Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
4DescriptionCVE.org
A stack-based buffer overflow in the device's file installation workflow allows a high-privileged attacker to send oversized POST parameters that overflow a fixed-size stack buffer within an internal process, resulting in a DoS attack.
AnalysisAI
Denial of service in Stack Overflow and Fl networking devices results from a stack-based buffer overflow in the file installation workflow that can be triggered by high-privileged attackers through oversized POST parameters. An authenticated attacker with elevated privileges can crash the affected service by exploiting this memory corruption vulnerability. No patch is currently available for the impacted products.
Technical ContextAI
The vulnerability resides in the file installation workflow component of Phoenix Contact FL SWITCH industrial Ethernet switches, which are critical infrastructure networking devices used in industrial automation environments. The root cause is classified as CWE-121 (Stack-based Buffer Overflow), indicating improper input validation on HTTP POST parameters within an internal process handling device file installations. The affected CPE encompasses multiple FL SWITCH product lines including FL SWITCH 2005, 2008, 2016, 2105, 2108, 2116, 2204-2TC-2SFX, 2205, 2206-2FX, and numerous other industrial switch models, as well as FL NAT (Network Address Translation) appliances. The vulnerability is triggered through network-accessible HTTP/HTTPS endpoints that process file upload or configuration installation requests, and exploitation requires sending specially-crafted POST requests with parameter sizes exceeding the fixed stack buffer allocation.
RemediationAI
Immediately upgrade all affected Phoenix Contact FL SWITCH and FL NAT devices to firmware version 3.53 or later, following the vendor's published firmware update procedures documented in the CERTVDE advisory (https://certvde.com/de/advisories/VDE-2025-104) and EUVD database entry. For devices where immediate patching is not operationally feasible, implement network segmentation to restrict HTTP/HTTPS access to the device management interface to only authorized administrative networks and trusted IP ranges, disable the file installation workflow if not actively required for operations, and monitor for unusual POST requests to the affected endpoints. In industrial environments, coordinate patching through change management processes to minimize production impact, and verify firmware authenticity using Phoenix Contact's provided checksums before deployment. Where applicable, deploy a reverse proxy or web application firewall in front of affected switches to validate POST parameter sizes and block oversized requests before they reach the vulnerable code path.
More in Fl Switch 2516
View allArbitrary command execution with root privileges affects multiple Fl Switch and Fl Nat devices through improper handling
A cross-site scripting vulnerability (CVSS 7.1) that allows an unauthenticated remote attacker. High severity vulnerabil
A CSRF vulnerability in A CSRF vulnerability in the Link Aggregation configuration interface (CVSS 7.1) that allows an u
A buffer overflow vulnerability (CVSS 6.5). Remediation should follow standard vulnerability management procedures.
A buffer overflow vulnerability (CVSS 6.5). Remediation should follow standard vulnerability management procedures.
A buffer overflow vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures.
A buffer overflow vulnerability (CVSS 4.9) that allows a high-privileged attacker. Remediation should follow standard vu
Same weakness CWE-121 – Stack-based Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-12788