CVE-2025-41703 HIGH

CVE-2025-41703: Phoenix Contact: UPS Shutdown via Unauthenticated Modbus Command

Vendor Phoenix Contact
Product QUINT4-UPS/24DC/24DC/5/EIP
Weakness CWE-306 · Missing auth
Published October 14, 2025
Last update November 3, 2025

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

An unauthenticated remote attacker can cause a Denial of Service by turning off the output of the UPS via Modbus command.

Key dates

02Disclosure timeline

October 14, 2025 CVE published
November 3, 2025 Record updated

Related vulnerabilities

04Related CVE