Volerion logoVolerion
Volerion logoVolerion

Phoenix Contact FL SWITCH Series CSRF Vulnerability in Web Management Interface

Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the web-based management interface of Phoenix Contact FL SWITCH 2xxx, FL SWITCH TSN 23xx, and FL SWITCH 59xx models, all running firmware prior to version 3.53. This vulnerability allows an unauthenticated remote attacker to deceive authenticated users into sending unauthorized POST requests, thereby silently modifying the device's configuration without the user's knowledge or consent. The impact on availability is considered low, as the device automatically recovers after such an attack.

Impact

Exploitation of this vulnerability could lead to unauthorized changes in the device's configuration, potentially disrupting normal operations, although the device is expected to recover automatically without external intervention.

Remediation

Users are advised to update to the latest firmware version 3.53, which addresses this vulnerability.

Added: Mar 18, 2026, 8:44 AM
Updated: Mar 18, 2026, 8:44 AM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
3.1
exploitability
5.8
remediation
0.0
relevance
4.1
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.