Primary

Context

Phoenix Contact FL SWITCH 2xxx Reflected Cross-Site Scripting Vulnerability

Vulnerability

Patched

A reflected cross-site scripting vulnerability has been identified in the web-based management interface of Phoenix Contact FL SWITCH 2xxx devices, all firmware versions prior to 3.50. This vulnerability allows an unauthenticated remote attacker to deceive an authenticated user into clicking a malicious link, which could then be used to alter device configuration parameters accessible through the web application. While the session cookie is protected by the httpOnly flag, preventing session hijacking, the vulnerability still poses a risk by allowing unauthorized changes to device settings.

Impact

Exploitation of this vulnerability could lead to unauthorized modifications of device configuration parameters via the web-based management interface.

Remediation

Users are advised to update to the latest FL SWITCH 2xxx firmware version 3.50, which addresses this vulnerability.

Added: Dec 9, 2025, 7:43 PM

Updated: Dec 9, 2025, 7:43 PM

Affected Products

Phoenix Contact FL SWITCH 2008

Moderate fix1 remedy

cpe:2.3:h:phoenixcontact:fl_switch_2008:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 3.50

Phoenix Contact FL SWITCH 2008F

Moderate fix1 remedy

cpe:2.3:h:phoenixcontact:fl_switch_2008f:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 3.50

Phoenix Contact FL SWITCH 2016

Moderate fix1 remedy

cpe:2.3:h:phoenixcontact:fl_switch_2016:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 3.50

Phoenix Contact FL SWITCH 2105

Moderate fix1 remedy

cpe:2.3:h:phoenixcontact:fl_switch_2105:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 3.50

Phoenix Contact FL SWITCH 2108

Moderate fix1 remedy

cpe:2.3:h:phoenixcontact:fl_switch_2108:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 3.50

Phoenix Contact FL SWITCH 2116

Moderate fix1 remedy

cpe:2.3:h:phoenixcontact:fl_switch_2116:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 3.50

Phoenix Contact FL SWITCH 2204-2TC-2SFX

Moderate fix1 remedy

cpe:2.3:h:phoenixcontact:fl_switch_2204-2tc-2sfx:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 3.50

Phoenix Contact FL SWITCH 2205

Moderate fix1 remedy

cpe:2.3:h:phoenixcontact:fl_switch_2205:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 3.50

Phoenix Contact FL SWITCH 2206-2FX

Moderate fix1 remedy

cpe:2.3:h:phoenixcontact:fl_switch_2206-2fx:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 3.50

Phoenix Contact FL SWITCH 2206-2FX SM

Moderate fix1 remedy

cpe:2.3:h:phoenixcontact:fl_switch_2206-2fx_sm:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 3.50

Phoenix Contact FL SWITCH 2206-2FX SM ST

Moderate fix1 remedy

cpe:2.3:h:phoenixcontact:fl_switch_2206-2fx_sm_st:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 3.50

Phoenix Contact FL SWITCH 2206-2SFX

Moderate fix1 remedy

cpe:2.3:h:phoenixcontact:fl_switch_2206-2sfx:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 3.50

Phoenix Contact FL SWITCH 2206-2SFX PN

Moderate fix1 remedy

cpe:2.3:h:phoenixcontact:fl_switch_2206-2sfx_pn:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 3.50

Phoenix Contact FL SWITCH 2404-2TC-2SFX

Moderate fix1 remedy

cpe:2.3:h:phoenixcontact:fl_switch_2404-2tc-2sfx:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 3.50

Phoenix Contact FL SWITCH 2406-2SFX

Moderate fix1 remedy

cpe:2.3:h:phoenixcontact:fl_switch_2406-2sfx:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 3.50

Phoenix Contact FL SWITCH 2412-2TC-2SFX

Moderate fix1 remedy

cpe:2.3:h:phoenixcontact:fl_switch_2412-2tc-2sfx:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 3.50

Phoenix Contact FL SWITCH 2414-2SFX

Moderate fix1 remedy

cpe:2.3:h:phoenixcontact:fl_switch_2414-2sfx:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 3.50

Phoenix Contact FL SWITCH 2504-2GC-2SFP

Moderate fix1 remedy

cpe:2.3:h:phoenixcontact:fl_switch_2504-2gc-2sfp:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 3.50

Phoenix Contact FL SWITCH 2506-2SFP

Moderate fix1 remedy

cpe:2.3:h:phoenixcontact:fl_switch_2506-2sfp:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 3.50

Phoenix Contact FL SWITCH 2508

Moderate fix1 remedy

cpe:2.3:h:phoenixcontact:fl_switch_2508:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 3.50

Phoenix Contact FL SWITCH 2512-2GC-2SFP

Moderate fix1 remedy

cpe:2.3:h:phoenixcontact:fl_switch_2512-2gc-2sfp:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 3.50

Phoenix Contact FL SWITCH 2514-2SFP

Moderate fix1 remedy

cpe:2.3:h:phoenixcontact:fl_switch_2514-2sfp:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 3.50

Phoenix Contact FL SWITCH 2608

Moderate fix1 remedy

cpe:2.3:h:phoenixcontact:fl_switch_2608:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 3.50

Phoenix Contact FL SWITCH 2708

Moderate fix1 remedy

cpe:2.3:h:phoenixcontact:fl_switch_2708:*:*:*:*:*:*:*, +1 more

Moderate fix1 remedy

< 3.50

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

1.7

exploitability

6.0

remediation

7.7

relevance

1.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

1.7

exploitability

6.0

remediation

7.7

relevance

1.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Phoenix Contact FL SWITCH 2xxx Reflected Cross-Site Scripting Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Phoenix Contact FL SWITCH 2008

Phoenix Contact FL SWITCH 2008F

Phoenix Contact FL SWITCH 2016

Phoenix Contact FL SWITCH 2105

Phoenix Contact FL SWITCH 2108

Phoenix Contact FL SWITCH 2116

Phoenix Contact FL SWITCH 2204-2TC-2SFX

Phoenix Contact FL SWITCH 2205

Phoenix Contact FL SWITCH 2206-2FX

Phoenix Contact FL SWITCH 2206-2FX SM

Phoenix Contact FL SWITCH 2206-2FX SM ST

Phoenix Contact FL SWITCH 2206-2SFX

Phoenix Contact FL SWITCH 2206-2SFX PN

Phoenix Contact FL SWITCH 2404-2TC-2SFX

Phoenix Contact FL SWITCH 2406-2SFX

Phoenix Contact FL SWITCH 2412-2TC-2SFX

Phoenix Contact FL SWITCH 2414-2SFX

Phoenix Contact FL SWITCH 2504-2GC-2SFP

Phoenix Contact FL SWITCH 2506-2SFP

Phoenix Contact FL SWITCH 2508

Phoenix Contact FL SWITCH 2512-2GC-2SFP

Phoenix Contact FL SWITCH 2514-2SFP

Phoenix Contact FL SWITCH 2608

Phoenix Contact FL SWITCH 2708

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating