CVE-2025-41705 is a vulnerability categorized under CWE-523 (Unprotected Transport of Credentials) affecting the Phoenix Contact QUINT4-UPS/24DC/24DC/5/EIP device. The issue arises because the device transmits login credentials for its web frontend over websocket connections without adequate encryption or protection. This allows an unauthenticated remote attacker positioned as a man-in-the-middle (MITM) on the network path to intercept and capture these credentials. The vulnerability requires the attacker to have network access to the communication channel and some user interaction (UI:R), but no prior authentication is necessary (PR:N). The CVSS v3.1 base score is 6.8, reflecting a medium severity due to high impact on confidentiality and integrity (C:H/I:H/A:N) but mitigated by the attack complexity and requirement for user interaction. The vulnerability does not impact availability. No patches or known exploits are currently available, indicating that the vulnerability is newly disclosed and may not yet be widely exploited. The affected product is used primarily in industrial and critical infrastructure settings, where secure authentication and communication are essential. The lack of encrypted transport for credentials exposes these environments to credential theft, potentially leading to unauthorized access and further compromise of industrial control systems or power backup infrastructure.

For European organizations, especially those in industrial automation, manufacturing, energy, and critical infrastructure sectors, this vulnerability poses a significant risk. Compromise of login credentials can lead to unauthorized access to UPS management interfaces, allowing attackers to manipulate power backup systems, disrupt operations, or pivot to other network segments. This can result in operational downtime, safety hazards, and potential cascading failures in critical systems. The confidentiality and integrity of credentials are directly impacted, increasing the risk of further intrusions. Given the importance of Phoenix Contact products in European industrial environments, exploitation could affect operational continuity and safety compliance. The medium severity rating suggests that while the vulnerability is serious, exploitation requires specific conditions such as network access and user interaction, which may limit widespread impact but still warrants urgent mitigation.

1. Immediately implement network-level encryption for all websocket communications, ideally by enabling TLS (wss://) to protect credentials in transit. 2. Segment industrial control and UPS management networks from general IT and external networks to reduce exposure to MITM attacks. 3. Deploy network monitoring and intrusion detection systems to identify unusual websocket traffic or MITM attack indicators. 4. Enforce strict access controls and multi-factor authentication on the web frontend to reduce the impact of credential compromise. 5. Regularly audit and update device firmware and configurations to incorporate security best practices as vendor patches become available. 6. Educate users on the risks of interacting with unsecured network environments and encourage secure remote access methods such as VPNs. 7. Collaborate with Phoenix Contact for updates or patches and apply them promptly once released.