CVE-2025-41704 is a resource allocation vulnerability categorized under CWE-770, found in the Phoenix Contact QUINT4-UPS/24DC/24DC/5/EIP power supply units. The flaw allows an unauthenticated remote attacker to send a crafted Modbus function and sub-function code that triggers uncontrolled resource allocation or consumption within the Modbus service of the device. This results in a denial-of-service (DoS) condition that disrupts Modbus communications, which are commonly used for monitoring and controlling industrial equipment. Importantly, the core power supply functionality remains unaffected, but the loss of Modbus service can hinder supervisory control and data acquisition (SCADA) systems or other automation processes relying on Modbus data. The vulnerability does not require authentication or user interaction, making it easier to exploit remotely over the network. The affected product version is identified as VC:00, and no patches or exploits are currently publicly available. The CVSS 3.1 score of 5.3 reflects the network attack vector, low complexity, no privileges required, and no user interaction, with impact limited to availability of the Modbus service only. This vulnerability highlights the risk of insufficient resource management in industrial communication protocols, which can lead to service disruption even without compromising device core functions.

For European organizations, especially those operating critical infrastructure, manufacturing plants, or industrial automation relying on Phoenix Contact QUINT4-UPS/24DC/24DC/5/EIP devices, this vulnerability poses a risk of operational disruption. The denial-of-service on the Modbus service can prevent real-time monitoring, control commands, and data acquisition, potentially delaying fault detection and response. While the core power supply remains functional, loss of Modbus communication can degrade system visibility and control, increasing the risk of cascading failures or safety incidents. Organizations in sectors such as energy, utilities, transportation, and manufacturing that use these devices in their control networks could experience reduced operational efficiency and increased downtime. The unauthenticated nature of the attack increases the threat surface, especially for devices exposed to less secure network segments or lacking proper network segmentation. Although no known exploits exist yet, the vulnerability's medium severity and ease of exploitation warrant proactive mitigation to avoid potential future attacks.

1. Network Segmentation: Isolate devices running Phoenix Contact QUINT4-UPS/24DC/24DC/5/EIP from untrusted networks and restrict Modbus traffic to only authorized management systems. 2. Access Controls: Implement strict firewall rules and access control lists (ACLs) to limit incoming Modbus requests to trusted sources. 3. Monitoring and Anomaly Detection: Deploy network monitoring tools to detect unusual Modbus traffic patterns or repeated function/sub-function codes indicative of exploitation attempts. 4. Vendor Coordination: Engage with Phoenix Contact for firmware updates or patches addressing this vulnerability and apply them promptly once available. 5. Incident Response Preparedness: Develop and test response plans for Modbus service disruptions to minimize operational impact. 6. Disable Unused Services: If Modbus communication is not required on certain devices, disable the service to reduce attack surface. 7. Use of Intrusion Prevention Systems (IPS): Configure IPS to detect and block malformed or suspicious Modbus packets targeting this vulnerability. These measures go beyond generic advice by focusing on network-level controls, proactive detection, and vendor engagement specific to the affected product and protocol.