Primary

Context

Phoenix Contact FL SWITCH 2xxx Series Reflected Cross-Site Scripting Vulnerability

Vulnerability

Patched

A reflected cross-site scripting vulnerability has been identified in the web-based management interface of Phoenix Contact FL SWITCH 2xxx series switches, all firmware versions prior to 3.50. This vulnerability allows an unauthenticated remote attacker to deceive an authenticated user into sending a manipulated POST request that alters device configuration parameters accessible through the web management interface. The session cookie is protected with the httpOnly flag, preventing the attacker from hijacking the user's session.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.

Remediation

Users are advised to update to the latest FL SWITCH 2xxx firmware version 3.50, which addresses this vulnerability.

Added: Dec 9, 2025, 7:48 PM

Updated: Dec 9, 2025, 7:48 PM

Affected Products

Phoenix Contact FL SWITCH 2008

Moderate fix1 remedy

cpe:2.3:h:phoenixcontact:fl_switch_2008:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 3.50

Phoenix Contact FL SWITCH 2008F

Moderate fix1 remedy

cpe:2.3:h:phoenixcontact:fl_switch_2008f:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 3.50

Phoenix Contact FL SWITCH 2205

Moderate fix1 remedy

cpe:2.3:h:phoenixcontact:fl_switch_2205:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 3.50

Phoenix Contact FL SWITCH 2206-2FX

Moderate fix1 remedy

cpe:2.3:h:phoenixcontact:fl_switch_2206-2fx:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 3.50

Phoenix Contact FL SWITCH 2206C-2FX

Moderate fix1 remedy

cpe:2.3:h:phoenixcontact:fl_switch_2206c-2fx:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 3.50

Phoenix Contact FL SWITCH 2207-FX

Moderate fix1 remedy

cpe:2.3:h:phoenixcontact:fl_switch_2207-fx:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 3.50

Phoenix Contact FL SWITCH 2208

Moderate fix1 remedy

cpe:2.3:h:phoenixcontact:fl_switch_2208:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 3.50

Phoenix Contact FL SWITCH 2208 PN

Moderate fix1 remedy

cpe:2.3:h:phoenixcontact:fl_switch_2208_pn:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 3.50

Phoenix Contact FL SWITCH 2404-2TC-2SFX

Moderate fix1 remedy

cpe:2.3:h:phoenixcontact:fl_switch_2404-2tc-2sfx:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 3.50

Phoenix Contact FL SWITCH 2406-2SFX

Moderate fix1 remedy

cpe:2.3:h:phoenixcontact:fl_switch_2406-2sfx:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 3.50

Phoenix Contact FL SWITCH 2412-2TC-2SFX

Moderate fix1 remedy

cpe:2.3:h:phoenixcontact:fl_switch_2412-2tc-2sfx:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 3.50

Phoenix Contact FL SWITCH 2414-2SFX

Moderate fix1 remedy

cpe:2.3:h:phoenixcontact:fl_switch_2414-2sfx:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 3.50

Phoenix Contact FL SWITCH 2504-2GC-2SFP

Moderate fix1 remedy

cpe:2.3:h:phoenixcontact:fl_switch_2504-2gc-2sfp:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 3.50

Phoenix Contact FL SWITCH 2506-2SFP

Moderate fix1 remedy

cpe:2.3:h:phoenixcontact:fl_switch_2506-2sfp:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 3.50

Phoenix Contact FL SWITCH 2508

Moderate fix1 remedy

cpe:2.3:h:phoenixcontact:fl_switch_2508:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 3.50

Phoenix Contact FL SWITCH 2512-2GC-2SFP

Moderate fix1 remedy

cpe:2.3:h:phoenixcontact:fl_switch_2512-2gc-2sfp:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 3.50

Phoenix Contact FL SWITCH 2514-2SFP

Moderate fix1 remedy

cpe:2.3:h:phoenixcontact:fl_switch_2514-2sfp:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 3.50

Phoenix Contact FL SWITCH 2516

Moderate fix1 remedy

cpe:2.3:h:phoenixcontact:fl_switch_2516:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 3.50

Phoenix Contact FL SWITCH 2608

Moderate fix1 remedy

cpe:2.3:h:phoenixcontact:fl_switch_2608:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 3.50

Phoenix Contact FL SWITCH 2708

Moderate fix1 remedy

cpe:2.3:h:phoenixcontact:fl_switch_2708:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 3.50

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

1.0

exploitability

6.0

remediation

7.7

relevance

1.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

1.0

exploitability

6.0

remediation

7.7

relevance

1.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Phoenix Contact FL SWITCH 2xxx Series Reflected Cross-Site Scripting Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Phoenix Contact FL SWITCH 2008

Phoenix Contact FL SWITCH 2008F

Phoenix Contact FL SWITCH 2205

Phoenix Contact FL SWITCH 2206-2FX

Phoenix Contact FL SWITCH 2206C-2FX

Phoenix Contact FL SWITCH 2207-FX

Phoenix Contact FL SWITCH 2208

Phoenix Contact FL SWITCH 2208 PN

Phoenix Contact FL SWITCH 2404-2TC-2SFX

Phoenix Contact FL SWITCH 2406-2SFX

Phoenix Contact FL SWITCH 2412-2TC-2SFX

Phoenix Contact FL SWITCH 2414-2SFX

Phoenix Contact FL SWITCH 2504-2GC-2SFP

Phoenix Contact FL SWITCH 2506-2SFP

Phoenix Contact FL SWITCH 2508

Phoenix Contact FL SWITCH 2512-2GC-2SFP

Phoenix Contact FL SWITCH 2514-2SFP

Phoenix Contact FL SWITCH 2516

Phoenix Contact FL SWITCH 2608

Phoenix Contact FL SWITCH 2708

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating