VDE-2025-029 | CERT@VDE

2025-05-13 11:00 (CEST) VDE-2025-029

Phoenix Contact: Security Advisory for AXL F BK and IL BK bus couplers

Share: Email | Twitter

ID

VDE-2025-029

Published

2025-05-13 11:00 (CEST)

Last update

2025-05-13 12:01 (CEST)

Vendor(s)

PHOENIX CONTACT GmbH & Co. KG

Product(s)

Article No°	Product Name	Affected Version(s)
	Phoenix Contact AXL F BK EIP	<= 1.30
	Phoenix Contact AXL F BK EIP EF	<= 1.30
	Phoenix Contact AXL F BK EIP XC	<= 1.30
	Phoenix Contact AXL F BK ETH	<= 1.31
	Phoenix Contact AXL F BK ETH XC	<= 1.31
	Phoenix Contact AXL F BK PN (discontinued)	<= 1.06
	Phoenix Contact AXL F BK PN TPS	<= 1.33
	Phoenix Contact AXL F BK PN TPS XC	<= 1.33
	Phoenix Contact AXL F BK PN XC (discontinued)	<= 1.06
	Phoenix Contact AXL F BK SAS (discontinued)	<= 1.35
	Phoenix Contact IL EIP BK DI8 DO4 2TX-PAC	<= 1.12
	Phoenix Contact IL ETH BK DI8 DO4 2TX-PAC	<= 1.42
	Phoenix Contact IL ETH BK-PAC	<= 1.00
	Phoenix Contact IL PN BK-PAC	<= 1.13

Summary

A denial of service (DoS) attack targeting port 80 (http service) can overload the device (CWE-770). This behaviour has been observed when running network security scanners.

CVE ID

CVE-2025-2813

Last Update:

April 24, 2025, 4:46 p.m.

Severity

7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Weakness

Allocation of Resources Without Limits or Throttling (CWE-770)

Summary

An unauthenticated remote attacker can cause a Denial of Service by sending a large number of requests to the http service on port 80.

Details

certvde.com

Impact

A successful attack leads to an overload of the device and the hardware watchdog is triggered. Process data behaves according to the configured substitute value behavior.

The bus coupler requires a manual restart (resetting the power supply, pressing the reset button or executing the SNMP reset command) to reestablish communication within the Industrial Ethernet (e.g. PROFINET IO, Modbus/TCP, EtherNet/IP).

Solution

General Recommendations

For general information and recommendations on security measures to protect network-enabled devices, refer to the application note: Application Note Security.

Mitigation

Affected bus couplers are designed and developed for the use in closed industrial networks. Phoenix Contact therefore strongly recommends using the devices exclusively in closed networks and protected by a suitable firewall.

If the use of scanners is mandatory for network security in closed production networks, it is recommended to exclude or disable denial of service tests that target port 80. Most network scanners offer options to individually disable certain tests or to apply exclusions by clustering device types and test categorization functions.

Remediation

To further improve security, fixed firmware versions are available for the items listed in the "Fixed" section. A fix for products marked as "discontinued" is not planned. All other listed products will receive a bugfix at the next revision.

Fixed:

Firmware 2.00 installed on AXL F BK PN TPS (available Q4/2025)
Firmware 2.00 installed on AXL F BK PN TPS XC (available Q4/2025)
Firmware 1.32 installed on AXL F BK ETH
Firmware 1.32 installed on AXL F BK ETH XC

Reported by

CERT@VDE coordinated with Phoenix Contact GmbH & Co. KG