CNNVD-202510-2066 Information

CNNVD ID

CNNVD-202510-2066

Related CVE

CVE-2025-41707

• CNNVD Published: 2025-10-14

Description (Chinese)

Phoenix Contact QUINT4-UPS/24DC/24DC/10/EIP是德国菲尼克斯电气（Phoenix Contact）公司的一款工业级直流不间断电源模块。 Phoenix Contact QUINT4-UPS/24DC/24DC/10/EIP存在安全漏洞，该漏洞源于websocket处理程序存在拒绝服务漏洞，可能导致未经身份验证的远程攻击者通过特制websocket消息触发问题。

Description (English)

Phoenix Contact QUINT4-UPS/24DC/24DC/10/EIP is an industrial-level uninterruptible direct power supply module of Phoenix Contact, Germany. Phoenix Contact QUINT4-UPS/24DC/24DC/10/EIP has a security loophole, which stems from the existence of a denial service gap in the Websocket processing process, which may trigger problems with unidentified remote assailants using specially designed websocket messages.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

菲尼克斯电气

Published

2025-10-14

Last Modified

2026-02-24

References

https://certvde.com/de/advisories/VDE-2025-072

Patch

https://www.phoenixcontact.com/global-search/search?q=QUINT4-UPS%2F24DC%2F24DC%2F10%2FEIP&_locale=zh-CN&_realm=cn