VDE-2025-029
Vulnerability from csaf_phoenixcontactgmbhcokg - Published: 2025-05-13 09:00 - Updated: 2025-05-14 12:28Summary
Phoenix Contact: Security Advisory for AXL F BK and IL BK bus couplers
Severity
High
Notes
Summary: A denial of service (DoS) attack targeting port 80 (http service) can overload the device (CWE-770). This behaviour has been observed when running network security scanners.
Impact: A successful attack leads to an overload of the device and the hardware watchdog is triggered. Process data behaves according to the configured substitute value behavior.
The bus coupler requires a manual restart (resetting the power supply, pressing the reset button or executing the SNMP reset command) to reestablish communication within the Industrial Ethernet (e.g. PROFINET IO, Modbus/TCP, EtherNet/IP).
Mitigation: Affected bus couplers are designed and developed for the use in closed industrial networks. Phoenix Contact therefore strongly recommends using the devices exclusively in closed networks and protected by a suitable firewall.
If the use of scanners is mandatory for network security in closed production networks, it is recommended to exclude or disable denial of service tests that target port 80. Most network scanners offer options to individually disable certain tests or to apply exclusions by clustering device types and test categorization functions.
Remediation: To further improve security, fixed firmware versions are available for the items listed in the "Fixed" section. A fix for products marked as "discontinued" is not planned. All other listed products will receive a bugfix at the next revision.
Product description: Bus coupler for Axioline F and Inline Remote-I/O-system
General Recommendation: For general information and recommendations on security measures to protect network-enabled devices, refer to the application note: [Application Note Security](https://dam-mdc.phoenixcontact.com/asset/156443151564/0a870ae433c19148b80bd760f3a1c1f2/107913_en_03.pdf).
7.5 (High)
Mitigation
This product was designed for use in closed industrial networks. Phoenix Contact strongly recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our [application note](https://dam-mdc.phoenixcontact.com/asset/156443151564/0a870ae433c19148b80bd760f3a1c1f2/107913_en_03.pdf).
If the use of scanners is mandatory for network security in closed production networks, it is recommended to exclude or disable denial of service tests that target port 80. Most network scanners offer options to individually disable certain tests or to apply exclusions by clustering device types and test categorization functions.
Vendor Fix
Affected bus couplers are designed and developed for the use in closed industrial networks. Phoenix Contact therefore strongly recommends using the devices exclusively in closed networks and protected by a suitable firewall.
To further improve security, fixed firmware versions are available for the items listed in the "Fixed" section. A fix for products marked as "discontinued" is not planned. All other listed products will receive a bugfix at the next revision.
References
Acknowledgments
CERTVDE
certvde.com/en/
{
"document": {
"acknowledgments": [
{
"organization": "CERTVDE",
"summary": "Coordination",
"urls": [
"https://certvde.com/en/"
]
}
],
"aggregate_severity": {
"namespace": "https://www.first.org/cvss/v3.1/specification-document#Qualitative-Severity-Rating-Scale",
"text": "High"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "A denial of service (DoS) attack targeting port 80 (http service) can overload the device (CWE-770). This behaviour has been observed when running network security scanners.",
"title": "Summary"
},
{
"category": "description",
"text": "A successful attack leads to an overload of the device and the hardware watchdog is triggered. Process data behaves according to the configured substitute value behavior.\n\nThe bus coupler requires a manual restart (resetting the power supply, pressing the reset button or executing the SNMP reset command) to reestablish communication within the Industrial Ethernet (e.g. PROFINET IO, Modbus/TCP, EtherNet/IP).",
"title": "Impact"
},
{
"category": "description",
"text": "Affected bus couplers are designed and developed for the use in closed industrial networks. Phoenix Contact therefore strongly recommends using the devices exclusively in closed networks and protected by a suitable firewall.\n\nIf the use of scanners is mandatory for network security in closed production networks, it is recommended to exclude or disable denial of service tests that target port 80. Most network scanners offer options to individually disable certain tests or to apply exclusions by clustering device types and test categorization functions.",
"title": "Mitigation"
},
{
"category": "description",
"text": "To further improve security, fixed firmware versions are available for the items listed in the \"Fixed\" section. A fix for products marked as \"discontinued\" is not planned. All other listed products will receive a bugfix at the next revision.",
"title": "Remediation"
},
{
"category": "description",
"text": "Bus coupler for Axioline F and Inline Remote-I/O-system",
"title": "Product description"
},
{
"category": "general",
"text": "For general information and recommendations on security measures to protect network-enabled devices, refer to the application note: [Application Note Security](https://dam-mdc.phoenixcontact.com/asset/156443151564/0a870ae433c19148b80bd760f3a1c1f2/107913_en_03.pdf).",
"title": "General Recommendation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@phoenixcontact.com",
"name": "Phoenix Contact GmbH \u0026 Co. KG",
"namespace": "https://phoenixcontact.com/psirt"
},
"references": [
{
"category": "self",
"summary": "VDE-2025-029: Phoenix Contact: Security Advisory for AXL F BK and IL BK bus couplers - HTML",
"url": "https://certvde.com/en/advisories/VDE-2025-029/"
},
{
"category": "external",
"summary": "Phoenix Contact advisory overview at CERT@VDE",
"url": "https://certvde.com/de/advisories/vendor/phoenixcontact/"
},
{
"category": "external",
"summary": "PCSA-2025/00006",
"url": "https://phoenixcontact.com/psirt"
},
{
"category": "self",
"summary": "VDE-2025-029: Phoenix Contact: Security Advisory for AXL F BK and IL BK bus couplers - CSAF",
"url": "https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-029.json"
}
],
"title": "Phoenix Contact: Security Advisory for AXL F BK and IL BK bus couplers",
"tracking": {
"aliases": [
"VDE-2025-029",
"PCSA-2025/00006"
],
"current_release_date": "2025-05-14T12:28:19.000Z",
"generator": {
"date": "2025-05-13T10:00:28.835Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.25"
}
},
"id": "VDE-2025-029",
"initial_release_date": "2025-05-13T09:00:00.000Z",
"revision_history": [
{
"date": "2025-05-13T09:00:00.000Z",
"number": "1",
"summary": "Initial revision"
},
{
"date": "2025-05-14T12:28:19.000Z",
"number": "2",
"summary": "Fix: version space"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "AXL F BK PN TPS",
"product": {
"name": "AXL F BK PN TPS",
"product_id": "CSAFPID-11001",
"product_identification_helper": {
"model_numbers": [
"2403869"
]
}
}
},
{
"category": "product_name",
"name": "AXL F BK PN TPS XC",
"product": {
"name": "AXL F BK PN TPS XC",
"product_id": "CSAFPID-11002",
"product_identification_helper": {
"model_numbers": [
"1068857"
]
}
}
},
{
"category": "product_name",
"name": "AXL F BK PN",
"product": {
"name": "AXL F BK PN",
"product_id": "CSAFPID-11003",
"product_identification_helper": {
"model_numbers": [
"2701815"
]
}
}
},
{
"category": "product_name",
"name": "AXL F BK PN XC",
"product": {
"name": "AXL F BK PN XC",
"product_id": "CSAFPID-11004",
"product_identification_helper": {
"model_numbers": [
"2701222"
]
}
}
},
{
"category": "product_name",
"name": "AXL F BK SAS",
"product": {
"name": "AXL F BK SAS",
"product_id": "CSAFPID-11005",
"product_identification_helper": {
"model_numbers": [
"2701457"
]
}
}
},
{
"category": "product_name",
"name": "AXL F BK ETH",
"product": {
"name": "AXL F BK ETH",
"product_id": "CSAFPID-11006",
"product_identification_helper": {
"model_numbers": [
"2688459"
]
}
}
},
{
"category": "product_name",
"name": "AXL F BK ETH XC",
"product": {
"name": "AXL F BK ETH XC",
"product_id": "CSAFPID-11007",
"product_identification_helper": {
"model_numbers": [
"2701949"
]
}
}
},
{
"category": "product_name",
"name": "AXL F BK EIP",
"product": {
"name": "AXL F BK EIP",
"product_id": "CSAFPID-11008",
"product_identification_helper": {
"model_numbers": [
"2688394"
]
}
}
},
{
"category": "product_name",
"name": "AXL F BK EIP EF",
"product": {
"name": "AXL F BK EIP EF",
"product_id": "CSAFPID-11009",
"product_identification_helper": {
"model_numbers": [
"2702782"
]
}
}
},
{
"category": "product_name",
"name": "AXL F BK EIP XC",
"product": {
"name": "AXL F BK EIP XC",
"product_id": "CSAFPID-11010",
"product_identification_helper": {
"model_numbers": [
"1167192"
]
}
}
},
{
"category": "product_name",
"name": "IL PN BK-PAC",
"product": {
"name": "IL PN BK-PAC",
"product_id": "CSAFPID-11011",
"product_identification_helper": {
"model_numbers": [
"2403696"
]
}
}
},
{
"category": "product_name",
"name": "IL ETH BK-PAC",
"product": {
"name": "IL ETH BK-PAC",
"product_id": "CSAFPID-11012",
"product_identification_helper": {
"model_numbers": [
"2702372"
]
}
}
},
{
"category": "product_name",
"name": "IL ETH BK DI8 DO4 2TX-PAC",
"product": {
"name": "IL ETH BK DI8 DO4 2TX-PAC",
"product_id": "CSAFPID-11013",
"product_identification_helper": {
"model_numbers": [
"2703981"
]
}
}
},
{
"category": "product_name",
"name": "IL EIP BK DI8 DO4 2TX-PAC",
"product": {
"name": "IL EIP BK DI8 DO4 2TX-PAC",
"product_id": "CSAFPID-11014",
"product_identification_helper": {
"model_numbers": [
"2897758"
]
}
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=FW1.33",
"product": {
"name": "Firmware \u003c= 1.33",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version_range",
"name": "\u003c=FW1.06",
"product": {
"name": "Firmware \u003c= 1.06",
"product_id": "CSAFPID-21003"
}
},
{
"category": "product_version_range",
"name": "\u003c=FW1.35",
"product": {
"name": "Firmware \u003c= 1.35",
"product_id": "CSAFPID-21005"
}
},
{
"category": "product_version_range",
"name": "\u003c=FW1.31",
"product": {
"name": "Firmware \u003c= 1.31",
"product_id": "CSAFPID-21006"
}
},
{
"category": "product_version_range",
"name": "\u003c=FW1.30",
"product": {
"name": "Firmware \u003c= 1.30",
"product_id": "CSAFPID-21008"
}
},
{
"category": "product_version_range",
"name": "\u003c=FW1.13",
"product": {
"name": "Firmware \u003c= 1.13",
"product_id": "CSAFPID-21011"
}
},
{
"category": "product_version_range",
"name": "\u003c=FW1.00",
"product": {
"name": "Firmware \u003c= 1.00",
"product_id": "CSAFPID-21012"
}
},
{
"category": "product_version_range",
"name": "\u003c=FW1.42",
"product": {
"name": "Firmware \u003c= 1.42",
"product_id": "CSAFPID-21013"
}
},
{
"category": "product_version_range",
"name": "\u003c=FW1.12",
"product": {
"name": "Firmware \u003c= 1.12",
"product_id": "CSAFPID-21014"
}
},
{
"category": "product_version",
"name": "FW2.00",
"product": {
"name": "Firmware 2.00",
"product_id": "CSAFPID-22001"
}
},
{
"category": "product_version",
"name": "FW1.32",
"product": {
"name": "Firmware 1.32",
"product_id": "CSAFPID-22006"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "Phoenix Contact"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014"
],
"summary": "Affected Products"
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32006",
"CSAFPID-32007"
],
"summary": "Fixed"
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c= 1.33 installed on AXL F BK PN TPS",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c= 1.33 installed on AXL F BK PN TPS XC",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c= 1.06 installed on AXL F BK PN (discontinued)",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21003",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c= 1.06 installed on AXL F BK PN XC (discontinued)",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-21003",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c= 1.35 installed on AXL F BK SAS (discontinued)",
"product_id": "CSAFPID-31005"
},
"product_reference": "CSAFPID-21005",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c= 1.31 installed on AXL F BK ETH",
"product_id": "CSAFPID-31006"
},
"product_reference": "CSAFPID-21006",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c= 1.31 installed on AXL F BK ETH XC",
"product_id": "CSAFPID-31007"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c= 1.30 installed on AXL F BK EIP",
"product_id": "CSAFPID-31008"
},
"product_reference": "CSAFPID-21008",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c= 1.30 installed on AXL F BK EIP EF",
"product_id": "CSAFPID-31009"
},
"product_reference": "CSAFPID-21008",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c= 1.30 installed on AXL F BK EIP XC",
"product_id": "CSAFPID-31010"
},
"product_reference": "CSAFPID-21008",
"relates_to_product_reference": "CSAFPID-11010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c= 1.13 installed on IL PN BK-PAC",
"product_id": "CSAFPID-31011"
},
"product_reference": "CSAFPID-21011",
"relates_to_product_reference": "CSAFPID-11011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c= 1.00 installed on IL ETH BK-PAC",
"product_id": "CSAFPID-31012"
},
"product_reference": "CSAFPID-21012",
"relates_to_product_reference": "CSAFPID-11012"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c= 1.42 installed on IL ETH BK DI8 DO4 2TX-PAC",
"product_id": "CSAFPID-31013"
},
"product_reference": "CSAFPID-21013",
"relates_to_product_reference": "CSAFPID-11013"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c= 1.12 installed on IL EIP BK DI8 DO4 2TX-PAC",
"product_id": "CSAFPID-31014"
},
"product_reference": "CSAFPID-21014",
"relates_to_product_reference": "CSAFPID-11014"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2.00 installed on AXL F BK PN TPS (available Q4/2025)",
"product_id": "CSAFPID-32001"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2.00 installed on AXL F BK PN TPS XC (available Q4/2025)",
"product_id": "CSAFPID-32002"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.32 installed on AXL F BK ETH",
"product_id": "CSAFPID-32006"
},
"product_reference": "CSAFPID-22006",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.32 installed on AXL F BK ETH XC",
"product_id": "CSAFPID-32007"
},
"product_reference": "CSAFPID-22006",
"relates_to_product_reference": "CSAFPID-11007"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-2813",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "summary",
"text": "An unauthenticated remote attacker can cause a Denial of Service by sending a large number of requests to the http service on port 80.",
"title": "Summary"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32006",
"CSAFPID-32007"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014"
]
},
"release_date": "2025-05-13T11:00:00.000Z",
"remediations": [
{
"category": "mitigation",
"details": "This product was designed for use in closed industrial networks. Phoenix Contact strongly recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our [application note](https://dam-mdc.phoenixcontact.com/asset/156443151564/0a870ae433c19148b80bd760f3a1c1f2/107913_en_03.pdf). \n\nIf the use of scanners is mandatory for network security in closed production networks, it is recommended to exclude or disable denial of service tests that target port 80. Most network scanners offer options to individually disable certain tests or to apply exclusions by clustering device types and test categorization functions.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Affected bus couplers are designed and developed for the use in closed industrial networks. Phoenix Contact therefore strongly recommends using the devices exclusively in closed networks and protected by a suitable firewall.\n\nTo further improve security, fixed firmware versions are available for the items listed in the \"Fixed\" section. A fix for products marked as \"discontinued\" is not planned. All other listed products will receive a bugfix at the next revision.",
"group_ids": [
"CSAFGID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014"
]
}
],
"title": "CVE-2025-2813"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…