CVE-2025-41704 is a vulnerability categorized under CWE-770, which involves the allocation of resources without limits or throttling, leading to potential denial-of-service (DoS) conditions. The affected product is the Phoenix Contact QUINT4-UPS/24DC/24DC/5/EIP, an uninterruptible power supply (UPS) device commonly used in industrial environments. The vulnerability allows an unauthenticated remote attacker to send a crafted Modbus request containing a specific function and sub-function code that triggers excessive resource consumption in the Modbus service component of the device. This results in a DoS condition that disrupts Modbus communications, although the device’s core UPS functionality remains unaffected. The attack vector is network-based (AV:N), requires no privileges (PR:N), and no user interaction (UI:N), making exploitation relatively straightforward if the device is exposed. The CVSS v3.1 base score is 5.3, reflecting a medium severity due to the limited impact on core device operations and lack of confidentiality or integrity compromise. The vulnerability was reserved in April 2025 and published in October 2025, with no known exploits or patches available at this time. The lack of throttling or resource limits in handling Modbus requests indicates a design weakness that could be exploited to degrade service availability. Given the device’s role in critical infrastructure, disruption of Modbus communications could impact monitoring and control systems dependent on this protocol.

For European organizations, particularly those in industrial automation, manufacturing, energy, and critical infrastructure sectors, this vulnerability poses a risk of operational disruption. The Modbus protocol is widely used for communication between control devices and supervisory systems; thus, a DoS on the Modbus service can hinder real-time monitoring and control processes. Although the core UPS functionality remains intact, loss of Modbus communication may delay fault detection, status reporting, and automated responses, potentially leading to safety risks or production downtime. Organizations relying on Phoenix Contact QUINT4-UPS devices for power management in industrial control systems could experience degraded system reliability and increased maintenance overhead. The medium severity suggests that while the threat is not catastrophic, it could be leveraged as part of a broader attack chain or during periods of heightened operational sensitivity. The absence of authentication requirements increases the attack surface, especially if devices are accessible from less secure network segments or exposed to the internet. This vulnerability could also be exploited in targeted attacks against critical infrastructure, amplifying its impact in the European context where industrial automation is prevalent.

1. Network Segmentation: Isolate Phoenix Contact QUINT4-UPS devices and their Modbus communication channels within dedicated, secure network segments inaccessible from general enterprise or internet-facing networks. 2. Access Controls: Implement strict firewall rules and access control lists (ACLs) to restrict Modbus traffic only to authorized management and monitoring systems. 3. Monitoring and Anomaly Detection: Deploy network monitoring tools capable of inspecting Modbus traffic to detect unusual function or sub-function codes and rate-limit excessive requests indicative of an attack. 4. Device Hardening: Disable unused services and interfaces on the UPS devices to reduce exposure. 5. Vendor Coordination: Engage with Phoenix Contact for updates or patches addressing this vulnerability and apply them promptly once available. 6. Incident Response Preparedness: Develop and test response plans for Modbus service disruptions to minimize operational impact. 7. Physical Security: Ensure physical access to devices is controlled to prevent local exploitation or configuration changes. 8. Network Access Authentication: Where possible, implement VPNs or secure tunnels for remote management to add authentication layers, mitigating unauthenticated access risks.