A stack‑based buffer overflow exists in the device’s file installation workflow. An attacker with high privileges can send oversized POST parameters that exceed a fixed‑size stack buffer within an internal process, causing that process to crash and resulting in a denial‑of‑service condition. The weakness is identified as CWE‑121: Stack‑Based Buffer Overflow.

Phoenix Contact devices such as the FL NAT series (2008, 2208) and a broad range of FL SWITCH models (2005, 2008, 2016, 2105, 2108, 2116, 2204‑2TC‑2SFX, 2205, 2206‑2FX, 2206‑2FX SM, 2208, 2208 PN, 2208C, 2212‑2TC‑2SFX, 2214‑2FX, 2214‑2FX SM, 2214‑2SFX, 2214‑2SFX PN, 2216, 2216 PN, 2303‑8SP1, 2304‑2GC‑2SFP, 2306‑2SFP, 2306‑2SFP PN, 2308, 2308 PN, 2312‑2GC‑2SFP, 2314‑2SFP, 2314‑2SFP PN, 2316, 2316 PN, 2316/K1, 2404‑2TC‑2SFX, 2406‑2SFX, 2406‑2SFX PN, 2408, 2408 PN, 2412‑2TC‑2SFX, 2414‑2SFX, 2414‑2SFX PN, 2416, 2416 PN, 2504‑2GC‑2SFP, 2506‑2SFP, 2506‑2SFP PN, 2506‑2SFP/K1, 2508, 2508 PN, 2508/K1, 2512‑2GC‑2SFP, 2514‑2SFP, 2514‑2SFP PN, 2516, 2516 PN, 2608, 2608 PN, 2708, 2708 PN, 5916‑8GC‑4SFP+ and related TSN variants). Exact firmware or software versions are not listed; users should consult the vendor advisory at https://certvde.com/de/advisories/VDE-2025-104 to verify their specific model and firmware.

The CVSS Score of 4.9 indicates moderate severity. No EPSS score is available and the vulnerability is not listed in CISA’s KEV catalog. Exploitation requires a high‑privileged user to target the device’s POST interface, so the attack vector is likely local or privileged remote access. The impact is limited to service disruption rather than data compromise; however, repeated incidents could affect operational availability.