6.8

CVE-2025-41697

An attacker can use an undocumented UART port on the PCB as a side-channel    to get root access e.g. with the credentials obtained from CVE-2025-41692.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhoenixcontactFl Nat 2208 Firmware Version < 3.50
   PhoenixcontactFl Nat 2208 Version-
PhoenixcontactFl Nat 2008 Firmware Version < 3.50
   PhoenixcontactFl Nat 2008 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.03% 0.064
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
info@cert.vde.com 6.8 0.9 5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-1299 Missing Protection Mechanism for Alternate Hardware Interface

The lack of protections on alternate paths to access control-protected assets (such as unprotected shadow registers and other external facing unguarded interfaces) allows an attacker to bypass existing protections to the asset that are only performed against the primary path.