CVE-2025-41751

Summary

An XSS vulnerability in pxc_portCntr.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management (WBM). The vulnerability does not provide access to system-level resources such as operating system internals or privileged functions. Access is limited to device configuration parameters that are available in the context of the web application. The session cookie is secured by the httpOnly Flag. Therefore an attacker is not able to take over the session of an authenticated user.

Affected Software

VendorProductVersion RangeStatus
Phoenix ContactFL SWITCH 20050.0.0 < 3.50affected
Phoenix ContactFL SWITCH 20080.0.0 < 3.50affected
Phoenix ContactFL SWITCH 20160.0.0 < 3.50affected
Phoenix ContactFL SWITCH 21050.0.0 < 3.50affected
Phoenix ContactFL SWITCH 21080.0.0 < 3.50affected
Phoenix ContactFL SWITCH 21160.0.0 < 3.50affected
Phoenix ContactFL SWITCH 2204-2TC-2SFX0.0.0 < 3.50affected
Phoenix ContactFL SWITCH 22050.0.0 < 3.50affected
Phoenix ContactFL SWITCH 2206-2FX0.0.0 < 3.50affected
Phoenix ContactFL SWITCH 2206-2FX SM0.0.0 < 3.50affected
Phoenix ContactFL SWITCH 2206-2FX SM ST0.0.0 < 3.50affected
Phoenix ContactFL SWITCH 2206-2FX ST0.0.0 < 3.50affected
Phoenix ContactFL SWITCH 2206-2SFX0.0.0 < 3.50affected
Phoenix ContactFL SWITCH 2206-2SFX PN0.0.0 < 3.50affected
Phoenix ContactFL SWITCH 2206C-2FX0.0.0 < 3.50affected
Phoenix ContactFL SWITCH 2207-FX0.0.0 < 3.50affected
Phoenix ContactFL SWITCH 2207-FX SM0.0.0 < 3.50affected
Phoenix ContactFL SWITCH 22080.0.0 < 3.50affected
Phoenix ContactFL SWITCH 2208 PN0.0.0 < 3.50affected
Phoenix ContactFL SWITCH 2208C0.0.0 < 3.50affected
Phoenix ContactFL SWITCH 2212-2TC-2SFX0.0.0 < 3.50affected
Phoenix ContactFL SWITCH 2214-2FX0.0.0 < 3.50affected
Phoenix ContactFL SWITCH 2214-2FX SM0.0.0 < 3.50affected
Phoenix ContactFL SWITCH 2214-2SFX0.0.0 < 3.50affected
Phoenix ContactFL SWITCH 2214-2SFX PN0.0.0 < 3.50affected
Phoenix ContactFL SWITCH 22160.0.0 < 3.50affected
Phoenix ContactFL SWITCH 2216 PN0.0.0 < 3.50affected
Phoenix ContactFL SWITCH 2304-2GC-2SFP0.0.0 < 3.50affected
Phoenix ContactFL SWITCH 2306-2SFP0.0.0 < 3.50affected
Phoenix ContactFL SWITCH 2306-2SFP PN0.0.0 < 3.50affected
Phoenix ContactFL SWITCH 23080.0.0 < 3.50affected
Phoenix ContactFL SWITCH 2308 PN0.0.0 < 3.50affected
Phoenix ContactFL SWITCH 2312-2GC-2SFP0.0.0 < 3.50affected
Phoenix ContactFL SWITCH 2314-2SFP0.0.0 < 3.50affected
Phoenix ContactFL SWITCH 2314-2SFP PN0.0.0 < 3.50affected
Phoenix ContactFL SWITCH 23160.0.0 < 3.50affected
Phoenix ContactFL SWITCH 2316 PN0.0.0 < 3.50affected
Phoenix ContactFL SWITCH 2404-2TC-2SFX0.0.0 < 3.50affected
Phoenix ContactFL SWITCH 2406-2SFX0.0.0 < 3.50affected
Phoenix ContactFL SWITCH 2406-2SFX PN0.0.0 < 3.50affected
Phoenix ContactFL SWITCH 24080.0.0 < 3.50affected
Phoenix ContactFL SWITCH 2408 PN0.0.0 < 3.50affected
Phoenix ContactFL SWITCH 2412-2TC-2SFX0.0.0 < 3.50affected
Phoenix ContactFL SWITCH 2414-2SFX0.0.0 < 3.50affected
Phoenix ContactFL SWITCH 2414-2SFX PN0.0.0 < 3.50affected
Phoenix ContactFL SWITCH 24160.0.0 < 3.50affected
Phoenix ContactFL SWITCH 2416 PN0.0.0 < 3.50affected
Phoenix ContactFL SWITCH 2504-2GC-2SFP0.0.0 < 3.50affected
Phoenix ContactFL SWITCH 2506-2SFP0.0.0 < 3.50affected
Phoenix ContactFL SWITCH 2506-2SFP PN0.0.0 < 3.50affected
Phoenix ContactFL SWITCH 25080.0.0 < 3.50affected
Phoenix ContactFL SWITCH 2508 PN0.0.0 < 3.50affected
Phoenix ContactFL SWITCH 2512-2GC-2SFP0.0.0 < 3.50affected
Phoenix ContactFL SWITCH 2514-2SFP0.0.0 < 3.50affected
Phoenix ContactFL SWITCH 2514-2SFP PN0.0.0 < 3.50affected
Phoenix ContactFL SWITCH 25160.0.0 < 3.50affected
Phoenix ContactFL SWITCH 2516 PN0.0.0 < 3.50affected
Phoenix ContactFL SWITCH 26080.0.0 < 3.50affected
Phoenix ContactFL SWITCH 2608 PN0.0.0 < 3.50affected
Phoenix ContactFL SWITCH 27080.0.0 < 3.50affected
Phoenix ContactFL SWITCH 2708 PN0.0.0 < 3.50affected
Phoenix ContactFL SWITCH 2303-8SP10.0.0 < 3.50affected
Phoenix ContactFL NAT 20080.0.0 < 3.50affected
Phoenix ContactFL NAT 22080.0.0 < 3.50affected
Phoenix ContactFL NAT 2304-2GC-2SFP0.0.0 < 3.50affected
Phoenix ContactFL SWITCH 2008F0.0.0 < 3.50affected
Phoenix ContactFL SWITCH 2316/K10.0.0 < 3.50affected
Phoenix ContactFL SWITCH 2506-2SFP/K10.0.0 < 3.50affected
Phoenix ContactFL SWITCH 2508/K10.0.0 < 3.50affected

Weaknesses

  • CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References