CVE-2025-41717
HIGHPhoenix Contact TC ROUTER and CLOUD CLIENT - Unauthenticated Remote Code Execution via Config Upload
Title source: llmDescription
An unauthenticated remote attacker can trick a high privileged user into uploading a malicious payload via the config-upload endpoint, leading to code injection as root. This results in a total loss of confidentiality, availability and integrity due to improper control of code generation ('Code Injection’).
References (2)
Core 2
Core References
Various Sources
https://certvde.com/de/advisories/VDE-2025-073
Mailing List
http://seclists.org/fulldisclosure/2026/Feb/3
Scores
CVSS v3
8.8
EPSS
0.0050
EPSS Percentile
38.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-94
Status
published
Products (11)
Phoenix Contact/CLOUD CLIENT 1101T-TX/TX
0.0.0 - 3.07.7
Phoenix Contact/TC CLOUD CLIENT 1002-4G ATT
0.0.0 - 3.08.8
Phoenix Contact/TC CLOUD CLIENT 1002-TX/TX
0.0.0 - 3.07.7
Phoenix Contact/TC ROUTER 2002T-3G
0.0.0 - 3.08.8
Phoenix Contact/TC ROUTER 2002T-4G
0.0.0 - 3.08.8
Phoenix Contact/TC ROUTER 3002T-3G
0.0.0 - 3.08.8
Phoenix Contact/TC ROUTER 3002T-4G
0.0.0 - 3.08.8
Phoenix Contact/TC ROUTER 3002T-4G ATT
0.0.0 - 3.08.8
Phoenix Contact/TC ROUTER 3002T-4G GL
0.0.0 - 3.08.8
Phoenix Contact/TC ROUTER 3002T-4G VZW
0.0.0 - 3.08.8
... and 1 more
Published
Jan 13, 2026
Tracked Since
Feb 18, 2026