Phoenix Contact: Multiple Vulnerabilities in FL SWITCH 2xxx Firmware

Plan Patch7.1VDE-2025-071Dec 9, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Multiple vulnerabilities in FL SWITCH 2xxx firmware (versions prior to 3.50) and related FL NAT devices include: (1) unauthenticated file system access vulnerabilities (CVE-2025-41692, CVE-2025-41696) allowing attackers to read or manipulate switch configuration; (2) denial-of-service flaws (CVE-2025-41693, CVE-2025-41694) that degrade switch functionality; (3) unauthenticated physical UART shell access (CVE-2025-41697) via an undocumented serial port; and (4) reflected cross-site scripting vulnerabilities in the web management interface. All vulnerabilities are resolved in firmware 3.50.

What this means

What could happen

An attacker could access the switch's file system remotely without authentication, trigger denial-of-service conditions that limit switch functionality, or exploit physical UART access to gain an unauthenticated login shell. Web interface vulnerabilities could allow attackers to execute scripts in management sessions.

Who's at risk

Water utilities, municipalities, and industrial facilities operating FL SWITCH 2xxx series managed switches and FL NAT network address translation devices. Any organization relying on these switches for process network connectivity, SCADA communication, or industrial control system connectivity should prioritize patching.

How it could be exploited

An attacker with network access to the switch's web interface could exploit file system access vulnerabilities (CVE-2025-41692, CVE-2025-41696) to read or manipulate configuration. Alternatively, they could trigger DoS attacks (CVE-2025-41693, CVE-2025-41694) from the network to degrade switch performance. A physical attacker with access to the device could connect to an undocumented UART port to gain unauthenticated shell access (CVE-2025-41697).

Prerequisites

Network access to the switch web interface (port 80/443)
Physical access to device UART port (for CVE-2025-41697)
No authentication required for file system and DoS vulnerabilities

remotely exploitableno authentication requiredlow complexityaffects network infrastructurephysical UART access alternative vector

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (69)

69 with fix

ProductAffected VersionsFix Status

FL SWITCH 2005< 3.503.50

FL SWITCH 2008< 3.503.50

FL SWITCH 2016< 3.503.50

FL SWITCH 2105< 3.503.50

FL SWITCH 2108< 3.503.50

Remediation & Mitigation

0/5

Do now

0/1

WORKAROUNDRestrict network access to switch management interfaces (HTTP/HTTPS) to trusted engineering workstations only using firewall rules

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate all FL SWITCH 2xxx and FL NAT devices to firmware version 3.50 or later

HARDENINGDisable web-based management on the switch if not actively used for operations

Long-term hardening

0/2

HARDENINGImplement physical security controls to prevent unauthorized access to device serial ports and UART interfaces

HARDENINGSegment network switches from general IT networks and ensure access is limited to the industrial network only

CVEs (14)

CVE-2025-41692 CVE-2025-41693 CVE-2025-41694 CVE-2025-41695 CVE-2025-41745 CVE-2025-41746 CVE-2025-41747 CVE-2025-41748 CVE-2025-41749 CVE-2025-41750 CVE-2025-41751 CVE-2025-41752 CVE-2025-41696 CVE-2025-41697

View full CERT@VDE advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/f78be32d-eb28-4836-ae24-03602c156b77