Vulnerability Details CVE-2025-41746
An XSS vulnerability in pxc_portSecCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management (WBM). The vulnerability does not provide access to system-level resources such as operating system internals or privileged functions. Access is limited to device configuration parameters that are available in the context of the web application. The session cookie is secured by the httpOnly Flag. Therefore an attacker is not able to take over the session of an authenticated user.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 25.8%
CVSS Severity
CVSS v3 Score 7.1
Products affected by CVE-2025-41746
-
cpe:2.3:h:phoenixcontact:fl_nat_2008:-
-
cpe:2.3:h:phoenixcontact:fl_nat_2208:-
-
cpe:2.3:h:phoenixcontact:fl_nat_2304-2gc-2sfp:-
-
cpe:2.3:h:phoenixcontact:fl_switch_2005:-
-
cpe:2.3:h:phoenixcontact:fl_switch_2008:-
-
cpe:2.3:h:phoenixcontact:fl_switch_2008f:-
-
cpe:2.3:h:phoenixcontact:fl_switch_2016:-
-
cpe:2.3:h:phoenixcontact:fl_switch_2105:-
-
cpe:2.3:h:phoenixcontact:fl_switch_2108:-
-
cpe:2.3:h:phoenixcontact:fl_switch_2116:-
-
cpe:2.3:h:phoenixcontact:fl_switch_2204-2tc-2sfx:-
-
cpe:2.3:h:phoenixcontact:fl_switch_2205:-
-
cpe:2.3:h:phoenixcontact:fl_switch_2206-2fx:-
-
cpe:2.3:h:phoenixcontact:fl_switch_2206-2fx_sm:-
-
cpe:2.3:h:phoenixcontact:fl_switch_2206-2fx_sm_st:-
-
cpe:2.3:h:phoenixcontact:fl_switch_2206-2fx_st:-
-
cpe:2.3:h:phoenixcontact:fl_switch_2206-2sfx:-
-
cpe:2.3:h:phoenixcontact:fl_switch_2206-2sfx_pn:-
-
cpe:2.3:h:phoenixcontact:fl_switch_2206c-2fx:-
-
cpe:2.3:h:phoenixcontact:fl_switch_2207-fx:-
-
cpe:2.3:h:phoenixcontact:fl_switch_2207-fx_sm:-
-
cpe:2.3:h:phoenixcontact:fl_switch_2208:-
-
cpe:2.3:h:phoenixcontact:fl_switch_2208_pn:-
-
cpe:2.3:h:phoenixcontact:fl_switch_2208c:-
-
cpe:2.3:h:phoenixcontact:fl_switch_2212-2tc-2sfx:-
-
cpe:2.3:h:phoenixcontact:fl_switch_2214-2fx:-
-
cpe:2.3:h:phoenixcontact:fl_switch_2214-2fx_sm:-
-
cpe:2.3:h:phoenixcontact:fl_switch_2214-2sfx:-
-
cpe:2.3:h:phoenixcontact:fl_switch_2214-2sfx_pn:-
-
cpe:2.3:h:phoenixcontact:fl_switch_2216:-
-
cpe:2.3:h:phoenixcontact:fl_switch_2216_pn:-
-
cpe:2.3:h:phoenixcontact:fl_switch_2303-8sp1:-
-
cpe:2.3:h:phoenixcontact:fl_switch_2304-2gc-2sfp:-
-
cpe:2.3:h:phoenixcontact:fl_switch_2306-2sfp:-
-
cpe:2.3:h:phoenixcontact:fl_switch_2306-2sfp_pn:-
-
cpe:2.3:h:phoenixcontact:fl_switch_2308:-
-
cpe:2.3:h:phoenixcontact:fl_switch_2308_pn:-
-
cpe:2.3:h:phoenixcontact:fl_switch_2312-2gc-2sfp:-
-
cpe:2.3:h:phoenixcontact:fl_switch_2314-2sfp:-
-
cpe:2.3:h:phoenixcontact:fl_switch_2314-2sfp_pn:-
-
cpe:2.3:h:phoenixcontact:fl_switch_2316/k1:-
-
cpe:2.3:h:phoenixcontact:fl_switch_2316:-
-
cpe:2.3:h:phoenixcontact:fl_switch_2316_pn:-
-
cpe:2.3:h:phoenixcontact:fl_switch_2404-2tc-2sfx:-
-
cpe:2.3:h:phoenixcontact:fl_switch_2406-2sfx:-
-
cpe:2.3:h:phoenixcontact:fl_switch_2406-2sfx_pn:-
-
cpe:2.3:h:phoenixcontact:fl_switch_2408:-
-
cpe:2.3:h:phoenixcontact:fl_switch_2408_pn:-
-
cpe:2.3:h:phoenixcontact:fl_switch_2412-2tc-2sfx:-
-
cpe:2.3:h:phoenixcontact:fl_switch_2414-2sfx:-
-
cpe:2.3:h:phoenixcontact:fl_switch_2414-2sfx_pn:-
-
cpe:2.3:h:phoenixcontact:fl_switch_2416:-
-
cpe:2.3:h:phoenixcontact:fl_switch_2416_pn:-
-
cpe:2.3:h:phoenixcontact:fl_switch_2504-2gc-2sfp:-
-
cpe:2.3:h:phoenixcontact:fl_switch_2506-2sfp/k1:-
-
cpe:2.3:h:phoenixcontact:fl_switch_2506-2sfp:-
-
cpe:2.3:h:phoenixcontact:fl_switch_2506-2sfp_pn:-
-
cpe:2.3:h:phoenixcontact:fl_switch_2508/k1:-
-
cpe:2.3:h:phoenixcontact:fl_switch_2508:-
-
cpe:2.3:h:phoenixcontact:fl_switch_2508_pn:-
-
cpe:2.3:h:phoenixcontact:fl_switch_2512-2gc-2sfp:-
-
cpe:2.3:h:phoenixcontact:fl_switch_2514-2sfp:-
-
cpe:2.3:h:phoenixcontact:fl_switch_2514-2sfp_pn:-
-
cpe:2.3:h:phoenixcontact:fl_switch_2516:-
-
cpe:2.3:h:phoenixcontact:fl_switch_2516_pn:-
-
cpe:2.3:h:phoenixcontact:fl_switch_2608:-
-
cpe:2.3:h:phoenixcontact:fl_switch_2608_pn:-
-
cpe:2.3:h:phoenixcontact:fl_switch_2708:-
-
cpe:2.3:h:phoenixcontact:fl_switch_2708_pn:-
-
cpe:2.3:o:phoenixcontact:fl_nat_2008_firmware:*
-
cpe:2.3:o:phoenixcontact:fl_nat_2208_firmware:2.90
-
cpe:2.3:o:phoenixcontact:fl_nat_2304-2gc-2sfp_firmware:2.90
-
cpe:2.3:o:phoenixcontact:fl_switch_2005_firmware:3.00
-
cpe:2.3:o:phoenixcontact:fl_switch_2008_firmware:3.00
-
cpe:2.3:o:phoenixcontact:fl_switch_2008f_firmware:3.00
-
cpe:2.3:o:phoenixcontact:fl_switch_2016_firmware:3.00
-
cpe:2.3:o:phoenixcontact:fl_switch_2105_firmware:3.00
-
cpe:2.3:o:phoenixcontact:fl_switch_2108_firmware:3.00
-
cpe:2.3:o:phoenixcontact:fl_switch_2116_firmware:3.00
-
cpe:2.3:o:phoenixcontact:fl_switch_2204-2tc-2sfx_firmware:3.00
-
cpe:2.3:o:phoenixcontact:fl_switch_2205_firmware:3.00
-
cpe:2.3:o:phoenixcontact:fl_switch_2206-2fx_firmware:3.00
-
cpe:2.3:o:phoenixcontact:fl_switch_2206-2fx_sm_firmware:3.00
-
cpe:2.3:o:phoenixcontact:fl_switch_2206-2fx_sm_st_firmware:3.00
-
cpe:2.3:o:phoenixcontact:fl_switch_2206-2fx_st_firmware:3.00
-
cpe:2.3:o:phoenixcontact:fl_switch_2206-2sfx_firmware:3.00
-
cpe:2.3:o:phoenixcontact:fl_switch_2206-2sfx_pn_firmware:3.00
-
cpe:2.3:o:phoenixcontact:fl_switch_2206c-2fx_firmware:3.00
-
cpe:2.3:o:phoenixcontact:fl_switch_2207-fx_firmware:3.00
-
cpe:2.3:o:phoenixcontact:fl_switch_2207-fx_sm_firmware:3.00
-
cpe:2.3:o:phoenixcontact:fl_switch_2208_firmware:3.00
-
cpe:2.3:o:phoenixcontact:fl_switch_2208_pn_firmware:3.00
-
cpe:2.3:o:phoenixcontact:fl_switch_2208c_firmware:3.00
-
cpe:2.3:o:phoenixcontact:fl_switch_2212-2tc-2sfx_firmware:3.00
-
cpe:2.3:o:phoenixcontact:fl_switch_2214-2fx_firmware:3.00
-
cpe:2.3:o:phoenixcontact:fl_switch_2214-2fx_sm_firmware:3.00
-
cpe:2.3:o:phoenixcontact:fl_switch_2214-2sfx_firmware:3.00
-
cpe:2.3:o:phoenixcontact:fl_switch_2214-2sfx_pn_firmware:3.00
-
cpe:2.3:o:phoenixcontact:fl_switch_2216_firmware:3.00
-
cpe:2.3:o:phoenixcontact:fl_switch_2216_pn_firmware:3.00
-
cpe:2.3:o:phoenixcontact:fl_switch_2303-8sp1:*
-
cpe:2.3:o:phoenixcontact:fl_switch_2304-2gc-2sfp_firmware:3.00
-
cpe:2.3:o:phoenixcontact:fl_switch_2306-2sfp_firmware:3.00
-
cpe:2.3:o:phoenixcontact:fl_switch_2306-2sfp_pn_firmware:3.00
-
cpe:2.3:o:phoenixcontact:fl_switch_2308_firmware:3.00
-
cpe:2.3:o:phoenixcontact:fl_switch_2308_pn_firmware:3.00
-
cpe:2.3:o:phoenixcontact:fl_switch_2312-2gc-2sfp_firmware:3.00
-
cpe:2.3:o:phoenixcontact:fl_switch_2314-2sfp_firmware:3.00
-
cpe:2.3:o:phoenixcontact:fl_switch_2314-2sfp_pn_firmware:3.00
-
cpe:2.3:o:phoenixcontact:fl_switch_2316/k1_firmware:3.00
-
cpe:2.3:o:phoenixcontact:fl_switch_2316_firmware:3.00
-
cpe:2.3:o:phoenixcontact:fl_switch_2316_pn_firmware:3.00
-
cpe:2.3:o:phoenixcontact:fl_switch_2404-2tc-2sfx_firmware:3.00
-
cpe:2.3:o:phoenixcontact:fl_switch_2406-2sfx_firmware:3.00
-
cpe:2.3:o:phoenixcontact:fl_switch_2406-2sfx_pn_firmware:3.00
-
cpe:2.3:o:phoenixcontact:fl_switch_2408_firmware:3.00
-
cpe:2.3:o:phoenixcontact:fl_switch_2408_pn_firmware:3.00
-
cpe:2.3:o:phoenixcontact:fl_switch_2412-2tc-2sfx_firmware:3.00
-
cpe:2.3:o:phoenixcontact:fl_switch_2414-2sfx_firmware:3.00
-
cpe:2.3:o:phoenixcontact:fl_switch_2414-2sfx_pn_firmware:3.00
-
cpe:2.3:o:phoenixcontact:fl_switch_2416_firmware:3.00
-
cpe:2.3:o:phoenixcontact:fl_switch_2416_pn_firmware:3.00
-
cpe:2.3:o:phoenixcontact:fl_switch_2504-2gc-2sfp_firmware:3.00
-
cpe:2.3:o:phoenixcontact:fl_switch_2506-2sfp/k1_firmware:3.00
-
cpe:2.3:o:phoenixcontact:fl_switch_2506-2sfp_firmware:3.00
-
cpe:2.3:o:phoenixcontact:fl_switch_2506-2sfp_pn_firmware:3.00
-
cpe:2.3:o:phoenixcontact:fl_switch_2508/k1_firmware:3.00
-
cpe:2.3:o:phoenixcontact:fl_switch_2508_firmware:3.00
-
cpe:2.3:o:phoenixcontact:fl_switch_2508_pn_firmware:3.00
-
cpe:2.3:o:phoenixcontact:fl_switch_2512-2gc-2sfp_firmware:3.00
-
cpe:2.3:o:phoenixcontact:fl_switch_2514-2sfp_firmware:3.00
-
cpe:2.3:o:phoenixcontact:fl_switch_2514-2sfp_pn_firmware:3.00
-
cpe:2.3:o:phoenixcontact:fl_switch_2516_firmware:3.00
-
cpe:2.3:o:phoenixcontact:fl_switch_2516_pn_firmware:3.00
-
cpe:2.3:o:phoenixcontact:fl_switch_2608_firmware:3.00
-
cpe:2.3:o:phoenixcontact:fl_switch_2608_pn_firmware:3.00
-
cpe:2.3:o:phoenixcontact:fl_switch_2708_firmware:3.00
-
cpe:2.3:o:phoenixcontact:fl_switch_2708_pn_firmware:3.00