CVE-2025-2813 – Phoenix Contact AXL F BK and IL BK Bus Couplers Denial-of-Service Vulnerability

Vulnerability

Patched

A denial-of-service vulnerability has been identified in several Phoenix Contact AXL F BK and IL BK bus couplers. An unauthenticated remote attacker can overload the device by sending a high volume of requests to the HTTP service on port 80. This issue affects multiple product variants and versions, with the bus coupler requiring a manual restart to restore communication within the Industrial Ethernet.

Impact

Exploitation of this vulnerability leads to device overload, triggering the hardware watchdog. As a result, process data reverts to the configured substitute value behavior. The bus coupler must be manually restarted to restore communication, such as by resetting the power supply, pressing the reset button, or executing the SNMP reset command.

Remediation

Users can upgrade to the fixed firmware versions available for the affected products. For AXL F BK PN TPS and AXL F BK PN TPS XC, firmware version 2.00 will be available in Q4 2025. AXL F BK ETH and AXL F BK ETH XC users can upgrade to version 1.32. For products marked as 'discontinued', no fix is planned.

Added: Jul 31, 2025, 10:26 AM

Updated: Jul 31, 2025, 10:26 AM

Affected Products

Phoenix Contact AXL F BK EIP

Easy fix3 remedies

cpe:2.3:h:phoenixcontact:axl_f_bk_eip:*:*:*:*:*:*:*

Easy fix3 remedies

<= 1.30

Phoenix Contact AXL F BK EIP EF

Easy fix3 remedies

cpe:2.3:h:phoenixcontact:axl_f_bk_eip_ef:*:*:*:*:*:*:*

Easy fix3 remedies

<= 1.30

Phoenix Contact AXL F BK EIP XC

Easy fix3 remedies

<= 1.30

Phoenix Contact AXL F BK ETH

Easy fix3 remedies

cpe:2.3:h:phoenixcontact:axl_f_bk_eth:*:*:*:*:*:*:*

Easy fix3 remedies

<= 1.31

Phoenix Contact AXL F BK ETH XC

Easy fix3 remedies

cpe:2.3:h:phoenixcontact:axl_f_bk_eth_xc:*:*:*:*:*:*:*

Easy fix3 remedies

<= 1.31

Phoenix Contact AXL F BK PN

Easy fix2 remedies

cpe:2.3:h:phoenixcontact:axl_f_bk_pn:*:*:*:*:*:*:*

Easy fix2 remedies

<= 1.06

Phoenix Contact AXL F BK PN TPS

Easy fix3 remedies

cpe:2.3:h:phoenixcontact:axl_f_bk_pn_tps:*:*:*:*:*:*:*

Easy fix3 remedies

<= 1.33

Phoenix Contact AXL F BK PN TPS XC

Easy fix3 remedies

cpe:2.3:h:phoenixcontact:axl_f_bk_pn_tps_xc:*:*:*:*:*:*:*

Easy fix3 remedies

<= 1.33

Phoenix Contact AXL F BK PN XC

Easy fix2 remedies

cpe:2.3:h:phoenixcontact:axl_f_bk_pn_xc:*:*:*:*:*:*:*

Easy fix2 remedies

<= 1.06

Phoenix Contact AXL F BK SAS

Easy fix2 remedies

cpe:2.3:h:phoenixcontact:axl_f_bk_sas:*:*:*:*:*:*:*

Easy fix2 remedies

<= 1.35

Phoenix Contact IL EIP BK DI8 DO4 2TX-PAC

Easy fix2 remedies

cpe:2.3:h:phoenixcontact:il_eip_bk_di8_do4_2tx-pac:*:*:*:*:*:*:*

Easy fix2 remedies

<= 1.12

Phoenix Contact IL ETH BK DI8 DO4 2TX-PAC

Easy fix2 remedies

cpe:2.3:h:phoenixcontact:il_eth_bk_di8_do4_2tx-pac:*:*:*:*:*:*:*

Easy fix2 remedies

<= 1.42

Phoenix Contact IL ETH BK-PAC

Easy fix2 remedies

<= 1.00

Phoenix Contact IL PN BK-PAC

Easy fix2 remedies

cpe:2.3:h:phoenixcontact:il_pn_bk-pac:*:*:*:*:*:*:*

Easy fix2 remedies

<= 1.13

CVSS Scores

volerion

8.7

CVSS 4.0

8.7

High

volerion

7.5

CVSS 3.1

7.5

High

Vendor

7.5

CVSS 3.1

7.5

High

Click a row to open the calculator.

References

https://certvde.com/en/advisories/VDE-2025-029/

AdvisoryRemedyVendor

Showing 1-1 of 1 references

Phoenix Contact AXL F BK and IL BK Bus Couplers Denial-of-Service Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Phoenix Contact AXL F BK EIP

Phoenix Contact AXL F BK EIP EF

Phoenix Contact AXL F BK EIP XC

Phoenix Contact AXL F BK ETH

Phoenix Contact AXL F BK ETH XC

Phoenix Contact AXL F BK PN

Phoenix Contact AXL F BK PN TPS

Phoenix Contact AXL F BK PN TPS XC

Phoenix Contact AXL F BK PN XC

Phoenix Contact AXL F BK SAS

Phoenix Contact IL EIP BK DI8 DO4 2TX-PAC

Phoenix Contact IL ETH BK DI8 DO4 2TX-PAC

Phoenix Contact IL ETH BK-PAC

Phoenix Contact IL PN BK-PAC

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating