CVE-2025-41696
Severity CVSS v4.0:
Pending analysis
Type:
CWE-798
Use of Hard-coded Credentials
Publication date:
09/12/2025
Last modified:
19/12/2025
Description
An attacker can use an undocumented UART port on the PCB as a side-channel with the user hardcoded credentials obtained from CVE-2025-41692 to gain read access to parts of the filesystem of the device.
Impact
Base Score 3.x
4.60
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:phoenixcontact:fl_switch_2708_pn_firmware:*:*:*:*:*:*:*:* | 3.50 (excluding) | |
| cpe:2.3:h:phoenixcontact:fl_switch_2708_pn:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:phoenixcontact:fl_switch_2708_firmware:*:*:*:*:*:*:*:* | 3.50 (excluding) | |
| cpe:2.3:h:phoenixcontact:fl_switch_2708:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:phoenixcontact:fl_switch_2608_pn_firmware:*:*:*:*:*:*:*:* | 3.50 (excluding) | |
| cpe:2.3:h:phoenixcontact:fl_switch_2608_pn:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:phoenixcontact:fl_switch_2608_firmware:*:*:*:*:*:*:*:* | 3.50 (excluding) | |
| cpe:2.3:h:phoenixcontact:fl_switch_2608:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:phoenixcontact:fl_switch_2516_pn_firmware:*:*:*:*:*:*:*:* | 3.50 (excluding) | |
| cpe:2.3:h:phoenixcontact:fl_switch_2516_pn:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:phoenixcontact:fl_switch_2516_firmware:*:*:*:*:*:*:*:* | 3.50 (excluding) | |
| cpe:2.3:h:phoenixcontact:fl_switch_2516:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:phoenixcontact:fl_switch_2514-2sfp_pn_firmware:*:*:*:*:*:*:*:* | 3.50 (excluding) | |
| cpe:2.3:h:phoenixcontact:fl_switch_2514-2sfp_pn:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:phoenixcontact:fl_switch_2514-2sfp_firmware:*:*:*:*:*:*:*:* | 3.50 (excluding) |
To consult the complete list of CPE names with products and versions, see this page