Phoenix Contact Quint4-Ups 24Dc 24Dc 20 Eip vulnerabilities

CVE-2025-41703 [HIGH] CWE-306 CVE-2025-41703: An unauthenticated remote attacker can cause a Denial of Service by turning off the output of the UP An unauthenticated remote attacker can cause a Denial of Service by turning off the output of the UPS via Modbus command.

CVE-2025-41704 [MEDIUM] CWE-770 CVE-2025-41704: An unauthanticated remote attacker can perform a DoS of the Modbus service by sending a specific fun An unauthanticated remote attacker can perform a DoS of the Modbus service by sending a specific function and sub-function code without affecting the core functionality.

CVE-2025-41707 [MEDIUM] CWE-120 CVE-2025-41707: The websocket handler is vulnerable to a denial of service condition. An unauthenticated remote atta The websocket handler is vulnerable to a denial of service condition. An unauthenticated remote attacker can send a crafted websocket message to trigger the issue without affecting the core functionality.

CVE-2025-41706 [MEDIUM] CWE-120 CVE-2025-41706: The webserver is vulnerable to a denial of service condition. An unauthenticated remote attacker can The webserver is vulnerable to a denial of service condition. An unauthenticated remote attacker can craft a special GET request with an over-long content-length to trigger the issue without affecting the core functionality.

CVE-2025-41705 [MEDIUM] CWE-523 CVE-2025-41705: An unauthenticated remote attacker (MITM) can intercept the websocket messages to gain access to the An unauthenticated remote attacker (MITM) can intercept the websocket messages to gain access to the login credentials for the Webfrontend.