CVE-2025-41670

HIGH

Phoenix Contact AXC F 1152 - Untrusted Search Path

Title source: rule

Description

A local user with low privileges may be able to influence the behavior of a privileged system service by manipulating configuration or application-related files located in user-writable areas of the filesystem. The affected service processes data from locations that are not sufficiently protected against modification by low-privileged users. As the service runs with elevated privileges, successful exploitation may result in a local privilege escalation.

References (1)

Core 1

Core References

https://www.certvde.com/en/advisories/VDE-2026-050/

Scores

CVSS v3 7.8

EPSS 0.0019

EPSS Percentile 8.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-427

Status published

Products (14)

Phoenix Contact/AXC F 1152 0.0.0 - 2026.0.3

Phoenix Contact/AXC F 1252 0.0.0 - 2026.0.3

Phoenix Contact/AXC F 2000 EA 0.0.0 - 2026.0.3

Phoenix Contact/AXC F 2152 0.0.0 - 2026.0.3

Phoenix Contact/AXC F 3152 0.0.0 - 2026.0.3

Phoenix Contact/BPC 9102S 0.0.0 - 2026.0.3

Phoenix Contact/EPC 1522 0.0.0 - 2026.0.3

Phoenix Contact/RFC 4072R 0.0.0 - 2026.0.3

Phoenix Contact/RFC 4072S 0.0.0 - 2026.0.3

Phoenix Contact/VL3 UPC 2440 EDGE 0.0.0 - 2026.0.3

... and 4 more

Published May 27, 2026

Tracked Since May 27, 2026