CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

ICS/OT

Vulnerabilities Allow Disruption of Phoenix Contact UPS Devices

An attacker can exploit the flaws to put devices into a permanent DoS condition that prevents remote restoration. The post Vulnerabilities Allow Disruption of Phoenix Contact UPS Devices appeared first on SecurityWeek.

Phoenix Contact this week announced patches for several vulnerabilities affecting its QUINT4 uninterruptible power supply (UPS) products. 

The vendor has fixed five vulnerabilities that can be exploited by remote, unauthenticated attackers for denial-of-service (DoS) attacks and to obtain login credentials. 

Four of the vulnerabilities, tracked as CVE-2025-41703, CVE-2025-41704, CVE-2025-41706 and CVE-2025-41707, can be exploited for DoS attacks. 

According to IT/OT cybersecurity firm CyberDanube, whose researchers reported the flaws to Phoenix Contact, an attacker can exploit these vulnerabilities to put devices in a permanent DoS condition, preventing remote recovery. 

CVE-2025-41703 is interesting as it allows an unauthenticated attacker to use a Modbus command to turn off the output of a UPS device.

CyberDanube told SecurityWeek that CVE-2025-41703 can be described as a ‘dangerous function exploitation’ that leads to a so-called ‘denial of power service’. 

Another flaw, CVE-2025-41705, has been described as a password information leakage issue that can allow an unauthenticated attacker in an MitM position to intercept Webfrontend passwords. 

According to Phoenix Contact’s advisory (direct PDF download), the vulnerabilities affect several QUINT4-UPS EtherNet/IP product models and they have been patched with the release of firmware version VC:07, except for CVE-2025-41703, which apparently cannot be addressed as it would disrupt legitimate functionality. 

As a mitigation, Phoenix Contact recommends using affected devices only in isolated industrial networks and protecting them with a firewall. 

These products are designed for use only in isolated environments and CyberDanube told SecurityWeek that it has not found any internet-exposed devices.

If an organization were to expose them to the internet, an attacker would be able to exploit the flaws directly over the web. However, in most cases the attacker would first need to gain access to the network housing the UPS devices before exploiting the vulnerabilities.

Learn More at SecurityWeek’s ICS Cybersecurity Conference
The leading global conference series for Operations, Control Systems and OT/IT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.
ICS Cybersecurity Conference
October 27-30, 2025 | Atlanta
www.icscybersecurityconference.com

Related: Fuji Electric HMI Configurator Flaws Expose Industrial Organizations to Hacking

Related: Many Attacks Aimed at EU Targeted OT, Says Cybersecurity Agency

Related: No Patches for Vulnerabilities Allowing Cognex Industrial Camera Hacking

Latest News

CYBERNEWSMEDIAPublisher