Primary

Context

Phoenix Contact FL SWITCH Products Stack-Based Buffer Overflow Vulnerability in TFTP Command Handling Allowing Denial-of-Service

Vulnerability

A stack-based buffer overflow vulnerability has been identified in the TFTP file-transfer command handling of Phoenix Contact FL SWITCH 2xxx, FL SWITCH TSN 23xx, and FL SWITCH 59xx firmware prior to version 3.53. This vulnerability allows a low-privileged attacker with Telnet or SSH access to cause memory corruption by providing unexpected or oversized filename inputs. Exploitation of this vulnerability leads to internal buffer corruption, causing the command-line interface and web dashboard to become unavailable, thereby creating a denial-of-service condition.

Impact

Exploitation of this vulnerability causes a denial-of-service condition, making the command-line interface and web dashboard unavailable.

Remediation

Users are advised to update to the latest firmware version 3.53, which addresses this vulnerability.

Added: Mar 18, 2026, 8:42 AM

Updated: Mar 18, 2026, 8:42 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.5

remediation

0.0

relevance

4.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.5

remediation

0.0

relevance

4.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Phoenix Contact FL SWITCH Products Stack-Based Buffer Overflow Vulnerability in TFTP Command Handling Allowing Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating