PHOENIX CONTACT: DoS for PLCnext Control devices in versions <2021.0.5 LTS
Plan Patch7.5VDE-2021-029Aug 4, 2021
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
A denial-of-service vulnerability exists in Phoenix Contact PLCnext Control devices. An attacker on the same network can send a specially crafted JSON request to the /auth/access-token endpoint, causing improper input validation (CWE-20) that crashes the device and forces an unplanned restart. Affected products include AXC F 1152, AXC F 2152, AXC F 2152 Starterkit, AXC F 3152, RFC 4072S, and PLCnext Technology Starterkit in all versions before 2021.0.5 LTS. The vulnerability has been updated to CVSS 9.1 reflecting its network-based exploitability and impact on device availability.
What this means
What could happen
An attacker on the same network can send a malformed JSON request to the controller's authentication endpoint, causing it to restart and halt process operations until manually restarted.
Who's at risk
Manufacturing facilities using Phoenix Contact PLCnext controllers (AXC F 1152, AXC F 2152, AXC F 3152, RFC 4072S, and their Starterkits) in versions before 2021.0.5 LTS should prioritize remediation. This affects any automated process, assembly line, or control application relying on these devices for continuous operation.
How it could be exploited
An attacker on the local network sends a specially crafted JSON request to the /auth/access-token endpoint of the PLCnext controller. The device fails to properly validate the request (CWE-20), processes it unsafely, and crashes, triggering an unplanned restart.
Prerequisites
- Network access to the controller's Ethernet port or shared network segment
- Knowledge of the /auth/access-token endpoint
remotely exploitableno authentication requiredlow complexityhigh CVSS score (7.5–9.1)affects critical process control
Affected products (6)
6 with fix
ProductAffected VersionsFix Status
AXC F 1152<2021.0.5 LTS2021.0.5 LTS
AXC F 2152<2021.0.5 LTS2021.0.5 LTS
AXC F 2152 Starterkit<2021.0.5 LTS2021.0.5 LTS
AXC F 3152<2021.0.5 LTS2021.0.5 LTS
PLCnext Technology Starterkit<2021.0.5 LTS2021.0.5 LTS
RFC 4072S<2021.0.5 LTS2021.0.5 LTS
Remediation & Mitigation
0/3
Do now
0/1WORKAROUNDRestrict network access to PLCnext controllers using a firewall; allow only engineering workstations and authorized control systems to communicate with the device
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
RFC 4072S
HOTFIXUpdate all affected AXC F and RFC 4072S devices to firmware version 2021.0.5 LTS or later
Long-term hardening
0/1HARDENINGDeploy controllers on a segregated OT network segment separate from general corporate IT networks
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/04433834-a87c-4315-b7b6-2309c77c8b38