguard_rs2000_tx/tx-b_firmware *
phoenixcontact fl_mguard_2105_firmware *
phoenixcontact fl_mguard_4102_pcie_firmware *
phoenixcontact fl_mguard_smart2_firmware *
phoenixcontact fl_mguard_2102_firmware *
phoenixcontact fl_mguard_rs4000_tx/tx-p_firmware *
phoenixcontact fl_mguard_smart2_vpn_firmware *
phoenixcontact fl_mguard_core_tx_firmware *
phoenixcontact tc_mguard_rs2000_4g_att_vpn_firmware *
phoenixcontact fl_mguard_gt/gt_vpn_firmware *
phoenixcontact fl_mguard_rs2005_tx_vpn_firmware *
phoenixcontact fl_mguard_pcie4000_firmware *
phoenixcontact fl_mguard_centerport_vpn-1000_firmware *
phoenixcontact fl_mguard_pci4000_vpn_firmware *
phoenixcontact fl_mguard_delta_tx/tx_firmware *
phoenixcontact tc_mguard_rs2000_3g_vpn_firmware *
phoenixcontact tc_mguard_rs4000_4g_vpn_firmware *
CVE-2024-6788

A remote unauthenticated attacker can use the firmware update feature on the LAN interface of the device to reset the password for the predefined, low-privileged user “user-app” to the default password.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H 3.9 4.7

Products Affected

Vendor Product Version
phoenixcontact charx_sec-3000_firmware *
phoenixcontact charx_sec-3100_firmware *
phoenixcontact charx_sec-3150_firmware *
phoenixcontact charx_sec-3050_firmware *
CVE-2024-7698

A low privileged remote attacker can get access to CSRF tokens of higher privileged users which can be abused to mount CSRF attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 5.7 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N 2.1 3.6

Products Affected

Vendor Product Version
phoenixcontact fl_mguard_core_tx_vpn_firmware *
phoenixcontact fl_mguard_rs4000_tx/tx_vpn_firmware *
phoenixcontact fl_mguard_4302_firmware *
phoenixcontact fl_mguard_rs4004_tx/dtx_firmware *
phoenixcontact fl_mguard_rs4000_tx/tx_firmware *
phoenixcontact fl_mguard_rs4004_tx/dtx_vpn_firmware *
phoenixcontact fl_mguard_pci4000_firmware *
phoenixcontact fl_mguard_delta_tx/tx_vpn_firmware *
phoenixcontact tc_mguard_rs4000_4g_vzw_vpn_firmware *
phoenixcontact fl_mguard_4102_pci_firmware *
phoenixcontact fl_mguard_4305_firmware *
phoenixcontact fl_mguard_rs4000_tx/tx-m_firmware *
phoenixcontact tc_mguard_rs4000_3g_vpn_firmware *
phoenixcontact tc_mguard_rs4000_4g_att_vpn_firmware *
phoenixcontact tc_mguard_rs2000_4g_vzw_vpn_firmware *
phoenixcontact fl_mguard_gt/gt_firmware *
phoenixcontact fl_mguard_pcie4000_vpn_firmware *
phoenixcontact fl_mguard_rs2000_tx/tx_vpn_firmware *
phoenixcontact tc_mguard_rs2000_4g_vpn_firmware *
phoenixcontact fl_mguard_rs2000_tx/tx-b_firmware *
phoenixcontact fl_mguard_2105_firmware *
phoenixcontact fl_mguard_4102_pcie_firmware *
phoenixcontact fl_mguard_smart2_firmware *
phoenixcontact fl_mguard_2102_firmware *
phoenixcontact fl_mguard_rs4000_tx/tx-p_firmware *
phoenixcontact fl_mguard_smart2_vpn_firmware *
phoenixcontact fl_mguard_core_tx_firmware *
phoenixcontact tc_mguard_rs2000_4g_att_vpn_firmware *
phoenixcontact fl_mguard_gt/gt_vpn_firmware *
phoenixcontact fl_mguard_rs2005_tx_vpn_firmware *
phoenixcontact fl_mguard_pcie4000_firmware *
phoenixcontact fl_mguard_centerport_vpn-1000_firmware *
phoenixcontact fl_mguard_pci4000_vpn_firmware *
phoenixcontact fl_mguard_delta_tx/tx_firmware *
phoenixcontact tc_mguard_rs2000_3g_vpn_firmware *
phoenixcontact tc_mguard_rs4000_4g_vpn_firmware *
CVE-2025-24002

An unauthenticated remote attacker can use MQTT messages to crash a service on charging stations complying with German Calibration Law, resulting in a temporary denial-of-service for these stations until they got restarted by the watchdog.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

Products Affected

Vendor Product Version
phoenixcontact charx_sec-3000_firmware *
phoenixcontact charx_sec-3100_firmware *
phoenixcontact charx_sec-3150_firmware *
phoenixcontact charx_sec-3050_firmware *
CVE-2025-24003

An unauthenticated remote attacker can use MQTT messages to trigger out-of-bounds writes in charging stations complying with German Calibration Law, resulting in a loss of integrity for only EichrechtAgents and potential denial-of-service for these stations.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H 3.9 4.2

Products Affected

Vendor Product Version
phoenixcontact charx_sec-3000_firmware *
phoenixcontact charx_sec-3100_firmware *
phoenixcontact charx_sec-3150_firmware *
phoenixcontact charx_sec-3050_firmware *
CVE-2025-24004

A physical attacker with access to the device display via USB-C can send a message to the device which triggers an unsecure copy to a buffer resulting in loss of integrity and a temporary denial-of-service for the stations until they got restarted by the watchdog.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 5.2 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L 0.9 4.2

Products Affected

Vendor Product Version
phoenixcontact charx_sec-3000_firmware *
phoenixcontact charx_sec-3100_firmware *
phoenixcontact charx_sec-3150_firmware *
phoenixcontact charx_sec-3050_firmware *
CVE-2025-24005

A local attacker with a local user account can leverage a vulnerable script via SSH to escalate privileges to root due to improper input validation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
phoenixcontact charx_sec-3000_firmware *
phoenixcontact charx_sec-3100_firmware *
phoenixcontact charx_sec-3150_firmware *
phoenixcontact charx_sec-3050_firmware *
CVE-2025-24006

A low privileged local attacker can leverage insecure permissions via SSH on the affected devices to escalate privileges to root.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
phoenixcontact charx_sec-3000_firmware *
phoenixcontact charx_sec-3100_firmware *
phoenixcontact charx_sec-3150_firmware *
phoenixcontact charx_sec-3050_firmware *
CVE-2025-25268

An unauthenticated adjacent attacker can modify configuration by sending specific requests to an API-endpoint resulting in read and write access due to missing authentication.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
phoenixcontact charx_sec-3000_firmware *
phoenixcontact charx_sec-3100_firmware *
phoenixcontact charx_sec-3150_firmware *
phoenixcontact charx_sec-3050_firmware *
CVE-2025-25269

An unauthenticated local attacker can inject a command that is subsequently executed as root, leading to a privilege escalation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 8.4 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.5 5.9

Products Affected

Vendor Product Version
phoenixcontact charx_sec-3000_firmware *
phoenixcontact charx_sec-3100_firmware *
phoenixcontact charx_sec-3150_firmware *
phoenixcontact charx_sec-3050_firmware *
CVE-2025-25270

An unauthenticated remote attacker can alter the device configuration in a way to get remote code execution as root with specific configurations.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
phoenixcontact charx_sec-3000_firmware *
phoenixcontact charx_sec-3100_firmware *
phoenixcontact charx_sec-3150_firmware *
phoenixcontact charx_sec-3050_firmware *
CVE-2025-25271

An unauthenticated adjacent attacker is able to configure a new OCPP backend, due to insecure defaults for the configuration interface.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
phoenixcontact charx_sec-3000_firmware *
phoenixcontact charx_sec-3100_firmware *
phoenixcontact charx_sec-3150_firmware *
phoenixcontact charx_sec-3050_firmware *
CVE-2025-41692

A high privileged remote attacker with admin privileges for the webUI can brute-force the "root" and "user" passwords of the underlying OS due to a weak password generation algorithm.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 6.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N 2.3 4.0

Products Affected

Vendor Product Version
phoenixcontact fl_nat_2304-2gc-2sfp_firmware *
phoenixcontact fl_switch_2508_firmware *
phoenixcontact fl_switch_2207-fx_sm_firmware *
phoenixcontact fl_switch_2208c_firmware *
phoenixcontact fl_nat_2208_firmware *
phoenixcontact fl_switch_2206-2fx_st_firmware *
phoenixcontact fl_switch_2504-2gc-2sfp_firmware *
phoenixcontact fl_switch_2214-2fx_firmware *
phoenixcontact fl_switch_2414-2sfx_pn_firmware *
phoenixcontact fl_switch_2208_pn_firmware *
phoenixcontact fl_switch_2304-2gc-2sfp_firmware *
phoenixcontact fl_switch_2514-2sfp_firmware *
phoenixcontact fl_switch_2316/k1_firmware *
phoenixcontact fl_switch_2214-2sfx_pn_firmware *
phoenixcontact fl_switch_2408_pn_firmware *
phoenixcontact fl_switch_2008f_firmware *
phoenixcontact fl_switch_2206-2fx_sm_st_firmware *
phoenixcontact fl_switch_2308_pn_firmware *
phoenixcontact fl_switch_2207-fx_firmware *
phoenixcontact fl_switch_2514-2sfp_pn_firmware *
phoenixcontact fl_switch_2312-2gc-2sfp_firmware *
phoenixcontact fl_switch_2205_firmware *
phoenixcontact fl_switch_2206-2fx_firmware *
phoenixcontact fl_switch_2506-2sfp_firmware *
phoenixcontact fl_switch_2314-2sfp_firmware *
phoenixcontact fl_switch_2212-2tc-2sfx_firmware *
phoenixcontact fl_switch_2206c-2fx_firmware *
phoenixcontact fl_switch_2108_firmware *
phoenixcontact fl_nat_2008_firmware *
phoenixcontact fl_switch_2216_pn_firmware *
phoenixcontact fl_switch_2206-2sfx_pn_firmware *
phoenixcontact fl_switch_2508_pn_firmware *
phoenixcontact fl_switch_2512-2gc-2sfp_firmware *
phoenixcontact fl_switch_2204-2tc-2sfx_firmware *
phoenixcontact fl_switch_2608_firmware *
phoenixcontact fl_switch_2308_firmware *
phoenixcontact fl_switch_2016_firmware *
phoenixcontact fl_switch_2508/k1_firmware *
phoenixcontact fl_switch_2416_pn_firmware *
phoenixcontact fl_switch_2406-2sfx_pn_firmware *
phoenixcontact fl_switch_2316_firmware *
phoenixcontact fl_switch_2214-2fx_sm_firmware *
phoenixcontact fl_switch_2008_firmware *
phoenixcontact fl_switch_2206-2sfx_firmware *
phoenixcontact fl_switch_2306-2sfp_firmware *
phoenixcontact fl_switch_2303-8sp1 *
phoenixcontact fl_switch_2116_firmware *
phoenixcontact fl_switch_2005_firmware *
phoenixcontact fl_switch_2416_firmware *
phoenixcontact fl_switch_2214-2sfx_firmware *
phoenixcontact fl_switch_2105_firmware *
phoenixcontact fl_switch_2208_firmware *
phoenixcontact fl_switch_2414-2sfx_firmware *
phoenixcontact fl_switch_2314-2sfp_pn_firmware *
phoenixcontact fl_switch_2516_pn_firmware *
phoenixcontact fl_switch_2708_pn_firmware *
phoenixcontact fl_switch_2708_firmware *
phoenixcontact fl_switch_2206-2fx_sm_firmware *
phoenixcontact fl_switch_2216_firmware *
phoenixcontact fl_switch_2506-2sfp/k1_firmware *
phoenixcontact fl_switch_2408_firmware *
phoenixcontact fl_switch_2412-2tc-2sfx_firmware *
phoenixcontact fl_switch_2404-2tc-2sfx_firmware *
phoenixcontact fl_switch_2516_firmware *
phoenixcontact fl_switch_2316_pn_firmware *
phoenixcontact fl_switch_2608_pn_firmware *
phoenixcontact fl_switch_2306-2sfp_pn_firmware *
phoenixcontact fl_switch_2506-2sfp_pn_firmware *
phoenixcontact fl_switch_2406-2sfx_firmware *
CVE-2025-41693

A low privileged remote attacker can use the ssh feature to execute commands directly after login. The process stays open and uses resources which leads to a reduced performance of the management functions. Switching functionality is not affected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 2.8 1.4

Products Affected

Vendor Product Version
phoenixcontact fl_nat_2304-2gc-2sfp_firmware *
phoenixcontact fl_switch_2508_firmware *
phoenixcontact fl_switch_2207-fx_sm_firmware *
phoenixcontact fl_switch_2208c_firmware *
phoenixcontact fl_nat_2208_firmware *
phoenixcontact fl_switch_2206-2fx_st_firmware *
phoenixcontact fl_switch_2504-2gc-2sfp_firmware *
phoenixcontact fl_switch_2214-2fx_firmware *
phoenixcontact fl_switch_2414-2sfx_pn_firmware *
phoenixcontact fl_switch_2208_pn_firmware *
phoenixcontact fl_switch_2304-2gc-2sfp_firmware *
phoenixcontact fl_switch_2514-2sfp_firmware *
phoenixcontact fl_switch_2316/k1_firmware *
phoenixcontact fl_switch_2214-2sfx_pn_firmware *
phoenixcontact fl_switch_2408_pn_firmware *
phoenixcontact fl_switch_2008f_firmware *
phoenixcontact fl_switch_2206-2fx_sm_st_firmware *
phoenixcontact fl_switch_2308_pn_firmware *
phoenixcontact fl_switch_2207-fx_firmware *
phoenixcontact fl_switch_2514-2sfp_pn_firmware *
phoenixcontact fl_switch_2312-2gc-2sfp_firmware *
phoenixcontact fl_switch_2205_firmware *
phoenixcontact fl_switch_2206-2fx_firmware *
phoenixcontact fl_switch_2506-2sfp_firmware *
phoenixcontact fl_switch_2314-2sfp_firmware *
phoenixcontact fl_switch_2212-2tc-2sfx_firmware *
phoenixcontact fl_switch_2206c-2fx_firmware *
phoenixcontact fl_switch_2108_firmware *
phoenixcontact fl_nat_2008_firmware *
phoenixcontact fl_switch_2216_pn_firmware *
phoenixcontact fl_switch_2206-2sfx_pn_firmware *
phoenixcontact fl_switch_2508_pn_firmware *
phoenixcontact fl_switch_2512-2gc-2sfp_firmware *
phoenixcontact fl_switch_2204-2tc-2sfx_firmware *
phoenixcontact fl_switch_2608_firmware *
phoenixcontact fl_switch_2308_firmware *
phoenixcontact fl_switch_2016_firmware *
phoenixcontact fl_switch_2508/k1_firmware *
phoenixcontact fl_switch_2416_pn_firmware *
phoenixcontact fl_switch_2406-2sfx_pn_firmware *
phoenixcontact fl_switch_2316_firmware *
phoenixcontact fl_switch_2214-2fx_sm_firmware *
phoenixcontact fl_switch_2008_firmware *
phoenixcontact fl_switch_2206-2sfx_firmware *
phoenixcontact fl_switch_2306-2sfp_firmware *
phoenixcontact fl_switch_2303-8sp1 *
phoenixcontact fl_switch_2116_firmware *
phoenixcontact fl_switch_2005_firmware *
phoenixcontact fl_switch_2416_firmware *
phoenixcontact fl_switch_2214-2sfx_firmware *
phoenixcontact fl_switch_2105_firmware *
phoenixcontact fl_switch_2208_firmware *
phoenixcontact fl_switch_2414-2sfx_firmware *
phoenixcontact fl_switch_2314-2sfp_pn_firmware *
phoenixcontact fl_switch_2516_pn_firmware *
phoenixcontact fl_switch_2708_pn_firmware *
phoenixcontact fl_switch_2708_firmware *
phoenixcontact fl_switch_2206-2fx_sm_firmware *
phoenixcontact fl_switch_2216_firmware *
phoenixcontact fl_switch_2506-2sfp/k1_firmware *
phoenixcontact fl_switch_2408_firmware *
phoenixcontact fl_switch_2412-2tc-2sfx_firmware *
phoenixcontact fl_switch_2404-2tc-2sfx_firmware *
phoenixcontact fl_switch_2516_firmware *
phoenixcontact fl_switch_2316_pn_firmware *
phoenixcontact fl_switch_2608_pn_firmware *
phoenixcontact fl_switch_2306-2sfp_pn_firmware *
phoenixcontact fl_switch_2506-2sfp_pn_firmware *
phoenixcontact fl_switch_2406-2sfx_firmware *
CVE-2025-41694

A low privileged remote attacker can run the webshell with an empty command containing whitespace. The server will then block until it receives more data, resulting in a DoS condition of the websserver.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
phoenixcontact fl_nat_2304-2gc-2sfp_firmware *
phoenixcontact fl_switch_2508_firmware *
phoenixcontact fl_switch_2207-fx_sm_firmware *
phoenixcontact fl_switch_2208c_firmware *
phoenixcontact fl_nat_2208_firmware *
phoenixcontact fl_switch_2206-2fx_st_firmware *
phoenixcontact fl_switch_2504-2gc-2sfp_firmware *
phoenixcontact fl_switch_2214-2fx_firmware *
phoenixcontact fl_switch_2414-2sfx_pn_firmware *
phoenixcontact fl_switch_2208_pn_firmware *
phoenixcontact fl_switch_2304-2gc-2sfp_firmware *
phoenixcontact fl_switch_2514-2sfp_firmware *
phoenixcontact fl_switch_2316/k1_firmware *
phoenixcontact fl_switch_2214-2sfx_pn_firmware *
phoenixcontact fl_switch_2408_pn_firmware *
phoenixcontact fl_switch_2008f_firmware *
phoenixcontact fl_switch_2206-2fx_sm_st_firmware *
phoenixcontact fl_switch_2308_pn_firmware *
phoenixcontact fl_switch_2207-fx_firmware *
phoenixcontact fl_switch_2514-2sfp_pn_firmware *
phoenixcontact fl_switch_2312-2gc-2sfp_firmware *
phoenixcontact fl_switch_2205_firmware *
phoenixcontact fl_switch_2206-2fx_firmware *
phoenixcontact fl_switch_2506-2sfp_firmware *
phoenixcontact fl_switch_2314-2sfp_firmware *
phoenixcontact fl_switch_2212-2tc-2sfx_firmware *
phoenixcontact fl_switch_2206c-2fx_firmware *
phoenixcontact fl_switch_2108_firmware *
phoenixcontact fl_nat_2008_firmware *
phoenixcontact fl_switch_2216_pn_firmware *
phoenixcontact fl_switch_2206-2sfx_pn_firmware *
phoenixcontact fl_switch_2508_pn_firmware *
phoenixcontact fl_switch_2512-2gc-2sfp_firmware *
phoenixcontact fl_switch_2204-2tc-2sfx_firmware *
phoenixcontact fl_switch_2608_firmware *
phoenixcontact fl_switch_2308_firmware *
phoenixcontact fl_switch_2016_firmware *
phoenixcontact fl_switch_2508/k1_firmware *
phoenixcontact fl_switch_2416_pn_firmware *
phoenixcontact fl_switch_2406-2sfx_pn_firmware *
phoenixcontact fl_switch_2316_firmware *
phoenixcontact fl_switch_2214-2fx_sm_firmware *
phoenixcontact fl_switch_2008_firmware *
phoenixcontact fl_switch_2206-2sfx_firmware *
phoenixcontact fl_switch_2306-2sfp_firmware *
phoenixcontact fl_switch_2303-8sp1 *
phoenixcontact fl_switch_2116_firmware *
phoenixcontact fl_switch_2005_firmware *
phoenixcontact fl_switch_2416_firmware *
phoenixcontact fl_switch_2214-2sfx_firmware *
phoenixcontact fl_switch_2105_firmware *
phoenixcontact fl_switch_2208_firmware *
phoenixcontact fl_switch_2414-2sfx_firmware *
phoenixcontact fl_switch_2314-2sfp_pn_firmware *
phoenixcontact fl_switch_2516_pn_firmware *
phoenixcontact fl_switch_2708_pn_firmware *
phoenixcontact fl_switch_2708_firmware *
phoenixcontact fl_switch_2206-2fx_sm_firmware *
phoenixcontact fl_switch_2216_firmware *
phoenixcontact fl_switch_2506-2sfp/k1_firmware *
phoenixcontact fl_switch_2408_firmware *
phoenixcontact fl_switch_2412-2tc-2sfx_firmware *
phoenixcontact fl_switch_2404-2tc-2sfx_firmware *
phoenixcontact fl_switch_2516_firmware *
phoenixcontact fl_switch_2316_pn_firmware *
phoenixcontact fl_switch_2608_pn_firmware *
phoenixcontact fl_switch_2306-2sfp_pn_firmware *
phoenixcontact fl_switch_2506-2sfp_pn_firmware *
phoenixcontact fl_switch_2406-2sfx_firmware *
CVE-2025-41695

An XSS vulnerability in dyn_conn.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management (WBM). The vulnerability does not provide access to system-level resources such as operating system internals or privileged functions. Access is limited to device configuration parameters that are available in the context of the web application. The session cookie is secured by the httpOnly Flag. Therefore an attacker is not able to take over the session of an authenticated user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 7.1 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L 2.8 3.7

Products Affected

Vendor Product Version
phoenixcontact fl_nat_2304-2gc-2sfp_firmware *
phoenixcontact fl_switch_2508_firmware *
phoenixcontact fl_switch_2207-fx_sm_firmware *
phoenixcontact fl_switch_2208c_firmware *
phoenixcontact fl_nat_2208_firmware *
phoenixcontact fl_switch_2206-2fx_st_firmware *
phoenixcontact fl_switch_2504-2gc-2sfp_firmware *
phoenixcontact fl_switch_2214-2fx_firmware *
phoenixcontact fl_switch_2414-2sfx_pn_firmware *
phoenixcontact fl_switch_2208_pn_firmware *
phoenixcontact fl_switch_2304-2gc-2sfp_firmware *
phoenixcontact fl_switch_2514-2sfp_firmware *
phoenixcontact fl_switch_2316/k1_firmware *
phoenixcontact fl_switch_2214-2sfx_pn_firmware *
phoenixcontact fl_switch_2408_pn_firmware *
phoenixcontact fl_switch_2008f_firmware *
phoenixcontact fl_switch_2206-2fx_sm_st_firmware *
phoenixcontact fl_switch_2308_pn_firmware *
phoenixcontact fl_switch_2207-fx_firmware *
phoenixcontact fl_switch_2514-2sfp_pn_firmware *
phoenixcontact fl_switch_2312-2gc-2sfp_firmware *
phoenixcontact fl_switch_2205_firmware *
phoenixcontact fl_switch_2206-2fx_firmware *
phoenixcontact fl_switch_2506-2sfp_firmware *
phoenixcontact fl_switch_2314-2sfp_firmware *
phoenixcontact fl_switch_2212-2tc-2sfx_firmware *
phoenixcontact fl_switch_2206c-2fx_firmware *
phoenixcontact fl_switch_2108_firmware *
phoenixcontact fl_nat_2008_firmware *
phoenixcontact fl_switch_2216_pn_firmware *
phoenixcontact fl_switch_2206-2sfx_pn_firmware *
phoenixcontact fl_switch_2508_pn_firmware *
phoenixcontact fl_switch_2512-2gc-2sfp_firmware *
phoenixcontact fl_switch_2204-2tc-2sfx_firmware *
phoenixcontact fl_switch_2608_firmware *
phoenixcontact fl_switch_2308_firmware *
phoenixcontact fl_switch_2016_firmware *
phoenixcontact fl_switch_2508/k1_firmware *
phoenixcontact fl_switch_2416_pn_firmware *
phoenixcontact fl_switch_2406-2sfx_pn_firmware *
phoenixcontact fl_switch_2316_firmware *
phoenixcontact fl_switch_2214-2fx_sm_firmware *
phoenixcontact fl_switch_2008_firmware *
phoenixcontact fl_switch_2206-2sfx_firmware *
phoenixcontact fl_switch_2306-2sfp_firmware *
phoenixcontact fl_switch_2303-8sp1 *
phoenixcontact fl_switch_2116_firmware *
phoenixcontact fl_switch_2005_firmware *
phoenixcontact fl_switch_2416_firmware *
phoenixcontact fl_switch_2214-2sfx_firmware *
phoenixcontact fl_switch_2105_firmware *
phoenixcontact fl_switch_2208_firmware *
phoenixcontact fl_switch_2414-2sfx_firmware *
phoenixcontact fl_switch_2314-2sfp_pn_firmware *
phoenixcontact fl_switch_2516_pn_firmware *
phoenixcontact fl_switch_2708_pn_firmware *
phoenixcontact fl_switch_2708_firmware *
phoenixcontact fl_switch_2206-2fx_sm_firmware *
phoenixcontact fl_switch_2216_firmware *
phoenixcontact fl_switch_2506-2sfp/k1_firmware *
phoenixcontact fl_switch_2408_firmware *
phoenixcontact fl_switch_2412-2tc-2sfx_firmware *
phoenixcontact fl_switch_2404-2tc-2sfx_firmware *
phoenixcontact fl_switch_2516_firmware *
phoenixcontact fl_switch_2316_pn_firmware *
phoenixcontact fl_switch_2608_pn_firmware *
phoenixcontact fl_switch_2306-2sfp_pn_firmware *
phoenixcontact fl_switch_2506-2sfp_pn_firmware *
phoenixcontact fl_switch_2406-2sfx_firmware *
CVE-2025-41696

An attacker can use an undocumented UART port on the PCB as a side-channel with the user hardcoded credentials obtained from CVE-2025-41692 to gain read access to parts of the filesystem of the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 4.6 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 0.9 3.6

Products Affected

Vendor Product Version
phoenixcontact fl_nat_2304-2gc-2sfp_firmware *
phoenixcontact fl_switch_2508_firmware *
phoenixcontact fl_switch_2207-fx_sm_firmware *
phoenixcontact fl_switch_2208c_firmware *
phoenixcontact fl_nat_2208_firmware *
phoenixcontact fl_switch_2206-2fx_st_firmware *
phoenixcontact fl_switch_2504-2gc-2sfp_firmware *
phoenixcontact fl_switch_2214-2fx_firmware *
phoenixcontact fl_switch_2414-2sfx_pn_firmware *
phoenixcontact fl_switch_2208_pn_firmware *
phoenixcontact fl_switch_2304-2gc-2sfp_firmware *
phoenixcontact fl_switch_2514-2sfp_firmware *
phoenixcontact fl_switch_2316/k1_firmware *
phoenixcontact fl_switch_2214-2sfx_pn_firmware *
phoenixcontact fl_switch_2408_pn_firmware *
phoenixcontact fl_switch_2008f_firmware *
phoenixcontact fl_switch_2206-2fx_sm_st_firmware *
phoenixcontact fl_switch_2308_pn_firmware *
phoenixcontact fl_switch_2207-fx_firmware *
phoenixcontact fl_switch_2514-2sfp_pn_firmware *
phoenixcontact fl_switch_2312-2gc-2sfp_firmware *
phoenixcontact fl_switch_2205_firmware *
phoenixcontact fl_switch_2206-2fx_firmware *
phoenixcontact fl_switch_2506-2sfp_firmware *
phoenixcontact fl_switch_2314-2sfp_firmware *
phoenixcontact fl_switch_2212-2tc-2sfx_firmware *
phoenixcontact fl_switch_2206c-2fx_firmware *
phoenixcontact fl_switch_2108_firmware *
phoenixcontact fl_nat_2008_firmware *
phoenixcontact fl_switch_2216_pn_firmware *
phoenixcontact fl_switch_2206-2sfx_pn_firmware *
phoenixcontact fl_switch_2508_pn_firmware *
phoenixcontact fl_switch_2512-2gc-2sfp_firmware *
phoenixcontact fl_switch_2204-2tc-2sfx_firmware *
phoenixcontact fl_switch_2608_firmware *
phoenixcontact fl_switch_2308_firmware *
phoenixcontact fl_switch_2016_firmware *
phoenixcontact fl_switch_2508/k1_firmware *
phoenixcontact fl_switch_2416_pn_firmware *
phoenixcontact fl_switch_2406-2sfx_pn_firmware *
phoenixcontact fl_switch_2316_firmware *
phoenixcontact fl_switch_2214-2fx_sm_firmware *
phoenixcontact fl_switch_2008_firmware *
phoenixcontact fl_switch_2206-2sfx_firmware *
phoenixcontact fl_switch_2306-2sfp_firmware *
phoenixcontact fl_switch_2303-8sp1 *
phoenixcontact fl_switch_2116_firmware *
phoenixcontact fl_switch_2005_firmware *
phoenixcontact fl_switch_2416_firmware *
phoenixcontact fl_switch_2214-2sfx_firmware *
phoenixcontact fl_switch_2105_firmware *
phoenixcontact fl_switch_2208_firmware *
phoenixcontact fl_switch_2414-2sfx_firmware *
phoenixcontact fl_switch_2314-2sfp_pn_firmware *
phoenixcontact fl_switch_2516_pn_firmware *
phoenixcontact fl_switch_2708_pn_firmware *
phoenixcontact fl_switch_2708_firmware *
phoenixcontact fl_switch_2206-2fx_sm_firmware *
phoenixcontact fl_switch_2216_firmware *
phoenixcontact fl_switch_2506-2sfp/k1_firmware *
phoenixcontact fl_switch_2408_firmware *
phoenixcontact fl_switch_2412-2tc-2sfx_firmware *
phoenixcontact fl_switch_2404-2tc-2sfx_firmware *
phoenixcontact fl_switch_2516_firmware *
phoenixcontact fl_switch_2316_pn_firmware *
phoenixcontact fl_switch_2608_pn_firmware *
phoenixcontact fl_switch_2306-2sfp_pn_firmware *
phoenixcontact fl_switch_2506-2sfp_pn_firmware *
phoenixcontact fl_switch_2406-2sfx_firmware *
CVE-2025-41697

An attacker can use an undocumented UART port on the PCB as a side-channel to get root access e.g. with the credentials obtained from CVE-2025-41692.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

Products Affected

Vendor Product Version
phoenixcontact fl_nat_2304-2gc-2sfp_firmware *
phoenixcontact fl_switch_2508_firmware *
phoenixcontact fl_switch_2207-fx_sm_firmware *
phoenixcontact fl_switch_2208c_firmware *
phoenixcontact fl_nat_2208_firmware *
phoenixcontact fl_switch_2206-2fx_st_firmware *
phoenixcontact fl_switch_2504-2gc-2sfp_firmware *
phoenixcontact fl_switch_2214-2fx_firmware *
phoenixcontact fl_switch_2414-2sfx_pn_firmware *
phoenixcontact fl_switch_2208_pn_firmware *
phoenixcontact fl_switch_2304-2gc-2sfp_firmware *
phoenixcontact fl_switch_2514-2sfp_firmware *
phoenixcontact fl_switch_2316/k1_firmware *
phoenixcontact fl_switch_2214-2sfx_pn_firmware *
phoenixcontact fl_switch_2408_pn_firmware *
phoenixcontact fl_switch_2008f_firmware *
phoenixcontact fl_switch_2206-2fx_sm_st_firmware *
phoenixcontact fl_switch_2308_pn_firmware *
phoenixcontact fl_switch_2207-fx_firmware *
phoenixcontact fl_switch_2514-2sfp_pn_firmware *
phoenixcontact fl_switch_2312-2gc-2sfp_firmware *
phoenixcontact fl_switch_2205_firmware *
phoenixcontact fl_switch_2206-2fx_firmware *
phoenixcontact fl_switch_2506-2sfp_firmware *
phoenixcontact fl_switch_2314-2sfp_firmware *
phoenixcontact fl_switch_2212-2tc-2sfx_firmware *
phoenixcontact fl_switch_2206c-2fx_firmware *
phoenixcontact fl_switch_2108_firmware *
phoenixcontact fl_nat_2008_firmware *
phoenixcontact fl_switch_2216_pn_firmware *
phoenixcontact fl_switch_2206-2sfx_pn_firmware *
phoenixcontact fl_switch_2508_pn_firmware *
phoenixcontact fl_switch_2512-2gc-2sfp_firmware *
phoenixcontact fl_switch_2204-2tc-2sfx_firmware *
phoenixcontact fl_switch_2608_firmware *
phoenixcontact fl_switch_2308_firmware *
phoenixcontact fl_switch_2016_firmware *
phoenixcontact fl_switch_2508/k1_firmware *
phoenixcontact fl_switch_2416_pn_firmware *
phoenixcontact fl_switch_2406-2sfx_pn_firmware *
phoenixcontact fl_switch_2316_firmware *
phoenixcontact fl_switch_2214-2fx_sm_firmware *
phoenixcontact fl_switch_2008_firmware *
phoenixcontact fl_switch_2206-2sfx_firmware *
phoenixcontact fl_switch_2306-2sfp_firmware *
phoenixcontact fl_switch_2303-8sp1 *
phoenixcontact fl_switch_2116_firmware *
phoenixcontact fl_switch_2005_firmware *
phoenixcontact fl_switch_2416_firmware *
phoenixcontact fl_switch_2214-2sfx_firmware *
phoenixcontact fl_switch_2105_firmware *
phoenixcontact fl_switch_2208_firmware *
phoenixcontact fl_switch_2414-2sfx_firmware *
phoenixcontact fl_switch_2314-2sfp_pn_firmware *
phoenixcontact fl_switch_2516_pn_firmware *
phoenixcontact fl_switch_2708_pn_firmware *
phoenixcontact fl_switch_2708_firmware *
phoenixcontact fl_switch_2206-2fx_sm_firmware *
phoenixcontact fl_switch_2216_firmware *
phoenixcontact fl_switch_2506-2sfp/k1_firmware *
phoenixcontact fl_switch_2408_firmware *
phoenixcontact fl_switch_2412-2tc-2sfx_firmware *
phoenixcontact fl_switch_2404-2tc-2sfx_firmware *
phoenixcontact fl_switch_2516_firmware *
phoenixcontact fl_switch_2316_pn_firmware *
phoenixcontact fl_switch_2608_pn_firmware *
phoenixcontact fl_switch_2306-2sfp_pn_firmware *
phoenixcontact fl_switch_2506-2sfp_pn_firmware *
phoenixcontact fl_switch_2406-2sfx_firmware *
CVE-2025-41745

An XSS vulnerability in pxc_portCntr2.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management (WBM). The vulnerability does not provide access to system-level resources such as operating system internals or privileged functions. Access is limited to device configuration parameters that are available in the context of the web application. The session cookie is secured by the httpOnly Flag. Therefore an attacker is not able to take over the session of an authenticated user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 7.1 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L 2.8 3.7

Products Affected

Vendor Product Version
phoenixcontact fl_nat_2304-2gc-2sfp_firmware *
phoenixcontact fl_switch_2508_firmware *
phoenixcontact fl_switch_2207-fx_sm_firmware *
phoenixcontact fl_switch_2208c_firmware *
phoenixcontact fl_nat_2208_firmware *
phoenixcontact fl_switch_2206-2fx_st_firmware *
phoenixcontact fl_switch_2504-2gc-2sfp_firmware *
phoenixcontact fl_switch_2214-2fx_firmware *
phoenixcontact fl_switch_2414-2sfx_pn_firmware *
phoenixcontact fl_switch_2208_pn_firmware *
phoenixcontact fl_switch_2304-2gc-2sfp_firmware *
phoenixcontact fl_switch_2514-2sfp_firmware *
phoenixcontact fl_switch_2316/k1_firmware *
phoenixcontact fl_switch_2214-2sfx_pn_firmware *
phoenixcontact fl_switch_2408_pn_firmware *
phoenixcontact fl_switch_2008f_firmware *
phoenixcontact fl_switch_2206-2fx_sm_st_firmware *
phoenixcontact fl_switch_2308_pn_firmware *
phoenixcontact fl_switch_2207-fx_firmware *
phoenixcontact fl_switch_2514-2sfp_pn_firmware *
phoenixcontact fl_switch_2312-2gc-2sfp_firmware *
phoenixcontact fl_switch_2205_firmware *
phoenixcontact fl_switch_2206-2fx_firmware *
phoenixcontact fl_switch_2506-2sfp_firmware *
phoenixcontact fl_switch_2314-2sfp_firmware *
phoenixcontact fl_switch_2212-2tc-2sfx_firmware *
phoenixcontact fl_switch_2206c-2fx_firmware *
phoenixcontact fl_switch_2108_firmware *
phoenixcontact fl_nat_2008_firmware *
phoenixcontact fl_switch_2216_pn_firmware *
phoenixcontact fl_switch_2206-2sfx_pn_firmware *
phoenixcontact fl_switch_2508_pn_firmware *
phoenixcontact fl_switch_2512-2gc-2sfp_firmware *
phoenixcontact fl_switch_2204-2tc-2sfx_firmware *
phoenixcontact fl_switch_2608_firmware *
phoenixcontact fl_switch_2308_firmware *
phoenixcontact fl_switch_2016_firmware *
phoenixcontact fl_switch_2508/k1_firmware *
phoenixcontact fl_switch_2416_pn_firmware *
phoenixcontact fl_switch_2406-2sfx_pn_firmware *
phoenixcontact fl_switch_2316_firmware *
phoenixcontact fl_switch_2214-2fx_sm_firmware *
phoenixcontact fl_switch_2008_firmware *
phoenixcontact fl_switch_2206-2sfx_firmware *
phoenixcontact fl_switch_2306-2sfp_firmware *
phoenixcontact fl_switch_2303-8sp1 *
phoenixcontact fl_switch_2116_firmware *
phoenixcontact fl_switch_2005_firmware *
phoenixcontact fl_switch_2416_firmware *
phoenixcontact fl_switch_2214-2sfx_firmware *
phoenixcontact fl_switch_2105_firmware *
phoenixcontact fl_switch_2208_firmware *
phoenixcontact fl_switch_2414-2sfx_firmware *
phoenixcontact fl_switch_2314-2sfp_pn_firmware *
phoenixcontact fl_switch_2516_pn_firmware *
phoenixcontact fl_switch_2708_pn_firmware *
phoenixcontact fl_switch_2708_firmware *
phoenixcontact fl_switch_2206-2fx_sm_firmware *
phoenixcontact fl_switch_2216_firmware *
phoenixcontact fl_switch_2506-2sfp/k1_firmware *
phoenixcontact fl_switch_2408_firmware *
phoenixcontact fl_switch_2412-2tc-2sfx_firmware *
phoenixcontact fl_switch_2404-2tc-2sfx_firmware *
phoenixcontact fl_switch_2516_firmware *
phoenixcontact fl_switch_2316_pn_firmware *
phoenixcontact fl_switch_2608_pn_firmware *
phoenixcontact fl_switch_2306-2sfp_pn_firmware *
phoenixcontact fl_switch_2506-2sfp_pn_firmware *
phoenixcontact fl_switch_2406-2sfx_firmware *
CVE-2025-41746

An XSS vulnerability in pxc_portSecCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management (WBM). The vulnerability does not provide access to system-level resources such as operating system internals or privileged functions. Access is limited to device configuration parameters that are available in the context of the web application. The session cookie is secured by the httpOnly Flag. Therefore an attacker is not able to take over the session of an authenticated user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 7.1 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L 2.8 3.7

Products Affected

Vendor Product Version
phoenixcontact fl_nat_2304-2gc-2sfp_firmware *
phoenixcontact fl_switch_2508_firmware *
phoenixcontact fl_switch_2207-fx_sm_firmware *
phoenixcontact fl_switch_2208c_firmware *
phoenixcontact fl_nat_2208_firmware *
phoenixcontact fl_switch_2206-2fx_st_firmware *
phoenixcontact fl_switch_2504-2gc-2sfp_firmware *
phoenixcontact fl_switch_2214-2fx_firmware *
phoenixcontact fl_switch_2414-2sfx_pn_firmware *
phoenixcontact fl_switch_2208_pn_firmware *
phoenixcontact fl_switch_2304-2gc-2sfp_firmware *
phoenixcontact fl_switch_2514-2sfp_firmware *
phoenixcontact fl_switch_2316/k1_firmware *
phoenixcontact fl_switch_2214-2sfx_pn_firmware *
phoenixcontact fl_switch_2408_pn_firmware *
phoenixcontact fl_switch_2008f_firmware *
phoenixcontact fl_switch_2206-2fx_sm_st_firmware *
phoenixcontact fl_switch_2308_pn_firmware *
phoenixcontact fl_switch_2207-fx_firmware *
phoenixcontact fl_switch_2514-2sfp_pn_firmware *
phoenixcontact fl_switch_2312-2gc-2sfp_firmware *
phoenixcontact fl_switch_2205_firmware *
phoenixcontact fl_switch_2206-2fx_firmware *
phoenixcontact fl_switch_2506-2sfp_firmware *
phoenixcontact fl_switch_2314-2sfp_firmware *
phoenixcontact fl_switch_2212-2tc-2sfx_firmware *
phoenixcontact fl_switch_2206c-2fx_firmware *
phoenixcontact fl_switch_2108_firmware *
phoenixcontact fl_nat_2008_firmware *
phoenixcontact fl_switch_2216_pn_firmware *
phoenixcontact fl_switch_2206-2sfx_pn_firmware *
phoenixcontact fl_switch_2508_pn_firmware *
phoenixcontact fl_switch_2512-2gc-2sfp_firmware *
phoenixcontact fl_switch_2204-2tc-2sfx_firmware *
phoenixcontact fl_switch_2608_firmware *
phoenixcontact fl_switch_2308_firmware *
phoenixcontact fl_switch_2016_firmware *
phoenixcontact fl_switch_2508/k1_firmware *
phoenixcontact fl_switch_2416_pn_firmware *
phoenixcontact fl_switch_2406-2sfx_pn_firmware *
phoenixcontact fl_switch_2316_firmware *
phoenixcontact fl_switch_2214-2fx_sm_firmware *
phoenixcontact fl_switch_2008_firmware *
phoenixcontact fl_switch_2206-2sfx_firmware *
phoenixcontact fl_switch_2306-2sfp_firmware *
phoenixcontact fl_switch_2303-8sp1 *
phoenixcontact fl_switch_2116_firmware *
phoenixcontact fl_switch_2005_firmware *
phoenixcontact fl_switch_2416_firmware *
phoenixcontact fl_switch_2214-2sfx_firmware *
phoenixcontact fl_switch_2105_firmware *
phoenixcontact fl_switch_2208_firmware *
phoenixcontact fl_switch_2414-2sfx_firmware *
phoenixcontact fl_switch_2314-2sfp_pn_firmware *
phoenixcontact fl_switch_2516_pn_firmware *
phoenixcontact fl_switch_2708_pn_firmware *
phoenixcontact fl_switch_2708_firmware *
phoenixcontact fl_switch_2206-2fx_sm_firmware *
phoenixcontact fl_switch_2216_firmware *
phoenixcontact fl_switch_2506-2sfp/k1_firmware *
phoenixcontact fl_switch_2408_firmware *
phoenixcontact fl_switch_2412-2tc-2sfx_firmware *
phoenixcontact fl_switch_2404-2tc-2sfx_firmware *
phoenixcontact fl_switch_2516_firmware *
phoenixcontact fl_switch_2316_pn_firmware *
phoenixcontact fl_switch_2608_pn_firmware *
phoenixcontact fl_switch_2306-2sfp_pn_firmware *
phoenixcontact fl_switch_2506-2sfp_pn_firmware *
phoenixcontact fl_switch_2406-2sfx_firmware *
CVE-2025-41747

An XSS vulnerability in pxc_vlanIntfCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management (WBM). The vulnerability does not provide access to system-level resources such as operating system internals or privileged functions. Access is limited to device configuration parameters that are available in the context of the web application. The session cookie is secured by the httpOnly Flag. Therefore an attacker is not able to take over the session of an authenticated user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 7.1 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L 2.8 3.7

Products Affected

Vendor Product Version
phoenixcontact fl_nat_2304-2gc-2sfp_firmware *
phoenixcontact fl_switch_2508_firmware *
phoenixcontact fl_switch_2207-fx_sm_firmware *
phoenixcontact fl_switch_2208c_firmware *
phoenixcontact fl_nat_2208_firmware *
phoenixcontact fl_switch_2206-2fx_st_firmware *
phoenixcontact fl_switch_2504-2gc-2sfp_firmware *
phoenixcontact fl_switch_2214-2fx_firmware *
phoenixcontact fl_switch_2414-2sfx_pn_firmware *
phoenixcontact fl_switch_2208_pn_firmware *
phoenixcontact fl_switch_2304-2gc-2sfp_firmware *
phoenixcontact fl_switch_2514-2sfp_firmware *
phoenixcontact fl_switch_2316/k1_firmware *
phoenixcontact fl_switch_2214-2sfx_pn_firmware *
phoenixcontact fl_switch_2408_pn_firmware *
phoenixcontact fl_switch_2008f_firmware *
phoenixcontact fl_switch_2206-2fx_sm_st_firmware *
phoenixcontact fl_switch_2308_pn_firmware *
phoenixcontact fl_switch_2207-fx_firmware *
phoenixcontact fl_switch_2514-2sfp_pn_firmware *
phoenixcontact fl_switch_2312-2gc-2sfp_firmware *
phoenixcontact fl_switch_2205_firmware *
phoenixcontact fl_switch_2206-2fx_firmware *
phoenixcontact fl_switch_2506-2sfp_firmware *
phoenixcontact fl_switch_2314-2sfp_firmware *
phoenixcontact fl_switch_2212-2tc-2sfx_firmware *
phoenixcontact fl_switch_2206c-2fx_firmware *
phoenixcontact fl_switch_2108_firmware *
phoenixcontact fl_nat_2008_firmware *
phoenixcontact fl_switch_2216_pn_firmware *
phoenixcontact fl_switch_2206-2sfx_pn_firmware *
phoenixcontact fl_switch_2508_pn_firmware *
phoenixcontact fl_switch_2512-2gc-2sfp_firmware *
phoenixcontact fl_switch_2204-2tc-2sfx_firmware *
phoenixcontact fl_switch_2608_firmware *
phoenixcontact fl_switch_2308_firmware *
phoenixcontact fl_switch_2016_firmware *
phoenixcontact fl_switch_2508/k1_firmware *
phoenixcontact fl_switch_2416_pn_firmware *
phoenixcontact fl_switch_2406-2sfx_pn_firmware *
phoenixcontact fl_switch_2316_firmware *
phoenixcontact fl_switch_2214-2fx_sm_firmware *
phoenixcontact fl_switch_2008_firmware *
phoenixcontact fl_switch_2206-2sfx_firmware *
phoenixcontact fl_switch_2306-2sfp_firmware *
phoenixcontact fl_switch_2303-8sp1 *
phoenixcontact fl_switch_2116_firmware *
phoenixcontact fl_switch_2005_firmware *
phoenixcontact fl_switch_2416_firmware *
phoenixcontact fl_switch_2214-2sfx_firmware *
phoenixcontact fl_switch_2105_firmware *
phoenixcontact fl_switch_2208_firmware *
phoenixcontact fl_switch_2414-2sfx_firmware *
phoenixcontact fl_switch_2314-2sfp_pn_firmware *
phoenixcontact fl_switch_2516_pn_firmware *
phoenixcontact fl_switch_2708_pn_firmware *
phoenixcontact fl_switch_2708_firmware *
phoenixcontact fl_switch_2206-2fx_sm_firmware *
phoenixcontact fl_switch_2216_firmware *
phoenixcontact fl_switch_2506-2sfp/k1_firmware *
phoenixcontact fl_switch_2408_firmware *
phoenixcontact fl_switch_2412-2tc-2sfx_firmware *
phoenixcontact fl_switch_2404-2tc-2sfx_firmware *
phoenixcontact fl_switch_2516_firmware *
phoenixcontact fl_switch_2316_pn_firmware *
phoenixcontact fl_switch_2608_pn_firmware *
phoenixcontact fl_switch_2306-2sfp_pn_firmware *
phoenixcontact fl_switch_2506-2sfp_pn_firmware *
phoenixcontact fl_switch_2406-2sfx_firmware *
CVE-2025-41748

An XSS vulnerability in pxc_Dot1xCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management (WBM). The vulnerability does not provide access to system-level resources such as operating system internals or privileged functions. Access is limited to device configuration parameters that are available in the context of the web application. The session cookie is secured by the httpOnly Flag. Therefore an attacker is not able to take over the session of an authenticated user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 7.1 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L 2.8 3.7

Products Affected

Vendor Product Version
phoenixcontact fl_nat_2304-2gc-2sfp_firmware *
phoenixcontact fl_switch_2508_firmware *
phoenixcontact fl_switch_2207-fx_sm_firmware *
phoenixcontact fl_switch_2208c_firmware *
phoenixcontact fl_nat_2208_firmware *
phoenixcontact fl_switch_2206-2fx_st_firmware *
phoenixcontact fl_switch_2504-2gc-2sfp_firmware *
phoenixcontact fl_switch_2214-2fx_firmware *
phoenixcontact fl_switch_2414-2sfx_pn_firmware *
phoenixcontact fl_switch_2208_pn_firmware *
phoenixcontact fl_switch_2304-2gc-2sfp_firmware *
phoenixcontact fl_switch_2514-2sfp_firmware *
phoenixcontact fl_switch_2316/k1_firmware *
phoenixcontact fl_switch_2214-2sfx_pn_firmware *
phoenixcontact fl_switch_2408_pn_firmware *
phoenixcontact fl_switch_2008f_firmware *
phoenixcontact fl_switch_2206-2fx_sm_st_firmware *
phoenixcontact fl_switch_2308_pn_firmware *
phoenixcontact fl_switch_2207-fx_firmware *
phoenixcontact fl_switch_2514-2sfp_pn_firmware *
phoenixcontact fl_switch_2312-2gc-2sfp_firmware *
phoenixcontact fl_switch_2205_firmware *
phoenixcontact fl_switch_2206-2fx_firmware *
phoenixcontact fl_switch_2506-2sfp_firmware *
phoenixcontact fl_switch_2314-2sfp_firmware *
phoenixcontact fl_switch_2212-2tc-2sfx_firmware *
phoenixcontact fl_switch_2206c-2fx_firmware *
phoenixcontact fl_switch_2108_firmware *
phoenixcontact fl_nat_2008_firmware *
phoenixcontact fl_switch_2216_pn_firmware *
phoenixcontact fl_switch_2206-2sfx_pn_firmware *
phoenixcontact fl_switch_2508_pn_firmware *
phoenixcontact fl_switch_2512-2gc-2sfp_firmware *
phoenixcontact fl_switch_2204-2tc-2sfx_firmware *
phoenixcontact fl_switch_2608_firmware *
phoenixcontact fl_switch_2308_firmware *
phoenixcontact fl_switch_2016_firmware *
phoenixcontact fl_switch_2508/k1_firmware *
phoenixcontact fl_switch_2416_pn_firmware *
phoenixcontact fl_switch_2406-2sfx_pn_firmware *
phoenixcontact fl_switch_2316_firmware *
phoenixcontact fl_switch_2214-2fx_sm_firmware *
phoenixcontact fl_switch_2008_firmware *
phoenixcontact fl_switch_2206-2sfx_firmware *
phoenixcontact fl_switch_2306-2sfp_firmware *
phoenixcontact fl_switch_2303-8sp1 *
phoenixcontact fl_switch_2116_firmware *
phoenixcontact fl_switch_2005_firmware *
phoenixcontact fl_switch_2416_firmware *
phoenixcontact fl_switch_2214-2sfx_firmware *
phoenixcontact fl_switch_2105_firmware *
phoenixcontact fl_switch_2208_firmware *
phoenixcontact fl_switch_2414-2sfx_firmware *
phoenixcontact fl_switch_2314-2sfp_pn_firmware *
phoenixcontact fl_switch_2516_pn_firmware *
phoenixcontact fl_switch_2708_pn_firmware *
phoenixcontact fl_switch_2708_firmware *
phoenixcontact fl_switch_2206-2fx_sm_firmware *
phoenixcontact fl_switch_2216_firmware *
phoenixcontact fl_switch_2506-2sfp/k1_firmware *
phoenixcontact fl_switch_2408_firmware *
phoenixcontact fl_switch_2412-2tc-2sfx_firmware *
phoenixcontact fl_switch_2404-2tc-2sfx_firmware *
phoenixcontact fl_switch_2516_firmware *
phoenixcontact fl_switch_2316_pn_firmware *
phoenixcontact fl_switch_2608_pn_firmware *
phoenixcontact fl_switch_2306-2sfp_pn_firmware *
phoenixcontact fl_switch_2506-2sfp_pn_firmware *
phoenixcontact fl_switch_2406-2sfx_firmware *
CVE-2025-41749

An XSS vulnerability in port_util.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management (WBM). The vulnerability does not provide access to system-level resources such as operating system internals or privileged functions. Access is limited to device configuration parameters that are available in the context of the web application. The session cookie is secured by the httpOnly Flag. Therefore an attacker is not able to take over the session of an authenticated user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 7.1 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L 2.8 3.7

Products Affected

Vendor Product Version
phoenixcontact fl_nat_2304-2gc-2sfp_firmware *
phoenixcontact fl_switch_2508_firmware *
phoenixcontact fl_switch_2207-fx_sm_firmware *
phoenixcontact fl_switch_2208c_firmware *
phoenixcontact fl_nat_2208_firmware *
phoenixcontact fl_switch_2206-2fx_st_firmware *
phoenixcontact fl_switch_2504-2gc-2sfp_firmware *
phoenixcontact fl_switch_2214-2fx_firmware *
phoenixcontact fl_switch_2414-2sfx_pn_firmware *
phoenixcontact fl_switch_2208_pn_firmware *
phoenixcontact fl_switch_2304-2gc-2sfp_firmware *
phoenixcontact fl_switch_2514-2sfp_firmware *
phoenixcontact fl_switch_2316/k1_firmware *
phoenixcontact fl_switch_2214-2sfx_pn_firmware *
phoenixcontact fl_switch_2408_pn_firmware *
phoenixcontact fl_switch_2008f_firmware *
phoenixcontact fl_switch_2206-2fx_sm_st_firmware *
phoenixcontact fl_switch_2308_pn_firmware *
phoenixcontact fl_switch_2207-fx_firmware *
phoenixcontact fl_switch_2514-2sfp_pn_firmware *
phoenixcontact fl_switch_2312-2gc-2sfp_firmware *
phoenixcontact fl_switch_2205_firmware *
phoenixcontact fl_switch_2206-2fx_firmware *
phoenixcontact fl_switch_2506-2sfp_firmware *
phoenixcontact fl_switch_2314-2sfp_firmware *
phoenixcontact fl_switch_2212-2tc-2sfx_firmware *
phoenixcontact fl_switch_2206c-2fx_firmware *
phoenixcontact fl_switch_2108_firmware *
phoenixcontact fl_nat_2008_firmware *
phoenixcontact fl_switch_2216_pn_firmware *
phoenixcontact fl_switch_2206-2sfx_pn_firmware *
phoenixcontact fl_switch_2508_pn_firmware *
phoenixcontact fl_switch_2512-2gc-2sfp_firmware *
phoenixcontact fl_switch_2204-2tc-2sfx_firmware *
phoenixcontact fl_switch_2608_firmware *
phoenixcontact fl_switch_2308_firmware *
phoenixcontact fl_switch_2016_firmware *
phoenixcontact fl_switch_2508/k1_firmware *
phoenixcontact fl_switch_2416_pn_firmware *
phoenixcontact fl_switch_2406-2sfx_pn_firmware *
phoenixcontact fl_switch_2316_firmware *
phoenixcontact fl_switch_2214-2fx_sm_firmware *
phoenixcontact fl_switch_2008_firmware *
phoenixcontact fl_switch_2206-2sfx_firmware *
phoenixcontact fl_switch_2306-2sfp_firmware *
phoenixcontact fl_switch_2303-8sp1 *
phoenixcontact fl_switch_2116_firmware *
phoenixcontact fl_switch_2005_firmware *
phoenixcontact fl_switch_2416_firmware *
phoenixcontact fl_switch_2214-2sfx_firmware *
phoenixcontact fl_switch_2105_firmware *
phoenixcontact fl_switch_2208_firmware *
phoenixcontact fl_switch_2414-2sfx_firmware *
phoenixcontact fl_switch_2314-2sfp_pn_firmware *
phoenixcontact fl_switch_2516_pn_firmware *
phoenixcontact fl_switch_2708_pn_firmware *
phoenixcontact fl_switch_2708_firmware *
phoenixcontact fl_switch_2206-2fx_sm_firmware *
phoenixcontact fl_switch_2216_firmware *
phoenixcontact fl_switch_2506-2sfp/k1_firmware *
phoenixcontact fl_switch_2408_firmware *
phoenixcontact fl_switch_2412-2tc-2sfx_firmware *
phoenixcontact fl_switch_2404-2tc-2sfx_firmware *
phoenixcontact fl_switch_2516_firmware *
phoenixcontact fl_switch_2316_pn_firmware *
phoenixcontact fl_switch_2608_pn_firmware *
phoenixcontact fl_switch_2306-2sfp_pn_firmware *
phoenixcontact fl_switch_2506-2sfp_pn_firmware *
phoenixcontact fl_switch_2406-2sfx_firmware *
CVE-2025-41750

An XSS vulnerability in pxc_PortCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management (WBM). The vulnerability does not provide access to system-level resources such as operating system internals or privileged functions. Access is limited to device configuration parameters that are available in the context of the web application. The session cookie is secured by the httpOnly Flag. Therefore an attacker is not able to take over the session of an authenticated user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 7.1 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L 2.8 3.7

Products Affected

Vendor Product Version
phoenixcontact fl_nat_2304-2gc-2sfp_firmware *
phoenixcontact fl_switch_2508_firmware *
phoenixcontact fl_switch_2207-fx_sm_firmware *
phoenixcontact fl_switch_2208c_firmware *
phoenixcontact fl_nat_2208_firmware *
phoenixcontact fl_switch_2206-2fx_st_firmware *
phoenixcontact fl_switch_2504-2gc-2sfp_firmware *
phoenixcontact fl_switch_2214-2fx_firmware *
phoenixcontact fl_switch_2414-2sfx_pn_firmware *
phoenixcontact fl_switch_2208_pn_firmware *
phoenixcontact fl_switch_2304-2gc-2sfp_firmware *
phoenixcontact fl_switch_2514-2sfp_firmware *
phoenixcontact fl_switch_2316/k1_firmware *
phoenixcontact fl_switch_2214-2sfx_pn_firmware *
phoenixcontact fl_switch_2408_pn_firmware *
phoenixcontact fl_switch_2008f_firmware *
phoenixcontact fl_switch_2206-2fx_sm_st_firmware *
phoenixcontact fl_switch_2308_pn_firmware *
phoenixcontact fl_switch_2207-fx_firmware *
phoenixcontact fl_switch_2514-2sfp_pn_firmware *
phoenixcontact fl_switch_2312-2gc-2sfp_firmware *
phoenixcontact fl_switch_2205_firmware *
phoenixcontact fl_switch_2206-2fx_firmware *
phoenixcontact fl_switch_2506-2sfp_firmware *
phoenixcontact fl_switch_2314-2sfp_firmware *
phoenixcontact fl_switch_2212-2tc-2sfx_firmware *
phoenixcontact fl_switch_2206c-2fx_firmware *
phoenixcontact fl_switch_2108_firmware *
phoenixcontact fl_nat_2008_firmware *
phoenixcontact fl_switch_2216_pn_firmware *
phoenixcontact fl_switch_2206-2sfx_pn_firmware *
phoenixcontact fl_switch_2508_pn_firmware *
phoenixcontact fl_switch_2512-2gc-2sfp_firmware *
phoenixcontact fl_switch_2204-2tc-2sfx_firmware *
phoenixcontact fl_switch_2608_firmware *
phoenixcontact fl_switch_2308_firmware *
phoenixcontact fl_switch_2016_firmware *
phoenixcontact fl_switch_2508/k1_firmware *
phoenixcontact fl_switch_2416_pn_firmware *
phoenixcontact fl_switch_2406-2sfx_pn_firmware *
phoenixcontact fl_switch_2316_firmware *
phoenixcontact fl_switch_2214-2fx_sm_firmware *
phoenixcontact fl_switch_2008_firmware *
phoenixcontact fl_switch_2206-2sfx_firmware *
phoenixcontact fl_switch_2306-2sfp_firmware *
phoenixcontact fl_switch_2303-8sp1 *
phoenixcontact fl_switch_2116_firmware *
phoenixcontact fl_switch_2005_firmware *
phoenixcontact fl_switch_2416_firmware *
phoenixcontact fl_switch_2214-2sfx_firmware *
phoenixcontact fl_switch_2105_firmware *
phoenixcontact fl_switch_2208_firmware *
phoenixcontact fl_switch_2414-2sfx_firmware *
phoenixcontact fl_switch_2314-2sfp_pn_firmware *
phoenixcontact fl_switch_2516_pn_firmware *
phoenixcontact fl_switch_2708_pn_firmware *
phoenixcontact fl_switch_2708_firmware *
phoenixcontact fl_switch_2206-2fx_sm_firmware *
phoenixcontact fl_switch_2216_firmware *
phoenixcontact fl_switch_2506-2sfp/k1_firmware *
phoenixcontact fl_switch_2408_firmware *
phoenixcontact fl_switch_2412-2tc-2sfx_firmware *
phoenixcontact fl_switch_2404-2tc-2sfx_firmware *
phoenixcontact fl_switch_2516_firmware *
phoenixcontact fl_switch_2316_pn_firmware *
phoenixcontact fl_switch_2608_pn_firmware *
phoenixcontact fl_switch_2306-2sfp_pn_firmware *
phoenixcontact fl_switch_2506-2sfp_pn_firmware *
phoenixcontact fl_switch_2406-2sfx_firmware *
CVE-2025-41751

An XSS vulnerability in pxc_portCntr.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management (WBM). The vulnerability does not provide access to system-level resources such as operating system internals or privileged functions. Access is limited to device configuration parameters that are available in the context of the web application. The session cookie is secured by the httpOnly Flag. Therefore an attacker is not able to take over the session of an authenticated user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 7.1 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L 2.8 3.7

Products Affected

Vendor Product Version
phoenixcontact fl_nat_2304-2gc-2sfp_firmware *
phoenixcontact fl_switch_2508_firmware *
phoenixcontact fl_switch_2207-fx_sm_firmware *
phoenixcontact fl_switch_2208c_firmware *
phoenixcontact fl_nat_2208_firmware *
phoenixcontact fl_switch_2206-2fx_st_firmware *
phoenixcontact fl_switch_2504-2gc-2sfp_firmware *
phoenixcontact fl_switch_2214-2fx_firmware *
phoenixcontact fl_switch_2414-2sfx_pn_firmware *
phoenixcontact fl_switch_2208_pn_firmware *
phoenixcontact fl_switch_2304-2gc-2sfp_firmware *
phoenixcontact fl_switch_2514-2sfp_firmware *
phoenixcontact fl_switch_2316/k1_firmware *
phoenixcontact fl_switch_2214-2sfx_pn_firmware *
phoenixcontact fl_switch_2408_pn_firmware *
phoenixcontact fl_switch_2008f_firmware *
phoenixcontact fl_switch_2206-2fx_sm_st_firmware *
phoenixcontact fl_switch_2308_pn_firmware *
phoenixcontact fl_switch_2207-fx_firmware *
phoenixcontact fl_switch_2514-2sfp_pn_firmware *
phoenixcontact fl_switch_2312-2gc-2sfp_firmware *
phoenixcontact fl_switch_2205_firmware *
phoenixcontact fl_switch_2206-2fx_firmware *
phoenixcontact fl_switch_2506-2sfp_firmware *
phoenixcontact fl_switch_2314-2sfp_firmware *
phoenixcontact fl_switch_2212-2tc-2sfx_firmware *
phoenixcontact fl_switch_2206c-2fx_firmware *
phoenixcontact fl_switch_2108_firmware *
phoenixcontact fl_nat_2008_firmware *
phoenixcontact fl_switch_2216_pn_firmware *
phoenixcontact fl_switch_2206-2sfx_pn_firmware *
phoenixcontact fl_switch_2508_pn_firmware *
phoenixcontact fl_switch_2512-2gc-2sfp_firmware *
phoenixcontact fl_switch_2204-2tc-2sfx_firmware *
phoenixcontact fl_switch_2608_firmware *
phoenixcontact fl_switch_2308_firmware *
phoenixcontact fl_switch_2016_firmware *
phoenixcontact fl_switch_2508/k1_firmware *
phoenixcontact fl_switch_2416_pn_firmware *
phoenixcontact fl_switch_2406-2sfx_pn_firmware *
phoenixcontact fl_switch_2316_firmware *
phoenixcontact fl_switch_2214-2fx_sm_firmware *
phoenixcontact fl_switch_2008_firmware *
phoenixcontact fl_switch_2206-2sfx_firmware *
phoenixcontact fl_switch_2306-2sfp_firmware *
phoenixcontact fl_switch_2303-8sp1 *
phoenixcontact fl_switch_2116_firmware *
phoenixcontact fl_switch_2005_firmware *
phoenixcontact fl_switch_2416_firmware *
phoenixcontact fl_switch_2214-2sfx_firmware *
phoenixcontact fl_switch_2105_firmware *
phoenixcontact fl_switch_2208_firmware *
phoenixcontact fl_switch_2414-2sfx_firmware *
phoenixcontact fl_switch_2314-2sfp_pn_firmware *
phoenixcontact fl_switch_2516_pn_firmware *
phoenixcontact fl_switch_2708_pn_firmware *
phoenixcontact fl_switch_2708_firmware *
phoenixcontact fl_switch_2206-2fx_sm_firmware *
phoenixcontact fl_switch_2216_firmware *
phoenixcontact fl_switch_2506-2sfp/k1_firmware *
phoenixcontact fl_switch_2408_firmware *
phoenixcontact fl_switch_2412-2tc-2sfx_firmware *
phoenixcontact fl_switch_2404-2tc-2sfx_firmware *
phoenixcontact fl_switch_2516_firmware *
phoenixcontact fl_switch_2316_pn_firmware *
phoenixcontact fl_switch_2608_pn_firmware *
phoenixcontact fl_switch_2306-2sfp_pn_firmware *
phoenixcontact fl_switch_2506-2sfp_pn_firmware *
phoenixcontact fl_switch_2406-2sfx_firmware *
CVE-2025-41752

An XSS vulnerability in pxc_portSfp.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management (WBM). The vulnerability does not provide access to system-level resources such as operating system internals or privileged functions. Access is limited to device configuration parameters that are available in the context of the web application. The session cookie is secured by the httpOnly Flag. Therefore an attacker is not able to take over the session of an authenticated user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 7.1 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L 2.8 3.7

Products Affected

Vendor Product Version
phoenixcontact fl_nat_2304-2gc-2sfp_firmware *
phoenixcontact fl_switch_2508_firmware *
phoenixcontact fl_switch_2207-fx_sm_firmware *
phoenixcontact fl_switch_2208c_firmware *
phoenixcontact fl_nat_2208_firmware *
phoenixcontact fl_switch_2206-2fx_st_firmware *
phoenixcontact fl_switch_2504-2gc-2sfp_firmware *
phoenixcontact fl_switch_2214-2fx_firmware *
phoenixcontact fl_switch_2414-2sfx_pn_firmware *
phoenixcontact fl_switch_2208_pn_firmware *
phoenixcontact fl_switch_2304-2gc-2sfp_firmware *
phoenixcontact fl_switch_2514-2sfp_firmware *
phoenixcontact fl_switch_2316/k1_firmware *
phoenixcontact fl_switch_2214-2sfx_pn_firmware *
phoenixcontact fl_switch_2408_pn_firmware *
phoenixcontact fl_switch_2008f_firmware *
phoenixcontact fl_switch_2206-2fx_sm_st_firmware *
phoenixcontact fl_switch_2308_pn_firmware *
phoenixcontact fl_switch_2207-fx_firmware *
phoenixcontact fl_switch_2514-2sfp_pn_firmware *
phoenixcontact fl_switch_2312-2gc-2sfp_firmware *
phoenixcontact fl_switch_2205_firmware *
phoenixcontact fl_switch_2206-2fx_firmware *
phoenixcontact fl_switch_2506-2sfp_firmware *
phoenixcontact fl_switch_2314-2sfp_firmware *
phoenixcontact fl_switch_2212-2tc-2sfx_firmware *
phoenixcontact fl_switch_2206c-2fx_firmware *
phoenixcontact fl_switch_2108_firmware *
phoenixcontact fl_nat_2008_firmware *
phoenixcontact fl_switch_2216_pn_firmware *
phoenixcontact fl_switch_2206-2sfx_pn_firmware *
phoenixcontact fl_switch_2508_pn_firmware *
phoenixcontact fl_switch_2512-2gc-2sfp_firmware *
phoenixcontact fl_switch_2204-2tc-2sfx_firmware *
phoenixcontact fl_switch_2608_firmware *
phoenixcontact fl_switch_2308_firmware *
phoenixcontact fl_switch_2016_firmware *
phoenixcontact fl_switch_2508/k1_firmware *
phoenixcontact fl_switch_2416_pn_firmware *
phoenixcontact fl_switch_2406-2sfx_pn_firmware *
phoenixcontact fl_switch_2316_firmware *
phoenixcontact fl_switch_2214-2fx_sm_firmware *
phoenixcontact fl_switch_2008_firmware *
phoenixcontact fl_switch_2206-2sfx_firmware *
phoenixcontact fl_switch_2306-2sfp_firmware *
phoenixcontact fl_switch_2303-8sp1 *
phoenixcontact fl_switch_2116_firmware *
phoenixcontact fl_switch_2005_firmware *
phoenixcontact fl_switch_2416_firmware *
phoenixcontact fl_switch_2214-2sfx_firmware *
phoenixcontact fl_switch_2105_firmware *
phoenixcontact fl_switch_2208_firmware *
phoenixcontact fl_switch_2414-2sfx_firmware *
phoenixcontact fl_switch_2314-2sfp_pn_firmware *
phoenixcontact fl_switch_2516_pn_firmware *
phoenixcontact fl_switch_2708_pn_firmware *
phoenixcontact fl_switch_2708_firmware *
phoenixcontact fl_switch_2206-2fx_sm_firmware *
phoenixcontact fl_switch_2216_firmware *
phoenixcontact fl_switch_2506-2sfp/k1_firmware *
phoenixcontact fl_switch_2408_firmware *
phoenixcontact fl_switch_2412-2tc-2sfx_firmware *
phoenixcontact fl_switch_2404-2tc-2sfx_firmware *
phoenixcontact fl_switch_2516_firmware *
phoenixcontact fl_switch_2316_pn_firmware *
phoenixcontact fl_switch_2608_pn_firmware *
phoenixcontact fl_switch_2306-2sfp_pn_firmware *
phoenixcontact fl_switch_2506-2sfp_pn_firmware *
phoenixcontact fl_switch_2406-2sfx_firmware *