Primary

Context

Phoenix Contact FL SWITCH 2xxx Denial-of-Service Vulnerability

Vulnerability

A denial-of-service vulnerability has been identified in Phoenix Contact FL SWITCH 2xxx firmware prior to version 3.50. This vulnerability allows a low-privileged remote attacker to execute a web shell with an empty command that contains whitespace. The server will then hang until it receives additional data, creating a denial-of-service condition on the web server.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition on the affected device's web server.

Remediation

Users are advised to update to the latest FL SWITCH 2xxx firmware version 3.50, which addresses this vulnerability.

Added: Dec 9, 2025, 7:59 PM

Updated: Dec 9, 2025, 7:59 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

7.7

relevance

1.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

7.7

relevance

1.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Phoenix Contact FL SWITCH 2xxx Denial-of-Service Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating