Phoenix Contact: Multiple vulnerabilities in PLCnext Control devices < 2021.0 LTS

Act Now9.8VDE-2020-049Dec 17, 2020

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Multiple vulnerabilities in PLCnext Control devices (AXC F 1152, AXC F 2152, AXC F 3152, RFC 4072S, and Starterkit variants) running firmware versions prior to 2021.0 LTS allow remote attackers to execute arbitrary code without authentication. The vulnerabilities stem from improper input validation (CWE-20), privilege escalation (CWE-269), and information disclosure (CWE-200). All affected devices are network-capable and reachable over Ethernet.

What this means

What could happen

An attacker could remotely execute code on PLCnext Control devices without authentication, potentially altering PLC logic, process setpoints, or stopping manufacturing operations entirely. All confidentiality, integrity, and availability of the control system are compromised.

Who's at risk

Manufacturing facilities operating PLCnext Control devices, including AXC F 1152, AXC F 2152, AXC F 3152, RFC 4072S, and Starterkit variants. Any factory, process automation line, or production equipment relying on these PLCs for logic control and safety sequencing is at risk if devices are network-accessible without firewall protection.

How it could be exploited

An attacker on the network connects directly to an affected PLCnext device (AXC F 1152, AXC F 2152, AXC F 3152, or RFC 4072S) on the default Ethernet port without any credentials and sends crafted input to trigger one of the underlying vulnerabilities (improper input validation, privilege escalation, cross-site scripting, or information disclosure). The attacker gains code execution on the PLC and can modify control logic or process parameters.

Prerequisites

Network access to the PLCnext device on Ethernet port 80 or 443 (web interface)
Device is not behind a firewall blocking inbound traffic
Device firmware is older than 2021.0 LTS

remotely exploitableno authentication requiredlow complexitycritical severity (CVSS 9.8)affects manufacturing control systemshigh impact on confidentiality, integrity, and availability

Affected products (6)

6 with fix

ProductAffected VersionsFix Status

AXC F 1152<2021.0 LTS2021.0 LTS

AXC F 2152<2021.0 LTS2021.0 LTS

AXC F 2152 Starterkit<2021.0 LTS2021.0 LTS

AXC F 3152<2021.0 LTS2021.0 LTS

PLCnext Technology Starterkit<2021.0 LTS2021.0 LTS

RFC 4072S<2021.0 LTS2021.0 LTS

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDRestrict network access to PLCnext devices using firewall rules—block inbound access to ports 80 and 443 from untrusted or external networks

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

RFC 4072S

HOTFIXUpdate all affected AXC F and RFC 4072S devices to firmware 2021.0 LTS or higher

Long-term hardening

0/1

HARDENINGIsolate PLCnext devices to a closed, dedicated control network segmented from corporate IT networks and the internet

CVEs (4)

CVE-2020-12519 CVE-2020-12521 CVE-2020-12517 CVE-2020-12518

View full CERT@VDE advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/12370771-6c42-4695-a299-d684704dc186