A stack‑based buffer overflow occurs in the CLI’s TFTP file‑transfer command handling. The vulnerability is triggered when an attacker supplies an unexpected or oversized filename while connected via Telnet or SSH, as described in the CVE description. The overflow corrupts the internal buffer, resulting in the CLI and web dashboard becoming unavailable. This leads to a denial of service for administrators and users. The weakness is classified as CWE‑121, a classic stack buffer overflow that can be abused to corrupt memory and disrupt system operation.

Affected systems are a large range of Phoenix Contact devices, including the FL NAT series (2008, 2208, 2304‑2GC‑2SFP) and numerous FL SWITCH models (2005, 2008, 2008F, 2016, 2105, 2108, 2116, 2204‑2TC‑2SFX, 2205, 2206 variants, 2208, 2212‑2TC‑2SFX, 2214‑2FX through 2216, 2303‑8SP1, 2304‑2GC‑2SFP, 2306‑2SFP, 2308, 2312‑2GC‑2SFP, 2314‑2SFP, 2316, 2316/K1, 2404‑2TC‑2SFX, 2406‑2SFX, 2408, 2412‑2TC‑2SFX, 2414‑2SFX, 2416, 2504‑2GC‑2SFP, 2506‑2SFP, 2508, 2512‑2GC‑2SFP, 2514‑2SFP, 2516, 2608, 2708, 5916‑8GC‑4SFP+, 5924‑4GC, 5924‑4SFP+, 5924SFP‑4GC, TSN 2312‑2GC‑2SFP, TSN 2314‑2SFP, TSN 2316). No specific firmware or software version is provided in the CNA data.

The CVSS v3 score is 6.5, indicating moderate severity. EPSS is not available and the vulnerability is not listed in the CISA KEV catalog, suggesting it is not known to have active exploitation yet. The attack requires Telnet or SSH access and a low‑privileged user, meaning the attacker must breach the network or gain legitimate login credentials. While exploitation does not provide remote code execution, the resulting denial of service can disrupt operational processes and network visibility.