CVE-2025-41696

Medium CVSS: 4.6

An attacker can use an undocumented UART port on the PCB as a side-channel with the user hardcoded credentials obtained from CVE-2025-41692 to gain read access to parts of the filesystem of the device.

Vendor

Phoenixcontact

Product

Fl Switch 2708 Pn Firmware

CWE

CWE-798

Yayın Tarihi

2025-12-09 16:17:49

Güncelleme

2025-12-19 18:12:06

Source Identifier

info@cert.vde.com

KEV Date Added

Kategoriler

CWE-798 Fl Switch 2708 Pn Firmware MEDIUM Phoenixcontact 2025

Referanslar

https://certvde.com/de/advisories/VDE-2025-071

Benzer Kayıtlar

High

CVE-2025-41748

An XSS vulnerability in pxc_Dot1xCfg.php can be used by an unauthenticated remote attacker to trick an authenticated use…

High

CVE-2025-41749

An XSS vulnerability in port_util.php can be used by an unauthenticated remote attacker to trick an authenticated user t…

High

CVE-2025-41750

An XSS vulnerability in pxc_PortCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user…

High

CVE-2025-41751

An XSS vulnerability in pxc_portCntr.php can be used by an unauthenticated remote attacker to trick an authenticated use…

High

CVE-2025-41752

An XSS vulnerability in pxc_portSfp.php can be used by an unauthenticated remote attacker to trick an authenticated user…

Medium

CVE-2025-41697

An attacker can use an undocumented UART port on the PCB as a side-channel to get root access e.g. with the credentia…