OTPulse

Phoenix Contact: Security Advisory for QUINT4-UPS EIP

MonitorCVSS 7.5VDE-2025-072Oct 14, 2025
Phoenix Contact
Attack path
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Multiple vulnerabilities exist in the firmware of QUINT4-UPS EIP devices (versions VC:00 through VC:07). An unauthenticated remote attacker can perform Denial of Service attacks via specially crafted Modbus/TCP commands, causing device crashes that interrupt power to critical control systems. The attacker can also retrieve login credentials for the web management interface. The device firmware versions VC:00 through VC:07 are affected; Phoenix Contact will not patch existing firmware but will ship new units with VC:07 (which is also stated as affected, indicating the statement refers to future versions beyond VC:07).

What this means
What could happen
An unauthenticated attacker on your network can crash the QUINT4-UPS device, stopping the uninterruptible power supply to your critical control systems. They can also extract login credentials for the web interface to potentially gain remote access for further attacks.
Who's at risk
Water authorities and utilities operating QUINT4-UPS EIP uninterruptible power supply units for critical DC power to PLCs, RTUs, and control panels. Any facility using these devices in EtherNet/IP networks where the device is reachable from untrusted network segments.
How it could be exploited
An attacker sends specially crafted Modbus/TCP commands or HTTP requests over the network to the device without needing credentials. Modbus configuration commands can trigger resource exhaustion that crashes the device, or HTTP requests can extract stored credentials. The device is vulnerable if reachable from your network (even an internal network segment).
Prerequisites
  • Network access to Modbus/TCP port 502 or HTTP/HTTPS ports on the device
  • Device running firmware version VC:00 through VC:07
remotely exploitableno authentication requiredlow complexityno patch available (end-of-life firmware)affects critical power supply infrastructure
Exploitability
Unlikely to be exploited — EPSS score 0.2%
Affected products (8)
8 EOL
ProductAffected VersionsFix Status
QUINT4-UPS/24DC/24DC/5/EIP VC:00<VC:07VC:00<VC:07No fix (EOL)
QUINT4-UPS/24DC/24DC/10/EIP VC:00<VC:07VC:00<VC:07No fix (EOL)
QUINT4-UPS/24DC/24DC/20/EIP VC:00<VC:07VC:00<VC:07No fix (EOL)
QUINT4-UPS/24DC/24DC/40/EIP VC:00<VC:07VC:00<VC:07No fix (EOL)
QUINT4-UPS/24DC/24DC/5/EIP VC:07VC:07No fix (EOL)
QUINT4-UPS/24DC/24DC/10/EIP VC:07VC:07No fix (EOL)
QUINT4-UPS/24DC/24DC/20/EIP VC:07VC:07No fix (EOL)
QUINT4-UPS/24DC/24DC/40/EIP VC:07VC:07No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/1
WORKAROUNDRestrict network access to Modbus/TCP port 502 and HTTP/HTTPS ports on QUINT4-UPS devices using firewall rules; allow only authorized engineering workstations and control systems
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor for unauthorized Modbus configuration commands; log and alert on unexpected changes to device parameters
Mitigations - no patch available
0/2
The following products have reached End of Life with no planned fix: QUINT4-UPS/24DC/24DC/5/EIP VC:00<VC:07, QUINT4-UPS/24DC/24DC/10/EIP VC:00<VC:07, QUINT4-UPS/24DC/24DC/20/EIP VC:00<VC:07, QUINT4-UPS/24DC/24DC/40/EIP VC:00<VC:07, QUINT4-UPS/24DC/24DC/5/EIP VC:07, QUINT4-UPS/24DC/24DC/10/EIP VC:07, QUINT4-UPS/24DC/24DC/20/EIP VC:07, QUINT4-UPS/24DC/24DC/40/EIP VC:07. Apply the following compensating controls:
HARDENINGIsolate QUINT4-UPS devices to a closed, protected industrial control network segment; do not allow direct access from IT networks or the internet
HARDENINGImplement industrial firewall or network segmentation to enforce Modbus/TCP access control at the network boundary, not relying on device-level authentication
View full CERT@VDE advisory
API: /api/v1/advisories/c66b911c-2e3e-4ffc-8b9f-2610e537b92f

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.

Phoenix Contact: Security Advisory for QUINT4-UPS EIP | CVSS 7.5 - OTPulse