Description
A stack-based buffer overflow vulnerability in the device's file transfer parameter workflow allows a high-privileged attacker to send oversized POST parameters, causing memory corruption in an internal process, resulting in a DoS attack.
Published: 2026-03-18
Score: 4.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch
AI Analysis

Impact

Key detail from the advisory: "A stack-based buffer overflow vulnerability in the device's file transfer parameter workflow allows a high-privileged attacker to send oversized POST parameters, causing memory corruption in an internal process, resulting in a DoS attack." The flaw occurs when the device processes oversized HTTP POST parameters linked to file transfer. The resulting uncontrolled write to the stack corrupts memory, causing the internal process to crash. The practical consequence is that the device becomes unresponsive, interrupting any industrial control functions that depend on continuous availability of that unit.

Affected Systems

The vulnerability affects a broad portfolio of Phoenix Contact devices, including the FL NAT 2008, FL NAT 2208, FL NAT 2304-2GC-2SFP, and numerous models in the FL SWITCH series (e.g., FL SWITCH 2005, 2008, 2008F, 2016, 2105, 2108, 2116, 2204-2TC-2SFX, 2205, 2206-2FX, 2206-2FX SM, 2206-2FX SM ST, 2206-2FX ST, 2206-2SFX, 2206-2SFX PN, 2206C-2FX, 2207-FX, 2207-FX SM, 2208, 2208 PN, 2208C, 2212-2TC-2SFX, 2214-2FX, 2214-2FX SM, 2214-2SFX, 2214-2SFX PN, 2216, 2216 PN, 2303-8SP1, 2304-2GC-2SFP, 2306-2SFP, 2306-2SFP PN, 2308, 2308 PN, 2312-2GC-2SFP, 2314-2SFP, 2314-2SFP PN, 2316, 2316 PN, 2316/K1, 2404-2TC-2SFX, 2406-2SFX, 2406-2SFX PN, 2408, 2408 PN, 2412-2TC-2SFX, 2414-2SFX, 2414-2SFX PN, 2416, 2416 PN, 2504-2GC-2SFP, 2506-2SFP, 2506-2SFP PN, 2506-2SFP/K1, 2508, 2508 PN, 2508/K1, 2512-2GC-2SFP, 2514-2SFP, 2514-2SFP PN, 2516, 2516 PN, 2608, 2608 PN, 2708, 2708 PN, 5916-8GC-4SFP+, 5916SFP-8GC-4SFP+, 5924-4GC, 5924-4SFP+, 5924SFP-4GC, TSN 2312-2GC-2SFP, TSN 2314-2SFP, TSN 2316. No specific firmware version numbers are provided in the advisory.

Risk and Exploitability

The CVSS score is 4.9, which is moderate severity. EPSS data is not available, and the vulnerability is not listed in CISA’s KEV catalog. Attackers require high-privileged access to the device’s HTTP-based file transfer interface to submit oversized POST requests. Successful exploitation results in a crash of the internal process, leading to a denial‑of‑service condition that disrupts continuous operation of the device. The environment is likely a constrained industrial network; however, if the device is reachable from untrusted networks, the risk increases.

Generated by OpenCVE AI on March 18, 2026 at 08:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the advisory at https://certvde.com/de/advisories/VDE-2025-104 for the latest vendor guidance.
  • Contact Phoenix Contact or visit their website to obtain any firmware or patch updates that fix the stack-based buffer overflow.
  • If a patch has not yet been released, disable or block the HTTP file‑transfer functionality that handles POST requests on the device to prevent exploitation.
  • Implement network segmentation or firewall rules to restrict access to the device’s management interface from untrusted networks.
  • Monitor the device for frequent restarts or other indicators of a denial‑of‑service attack and take remediation steps promptly if the issue reappears.

Generated by OpenCVE AI on March 18, 2026 at 08:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 18 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 18 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Phoenixcontact
Phoenixcontact fl Nat 2008
Phoenixcontact fl Nat 2208
Phoenixcontact fl Nat 2304-2gc-2sfp
Phoenixcontact fl Switch 2005
Phoenixcontact fl Switch 2008
Phoenixcontact fl Switch 2008f
Phoenixcontact fl Switch 2016
Phoenixcontact fl Switch 2105
Phoenixcontact fl Switch 2108
Phoenixcontact fl Switch 2116
Phoenixcontact fl Switch 2204-2tc-2sfx
Phoenixcontact fl Switch 2205
Phoenixcontact fl Switch 2206-2fx
Phoenixcontact fl Switch 2206-2fx Sm
Phoenixcontact fl Switch 2206-2fx Sm St
Phoenixcontact fl Switch 2206-2fx St
Phoenixcontact fl Switch 2206-2sfx
Phoenixcontact fl Switch 2206-2sfx Pn
Phoenixcontact fl Switch 2206c-2fx
Phoenixcontact fl Switch 2207-fx
Phoenixcontact fl Switch 2207-fx Sm
Phoenixcontact fl Switch 2208
Phoenixcontact fl Switch 2208 Pn
Phoenixcontact fl Switch 2208c
Phoenixcontact fl Switch 2212-2tc-2sfx
Phoenixcontact fl Switch 2214-2fx
Phoenixcontact fl Switch 2214-2fx Sm
Phoenixcontact fl Switch 2214-2sfx
Phoenixcontact fl Switch 2214-2sfx Pn
Phoenixcontact fl Switch 2216
Phoenixcontact fl Switch 2216 Pn
Phoenixcontact fl Switch 2303-8sp1
Phoenixcontact fl Switch 2304-2gc-2sfp
Phoenixcontact fl Switch 2306-2sfp
Phoenixcontact fl Switch 2306-2sfp Pn
Phoenixcontact fl Switch 2308
Phoenixcontact fl Switch 2308 Pn
Phoenixcontact fl Switch 2312-2gc-2sfp
Phoenixcontact fl Switch 2314-2sfp
Phoenixcontact fl Switch 2314-2sfp Pn
Phoenixcontact fl Switch 2316
Phoenixcontact fl Switch 2316/k1
Phoenixcontact fl Switch 2316 Pn
Phoenixcontact fl Switch 2404-2tc-2sfx
Phoenixcontact fl Switch 2406-2sfx
Phoenixcontact fl Switch 2406-2sfx Pn
Phoenixcontact fl Switch 2408
Phoenixcontact fl Switch 2408 Pn
Phoenixcontact fl Switch 2412-2tc-2sfx
Phoenixcontact fl Switch 2414-2sfx
Phoenixcontact fl Switch 2414-2sfx Pn
Phoenixcontact fl Switch 2416
Phoenixcontact fl Switch 2416 Pn
Phoenixcontact fl Switch 2504-2gc-2sfp
Phoenixcontact fl Switch 2506-2sfp
Phoenixcontact fl Switch 2506-2sfp/k1
Phoenixcontact fl Switch 2506-2sfp Pn
Phoenixcontact fl Switch 2508
Phoenixcontact fl Switch 2508/k1
Phoenixcontact fl Switch 2508 Pn
Phoenixcontact fl Switch 2512-2gc-2sfp
Phoenixcontact fl Switch 2514-2sfp
Phoenixcontact fl Switch 2514-2sfp Pn
Phoenixcontact fl Switch 2516
Phoenixcontact fl Switch 2516 Pn
Phoenixcontact fl Switch 2608
Phoenixcontact fl Switch 2608 Pn
Phoenixcontact fl Switch 2708
Phoenixcontact fl Switch 2708 Pn
Phoenixcontact fl Switch 5916-8gc-4sfp+
Phoenixcontact fl Switch 5916sfp-8gc-4sfp+
Phoenixcontact fl Switch 5924-4gc
Phoenixcontact fl Switch 5924-4sfp+
Phoenixcontact fl Switch 5924sfp-4gc
Phoenixcontact fl Switch Tsn 2312-2gc-2sfp
Phoenixcontact fl Switch Tsn 2314-2sfp
Phoenixcontact fl Switch Tsn 2316
Vendors & Products Phoenixcontact
Phoenixcontact fl Nat 2008
Phoenixcontact fl Nat 2208
Phoenixcontact fl Nat 2304-2gc-2sfp
Phoenixcontact fl Switch 2005
Phoenixcontact fl Switch 2008
Phoenixcontact fl Switch 2008f
Phoenixcontact fl Switch 2016
Phoenixcontact fl Switch 2105
Phoenixcontact fl Switch 2108
Phoenixcontact fl Switch 2116
Phoenixcontact fl Switch 2204-2tc-2sfx
Phoenixcontact fl Switch 2205
Phoenixcontact fl Switch 2206-2fx
Phoenixcontact fl Switch 2206-2fx Sm
Phoenixcontact fl Switch 2206-2fx Sm St
Phoenixcontact fl Switch 2206-2fx St
Phoenixcontact fl Switch 2206-2sfx
Phoenixcontact fl Switch 2206-2sfx Pn
Phoenixcontact fl Switch 2206c-2fx
Phoenixcontact fl Switch 2207-fx
Phoenixcontact fl Switch 2207-fx Sm
Phoenixcontact fl Switch 2208
Phoenixcontact fl Switch 2208 Pn
Phoenixcontact fl Switch 2208c
Phoenixcontact fl Switch 2212-2tc-2sfx
Phoenixcontact fl Switch 2214-2fx
Phoenixcontact fl Switch 2214-2fx Sm
Phoenixcontact fl Switch 2214-2sfx
Phoenixcontact fl Switch 2214-2sfx Pn
Phoenixcontact fl Switch 2216
Phoenixcontact fl Switch 2216 Pn
Phoenixcontact fl Switch 2303-8sp1
Phoenixcontact fl Switch 2304-2gc-2sfp
Phoenixcontact fl Switch 2306-2sfp
Phoenixcontact fl Switch 2306-2sfp Pn
Phoenixcontact fl Switch 2308
Phoenixcontact fl Switch 2308 Pn
Phoenixcontact fl Switch 2312-2gc-2sfp
Phoenixcontact fl Switch 2314-2sfp
Phoenixcontact fl Switch 2314-2sfp Pn
Phoenixcontact fl Switch 2316
Phoenixcontact fl Switch 2316/k1
Phoenixcontact fl Switch 2316 Pn
Phoenixcontact fl Switch 2404-2tc-2sfx
Phoenixcontact fl Switch 2406-2sfx
Phoenixcontact fl Switch 2406-2sfx Pn
Phoenixcontact fl Switch 2408
Phoenixcontact fl Switch 2408 Pn
Phoenixcontact fl Switch 2412-2tc-2sfx
Phoenixcontact fl Switch 2414-2sfx
Phoenixcontact fl Switch 2414-2sfx Pn
Phoenixcontact fl Switch 2416
Phoenixcontact fl Switch 2416 Pn
Phoenixcontact fl Switch 2504-2gc-2sfp
Phoenixcontact fl Switch 2506-2sfp
Phoenixcontact fl Switch 2506-2sfp/k1
Phoenixcontact fl Switch 2506-2sfp Pn
Phoenixcontact fl Switch 2508
Phoenixcontact fl Switch 2508/k1
Phoenixcontact fl Switch 2508 Pn
Phoenixcontact fl Switch 2512-2gc-2sfp
Phoenixcontact fl Switch 2514-2sfp
Phoenixcontact fl Switch 2514-2sfp Pn
Phoenixcontact fl Switch 2516
Phoenixcontact fl Switch 2516 Pn
Phoenixcontact fl Switch 2608
Phoenixcontact fl Switch 2608 Pn
Phoenixcontact fl Switch 2708
Phoenixcontact fl Switch 2708 Pn
Phoenixcontact fl Switch 5916-8gc-4sfp+
Phoenixcontact fl Switch 5916sfp-8gc-4sfp+
Phoenixcontact fl Switch 5924-4gc
Phoenixcontact fl Switch 5924-4sfp+
Phoenixcontact fl Switch 5924sfp-4gc
Phoenixcontact fl Switch Tsn 2312-2gc-2sfp
Phoenixcontact fl Switch Tsn 2314-2sfp
Phoenixcontact fl Switch Tsn 2316

Wed, 18 Mar 2026 07:45:00 +0000

Type Values Removed Values Added
Description A stack-based buffer overflow vulnerability in the device's file transfer parameter workflow allows a high-privileged attacker to send oversized POST parameters, causing memory corruption in an internal process, resulting in a DoS attack.
Title Stack-Based Buffer Overflow in File Transfer Parameter Handling
Weaknesses CWE-121
References
Metrics cvssV3_1

{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Phoenixcontact Fl Nat 2008 Fl Nat 2208 Fl Nat 2304-2gc-2sfp Fl Switch 2005 Fl Switch 2008 Fl Switch 2008f Fl Switch 2016 Fl Switch 2105 Fl Switch 2108 Fl Switch 2116 Fl Switch 2204-2tc-2sfx Fl Switch 2205 Fl Switch 2206-2fx Fl Switch 2206-2fx Sm Fl Switch 2206-2fx Sm St Fl Switch 2206-2fx St Fl Switch 2206-2sfx Fl Switch 2206-2sfx Pn Fl Switch 2206c-2fx Fl Switch 2207-fx Fl Switch 2207-fx Sm Fl Switch 2208 Fl Switch 2208 Pn Fl Switch 2208c Fl Switch 2212-2tc-2sfx Fl Switch 2214-2fx Fl Switch 2214-2fx Sm Fl Switch 2214-2sfx Fl Switch 2214-2sfx Pn Fl Switch 2216 Fl Switch 2216 Pn Fl Switch 2303-8sp1 Fl Switch 2304-2gc-2sfp Fl Switch 2306-2sfp Fl Switch 2306-2sfp Pn Fl Switch 2308 Fl Switch 2308 Pn Fl Switch 2312-2gc-2sfp Fl Switch 2314-2sfp Fl Switch 2314-2sfp Pn Fl Switch 2316 Fl Switch 2316/k1 Fl Switch 2316 Pn Fl Switch 2404-2tc-2sfx Fl Switch 2406-2sfx Fl Switch 2406-2sfx Pn Fl Switch 2408 Fl Switch 2408 Pn Fl Switch 2412-2tc-2sfx Fl Switch 2414-2sfx Fl Switch 2414-2sfx Pn Fl Switch 2416 Fl Switch 2416 Pn Fl Switch 2504-2gc-2sfp Fl Switch 2506-2sfp Fl Switch 2506-2sfp/k1 Fl Switch 2506-2sfp Pn Fl Switch 2508 Fl Switch 2508/k1 Fl Switch 2508 Pn Fl Switch 2512-2gc-2sfp Fl Switch 2514-2sfp Fl Switch 2514-2sfp Pn Fl Switch 2516 Fl Switch 2516 Pn Fl Switch 2608 Fl Switch 2608 Pn Fl Switch 2708 Fl Switch 2708 Pn Fl Switch 5916-8gc-4sfp+ Fl Switch 5916sfp-8gc-4sfp+ Fl Switch 5924-4gc Fl Switch 5924-4sfp+ Fl Switch 5924sfp-4gc Fl Switch Tsn 2312-2gc-2sfp Fl Switch Tsn 2314-2sfp Fl Switch Tsn 2316
cve-icon MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published:

Updated: 2026-03-18T13:57:31.902Z

Reserved: 2026-01-07T11:49:15.178Z

Link: CVE-2026-22318

cve-icon Vulnrichment

Updated: 2026-03-18T13:40:26.062Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-18T08:16:28.060

Modified: 2026-03-18T14:52:44.227

Link: CVE-2026-22318

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-24T10:59:11Z

Weaknesses