Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Phoenix Contact — Vulnerabilities & Security Advisories 143

Browse all 143 CVE security advisories affecting Phoenix Contact. AI-powered Chinese analysis, POCs, and references for each vulnerability.

PHOENIX CONTACT specializes in industrial automation, electrical engineering, and electronics, providing critical infrastructure components such as programmable logic controllers, power supplies, and industrial networking devices. With 142 recorded CVEs, the company’s software ecosystem has historically been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities. These flaws often stem from inadequate input validation in web-based management interfaces or insecure default configurations in embedded systems. Notable incidents include exploitable authentication bypasses and buffer overflow errors that could allow attackers to gain unauthorized control over industrial control systems. The high volume of vulnerabilities suggests persistent challenges in securing legacy firmware and web applications. While the hardware itself is robust, the associated software layers require rigorous patching and secure coding practices to mitigate risks in operational technology environments.

Top products by Phoenix Contact: FL SWITCH 2005 CHARX SEC-3000 FL MGUARD 2102 WP 6070-WVPS CHARX SEC-3150 WHA-GW-F2D2-0-AS- Z2-ETH AXC F 1152 QUINT4-UPS/24DC/24DC/5/EIP AXC F 1152 (1151412) Phoenix Contact ILC PLCs FL SWITCH Automation Worx Software Suite MULTIPROG FL MGUARD Automation Worx CLOUD CLIENT 1101T-TX/TX Config+ RAD-ISM-900-EN-BD/B ENERGY AXC PU (1264327) CHARX SEC-3000 (1139022) ILC 131 TC ROUTER 3002T-3G AXL F BK PN TPS DaUM ProConOs FL MGUARD CENTERPORT ILC 1x0 PC Worx FL MGUARD DM (2981974) AXC F
CVE IDTitleCVSSSeverityPublished
CVE-2025-41686 Improper File Permissions Allow Local Privilege Escalation — DaUMCWE-306 7.8 High2025-08-12
CVE-2025-2813 HTTP Service DoS Vulnerability — AXL F BK PN TPSCWE-770 7.5 High2025-07-31
CVE-2025-41668 Phoenix Contact: File access due to the replacement of a critical file used by the service security-profile — AXC F 1152CWE-59 8.8 High2025-07-08
CVE-2025-41667 Phoenix Contact: File access due to the replacement of a critical file used by the arp-preinit script — AXC F 1152CWE-59 8.8 High2025-07-08
CVE-2025-41666 Phoenix Contact: File access due to the replacement of a critical file used by the watchdog — AXC F 1152CWE-59 8.8 High2025-07-08
CVE-2025-41665 Phoenix Contact: DoS of the PLC due to incorrect default permissions possible — AXC F 1152CWE-276 6.5 Medium2025-07-08
CVE-2025-25271 OCPP Backend Configuration via Insecure Defaults — CHARX SEC-3150CWE-1188 8.8 High2025-07-08
CVE-2025-25270 Remote Code Execution via Unauthenticated Configuration Manipulation — CHARX SEC-3150CWE-913 9.8 Critical2025-07-08
CVE-2025-25269 Local Privilege Escalation via Unauthenticated Command Injection — CHARX SEC-3150CWE-78 8.4 High2025-07-08
CVE-2025-25268 Unauthenticated Configuration Access via Exposed API Endpoint — CHARX SEC-3150CWE-306 8.8 High2025-07-08
CVE-2025-24006 Privilege Escalation via Insecure SSH Permissions — CHARX SEC-3150CWE-269 7.8 High2025-07-08
CVE-2025-24005 Local Privilege Escalation via Vulnerable SSH Script — CHARX SEC-3150CWE-20 7.8 High2025-07-08
CVE-2025-24004 USB-C Buffer Overflow via Display Interface in EV Charging Stations — CHARX SEC-3150CWE-120 5.2 Medium2025-07-08
CVE-2025-24003 MQTT OOB Write Vulnerability in EichrechtAgents of German EV Charging Stations — CHARX SEC-3150CWE-120 8.2 High2025-07-08
CVE-2025-24002 MQTT DoS Vulnerability in German EV Charging Stations — CHARX SEC-3150CWE-20 5.3 Medium2025-07-08
CVE-2018-25112 PHOENIX CONTACT: ILC 1x1 ETH Denial of Service — ILC 131CWE-770 7.5 High2025-06-04
CVE-2024-11497 Phoenix Contact: CHARX-SEC3xxx Charge controllers vulnerable to privilege escalation — CHARX SEC-3000CWE-732 8.8 High2025-01-14
CVE-2024-43393 Phoenix Contact: Configuration changes of the firewall services can lead to DoS in MGUARD devices — FL MGUARD 2102CWE-94 8.1 High2024-09-10
CVE-2024-43392 Phoenix Contact: Firewall reconfiguration through the FW_environment variables in MGUARD devices — FL MGUARD 2102CWE-94 8.1 High2024-09-10
CVE-2024-43391 Phoenix Contact: Firewall reconfiguration through the FW_PORTFORWARDING.SRC_IP in MGUARD devices — FL MGUARD 2102CWE-94 8.1 High2024-09-10
CVE-2024-43390 Phoenix Contact: Firewall reconfiguration due to improper input validation in MGUARD devices — FL MGUARD 2102CWE-94 8.1 High2024-09-10
CVE-2024-43389 Phoenix Contact: OSPF reconfiguration due to improper input validation in MGUARD devices — FL MGUARD 2102CWE-94 8.1 High2024-09-10
CVE-2024-43388 Phoenix Contact: SNMP reconfiguration due to improper input validation in MGUARD devices — FL MGUARD 2102CWE-94 8.8 High2024-09-10
CVE-2024-43387 Phoenix Contact: Access files due to improper neutralization of special elements in MGUARD devices — FL MGUARD 2102CWE-78 8.8 High2024-09-10
CVE-2024-43386 Phoenix Contact: OS command execution through EMAIL_NOTIFICATION.TO in mGuard devices. — FL MGUARD 2102CWE-78 8.8 High2024-09-10
CVE-2024-43385 Phoenix Contact: OS command execution through PROXY_HTTP_PORT in mGuard devices — FL MGUARD 2102CWE-78 8.8 High2024-09-10
CVE-2024-7699 Phoenix Contact: OS command execution in MGUARD products — FL MGUARD 2102CWE-78 8.8 High2024-09-10
CVE-2024-7698 Phoenix Contact: Access to CSRF tokens of higher privileged users in MGUARD products — FL MGUARD 2102CWE-201 5.7 Medium2024-09-10
CVE-2024-7734 Phoenix Contact: Multiple mGuard devices are vulnerable to a drain of open file descriptors. — FL MGUARD 2102CWE-770 5.3 Medium2024-09-10
CVE-2024-6788 Phoenix Contact: update feature from CHARX controller can be used to reset a low privilege user password — CHARX SEC-3000CWE-1392 8.6 High2024-08-13

This page lists every published CVE security advisory associated with Phoenix Contact. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.