Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

PHOENIX CONTACT — Vulnerabilities & Security Advisories 143

Browse all 143 CVE security advisories affecting PHOENIX CONTACT. AI-powered Chinese analysis, POCs, and references for each vulnerability.

PHOENIX CONTACT specializes in industrial automation, electrical engineering, and electronics, providing critical infrastructure components such as programmable logic controllers, power supplies, and industrial networking devices. With 142 recorded CVEs, the company’s software ecosystem has historically been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities. These flaws often stem from inadequate input validation in web-based management interfaces or insecure default configurations in embedded systems. Notable incidents include exploitable authentication bypasses and buffer overflow errors that could allow attackers to gain unauthorized control over industrial control systems. The high volume of vulnerabilities suggests persistent challenges in securing legacy firmware and web applications. While the hardware itself is robust, the associated software layers require rigorous patching and secure coding practices to mitigate risks in operational technology environments.

Top products by PHOENIX CONTACT: FL SWITCH 2005 CHARX SEC-3000 FL MGUARD 2102 WP 6070-WVPS CHARX SEC-3150 WHA-GW-F2D2-0-AS- Z2-ETH AXC F 1152 QUINT4-UPS/24DC/24DC/5/EIP AXC F 1152 (1151412) Phoenix Contact ILC PLCs FL SWITCH Automation Worx Software Suite MULTIPROG FL MGUARD Automation Worx CLOUD CLIENT 1101T-TX/TX Config+ RAD-ISM-900-EN-BD/B ENERGY AXC PU (1264327) CHARX SEC-3000 (1139022) ILC 131 TC ROUTER 3002T-3G AXL F BK PN TPS DaUM ProConOs FL MGUARD CENTERPORT ILC 1x0 PC Worx FL MGUARD DM (2981974) AXC F
CVE IDTitleCVSSSeverityPublished
CVE-2024-43384 Phoenix Contact: Improper removal of sensitive information in MGUARD products — FL MGUARD 2102CWE-212 8.0 High2026-05-07
CVE-2026-22323 Cross‑Site Request Forgery in Link Aggregation Configuration — FL SWITCH 2005CWE-352 7.1 High2026-03-18
CVE-2026-22322 Stored Cross‑Site Scripting in Link Aggregation Name Handling — FL SWITCH 2005CWE-79 7.1 High2026-03-18
CVE-2026-22321 Stack-Based Buffer Overflow in CLI Login Username Handling over CLI — FL SWITCH 2005CWE-121 5.3 Medium2026-03-18
CVE-2026-22320 Stack-Based Buffer Overflow in TFTP File-Transfer Command Handling over CLI — FL SWITCH 2005CWE-121 6.5 Medium2026-03-18
CVE-2026-22319 Stack-Based Buffer Overflow in File Install Parameter Handling — FL SWITCH 2005CWE-121 4.9 Medium2026-03-18
CVE-2026-22318 Stack-Based Buffer Overflow in File Transfer Parameter Handling — FL SWITCH 2005CWE-121 4.9 Medium2026-03-18
CVE-2026-22317 Command Injection Vulnerability in Root CA Certificate Transfer Workflow — FL SWITCH 2005CWE-77 7.2 High2026-03-18
CVE-2026-22316 Buffer Overflow using TFTP Filename — FL SWITCH 2005CWE-121 6.5 Medium2026-03-18
CVE-2025-41717 Config-Upload Code Injection — TC ROUTER 3002T-3GCWE-94 8.8 High2026-01-13
CVE-2025-41693 Authenticated Denial-of-Service via SSH — FL SWITCH 2005CWE-770 4.3 Medium2025-12-09
CVE-2025-41696 Hardcoded User Password — FL SWITCH 2005CWE-798 4.6 Medium2025-12-09
CVE-2025-41694 Authenticated Denial-of-Service via Webshell — FL SWITCH 2005CWE-770 6.5 Medium2025-12-09
CVE-2025-41692 Weak/Predictable root Password — FL SWITCH 2005CWE-916 6.8 Medium2025-12-09
CVE-2025-41697 Shell access to UART Console — FL SWITCH 2005CWE-1299 6.8 Medium2025-12-09
CVE-2025-41695 Reflected XSS vulnerability in dyn_conn.php — FL SWITCH 2005CWE-79 7.1 High2025-12-09
CVE-2025-41745 Reflected XSS vulnerability in pxc_portCntr2.php — FL SWITCH 2005CWE-79 7.1 High2025-12-09
CVE-2025-41746 Reflected XSS vulnerability in pxc_portSecCfg.php — FL SWITCH 2005CWE-79 7.1 High2025-12-09
CVE-2025-41747 Reflected XSS vulnerability in pxc_vlanIntfCfg.php — FL SWITCH 2005CWE-79 7.1 High2025-12-09
CVE-2025-41748 Reflected XSS vulnerability in pxc_Dot1xCfg.php — FL SWITCH 2005CWE-79 7.1 High2025-12-09
CVE-2025-41749 Reflected XSS vulnerability in port_util.php — FL SWITCH 2005CWE-79 7.1 High2025-12-09
CVE-2025-41750 Reflected XSS vulnerability in pxc_PortCfg.php — FL SWITCH 2005CWE-79 7.1 High2025-12-09
CVE-2025-41751 Reflected XSS vulnerability in pxc_portCntr.php — FL SWITCH 2005CWE-79 7.1 High2025-12-09
CVE-2025-41752 Reflected XSS vulnerability in pxc_portSfp.php — FL SWITCH 2005CWE-79 7.1 High2025-12-09
CVE-2025-41699 Phoenix Contact: Security Advisory for CHARX SEC-3xxx charging controllers — CHARX SEC-3150CWE-94 8.8 High2025-10-14
CVE-2025-41707 Phoenix Contact: WebSocket Handler Denial of Service — QUINT4-UPS/24DC/24DC/5/EIPCWE-120 5.3 Medium2025-10-14
CVE-2025-41706 Phoenix Contact: Webserver Denial of Service through Malformed Content-Length — QUINT4-UPS/24DC/24DC/5/EIPCWE-120 5.3 Medium2025-10-14
CVE-2025-41705 Phoenix Contact: WebSocket Message Interception Leaks Webfrontend Credentials — QUINT4-UPS/24DC/24DC/5/EIPCWE-523 6.8 Medium2025-10-14
CVE-2025-41704 Phoenix Contact: Unauthenticated Modbus Service DoS via Crafted Function Code — QUINT4-UPS/24DC/24DC/5/EIPCWE-770 5.3 Medium2025-10-14
CVE-2025-41703 Phoenix Contact: UPS Shutdown via Unauthenticated Modbus Command — QUINT4-UPS/24DC/24DC/5/EIPCWE-306 7.5 High2025-10-14

This page lists every published CVE security advisory associated with PHOENIX CONTACT. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.