CVE-2025-41692
BaseFortify
Publication date: 2025-12-09
Last updated on: 2025-12-09
Assigner: CERT VDE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| phoenix_contact | fl_switch | 3.50 |
| phoenix_contact | fl_switch | 2xxx |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-916 | The product generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability allows a high privileged remote attacker who already has admin privileges for the web user interface (webUI) to brute-force the 'root' and 'user' passwords of the underlying operating system. This is possible because the system uses a weak password generation algorithm, making it easier to guess or crack these passwords.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access to the underlying operating system by allowing an attacker to brute-force critical user passwords. This can compromise system security, potentially allowing the attacker to gain control over the system at the OS level, which can lead to data breaches or further exploitation.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability impacts the confidentiality of the device by allowing a high privileged remote attacker to brute-force OS passwords due to weak password hashing. Such unauthorized access to sensitive data could lead to non-compliance with standards and regulations like GDPR and HIPAA, which require protection of sensitive information. Therefore, the vulnerability poses a risk to compliance by potentially exposing confidential data. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can involve checking if devices in your network are running Phoenix Contact FL SWITCH 2xxx series firmware versions prior to 3.50, as these are vulnerable. Since the vulnerability involves weak password hashing allowing brute-force attacks on 'root' and 'user' OS passwords via the webUI, monitoring for repeated failed login attempts or unusual authentication patterns on the webUI could indicate exploitation attempts. Specific commands are not provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the firmware of affected Phoenix Contact FL SWITCH 2xxx devices to version 3.50 or later, where this vulnerability has been resolved. Additionally, monitoring and restricting access to the webUI and enforcing strong password policies can help reduce risk. [1]