Phoenixcontact Fl Switch 2306-2sfp Pn Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Phoenixcontact Fl Switch 2306-2sfp Pn Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (15)
CVE-2022-22509 — CVSS 8.8 (high): In Phoenix Contact FL SWITCH Series 2xxx in version 3.00 an incorrect privilege assignment allows an low privileged user to enable full…
CVE-2025-41752 — CVSS 7.1 (high): An XSS vulnerability in pxc_portSfp.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the…
CVE-2025-41747 — CVSS 7.1 (high): An XSS vulnerability in pxc_vlanIntfCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a…
CVE-2025-41748 — CVSS 7.1 (high): An XSS vulnerability in pxc_Dot1xCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the…
CVE-2025-41749 — CVSS 7.1 (high): An XSS vulnerability in port_util.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link…
CVE-2025-41750 — CVSS 7.1 (high): An XSS vulnerability in pxc_PortCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the…
CVE-2025-41751 — CVSS 7.1 (high): An XSS vulnerability in pxc_portCntr.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the…
CVE-2025-41695 — CVSS 7.1 (high): An XSS vulnerability in dyn_conn.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated…
CVE-2025-41745 — CVSS 7.1 (high): An XSS vulnerability in pxc_portCntr2.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a…
CVE-2025-41746 — CVSS 7.1 (high): An XSS vulnerability in pxc_portSecCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a…
CVE-2025-41692 — CVSS 6.8 (medium): A high privileged remote attacker with admin privileges for the webUI can brute-force the "root" and "user" passwords of the underlying OS…
CVE-2025-41697 — CVSS 6.8 (medium): An attacker can use an undocumented UART port on the PCB as a side-channel to get root access e.g. with the credentials obtained from…
CVE-2025-41694 — CVSS 6.5 (medium): A low privileged remote attacker can run the webshell with an empty command containing whitespace. The server will then block until it…
CVE-2025-41696 — CVSS 4.6 (medium): An attacker can use an undocumented UART port on the PCB as a side-channel with the user hardcoded credentials obtained from CVE-2025-41692…
CVE-2025-41693 — CVSS 4.3 (medium): A low privileged remote attacker can use the ssh feature to execute commands directly after login. The process stays open and uses…