Primary

Context

Phoenix Contact FL SWITCH 2xxx Password Brute-Force Vulnerability

Vulnerability

A vulnerability exists in Phoenix Contact FL SWITCH 2xxx firmware versions prior to 3.50, allowing high-privileged remote attackers with admin rights in the web interface to brute-force the 'root' and 'user' passwords of the underlying operating system. This issue arises from a weak password generation algorithm.

Impact

Exploitation of this vulnerability could lead to unauthorized access to the device's file system by allowing attackers to gain administrative privileges on the underlying operating system.

Remediation

Users are advised to update to the latest 3.50 firmware release, which addresses this vulnerability.

Added: Dec 9, 2025, 8:03 PM

Updated: Dec 9, 2025, 8:03 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.8

remediation

7.7

relevance

1.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.8

remediation

7.7

relevance

1.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Phoenix Contact FL SWITCH 2xxx Password Brute-Force Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating