Skip to main content

Fl Switch 2516 CVE-2026-22319

| EUVDEUVD-2026-12788 MEDIUM
Stack-based Buffer Overflow (CWE-121)
2026-03-18 CERTVDE
4.9
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.9 MEDIUM
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Patch available
Apr 16, 2026 - 05:29 EUVD
3.53
EUVD ID Assigned
Mar 18, 2026 - 08:00 euvd
EUVD-2026-12788
Analysis Generated
Mar 18, 2026 - 08:00 vuln.today
CVE Published
Mar 18, 2026 - 07:34 nvd
MEDIUM 4.9

DescriptionCVE.org

A stack-based buffer overflow in the device's file installation workflow allows a high-privileged attacker to send oversized POST parameters that overflow a fixed-size stack buffer within an internal process, resulting in a DoS attack.

AnalysisAI

Denial of service in Stack Overflow and Fl networking devices results from a stack-based buffer overflow in the file installation workflow that can be triggered by high-privileged attackers through oversized POST parameters. An authenticated attacker with elevated privileges can crash the affected service by exploiting this memory corruption vulnerability. No patch is currently available for the impacted products.

Technical ContextAI

The vulnerability resides in the file installation workflow component of Phoenix Contact FL SWITCH industrial Ethernet switches, which are critical infrastructure networking devices used in industrial automation environments. The root cause is classified as CWE-121 (Stack-based Buffer Overflow), indicating improper input validation on HTTP POST parameters within an internal process handling device file installations. The affected CPE encompasses multiple FL SWITCH product lines including FL SWITCH 2005, 2008, 2016, 2105, 2108, 2116, 2204-2TC-2SFX, 2205, 2206-2FX, and numerous other industrial switch models, as well as FL NAT (Network Address Translation) appliances. The vulnerability is triggered through network-accessible HTTP/HTTPS endpoints that process file upload or configuration installation requests, and exploitation requires sending specially-crafted POST requests with parameter sizes exceeding the fixed stack buffer allocation.

RemediationAI

Immediately upgrade all affected Phoenix Contact FL SWITCH and FL NAT devices to firmware version 3.53 or later, following the vendor's published firmware update procedures documented in the CERTVDE advisory (https://certvde.com/de/advisories/VDE-2025-104) and EUVD database entry. For devices where immediate patching is not operationally feasible, implement network segmentation to restrict HTTP/HTTPS access to the device management interface to only authorized administrative networks and trusted IP ranges, disable the file installation workflow if not actively required for operations, and monitor for unusual POST requests to the affected endpoints. In industrial environments, coordinate patching through change management processes to minimize production impact, and verify firmware authenticity using Phoenix Contact's provided checksums before deployment. Where applicable, deploy a reverse proxy or web application firewall in front of affected switches to validate POST parameter sizes and block oversized requests before they reach the vulnerable code path.

Share

CVE-2026-22319 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy