CVE-2025-41696
BaseFortify
Publication date: 2025-12-09
Last updated on: 2025-12-09
Assigner: CERT VDE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| phoenix_contact | fl_switch | 3.50 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-798 | The product contains hard-coded credentials, such as a password or cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves an attacker exploiting an undocumented UART port on the device's PCB as a side-channel. Using hardcoded user credentials obtained from a related vulnerability (CVE-2025-41692), the attacker can gain read access to parts of the device's filesystem.
How can this vulnerability impact me? :
The vulnerability allows an attacker to read sensitive parts of the device's filesystem without authorization, potentially exposing confidential data or system information, which could lead to further exploitation or data breaches.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, users should update the firmware of the affected Phoenix Contact FL SWITCH 2xxx series devices to version 3.50 or later, as this version resolves CVE-2025-41692 and related vulnerabilities. This update helps prevent unauthorized access via the undocumented UART port and hardcoded credentials. [1]