PHOENIX CONTACT: Path Traversal in Library of PLCnext Technology Toolchain and FL Network Manager
Act Now9.8VDE-2022-007Mar 22, 2022
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
A path traversal vulnerability exists in SharpZipLib, a TAR/ZIP extraction library used by Phoenix Contact's PLCnext Technology toolchain and FL Network Manager. Versions prior to SharpZipLib 1.3.3 allow crafted TAR or ZIP files with directory traversal sequences (../evil.txt) to extract files outside their intended directory. This enables arbitrary file write on the host system, potentially leading to code execution. PLCnext Technology toolchain for Windows versions prior to 2022.0 LTS and FL Network Manager versions prior to 6.0.1 are affected.
What this means
What could happen
An attacker could write arbitrary files to a Windows system running the affected toolchain or FL Network Manager by crafting a malicious TAR/ZIP file, potentially allowing code execution on the engineering workstation or device managing your PLC network.
Who's at risk
Manufacturing facilities and utilities using PLCnext Technology toolchain on Windows engineering workstations or FL Network Manager to manage Phoenix Contact PLC networks and devices. Any operator or engineer who imports device snapshots, configuration files, or software archives from external sources is at risk.
How it could be exploited
An attacker crafts a TAR or ZIP file with path traversal entries (e.g., ../evil.txt) and tricks a user into extracting it via the PLCnext toolchain or FL Network Manager. The vulnerable SharpZipLib library extracts files outside the intended directory, allowing arbitrary file write. If the attacker writes to a system directory or executable path, code execution can follow.
Prerequisites
- User must extract or import a malicious TAR/ZIP file via PLCnext Technology toolchain or FL Network Manager
- Affected version of toolchain or FL Network Manager must be installed on the system
- No authentication required; exploitation occurs during normal file extraction operation
remotely exploitableno authentication requiredlow complexityarbitrary file write leading to code execution on engineering workstationaffects PLC configuration and control systems
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
FL Network Manager <=6.0≤ 6.06.0.1
PLCnext Technology tool chain for Windows <2022.0 LTS<2022.0 LTS2022.0 LTS
Remediation & Mitigation
0/4
Do now
0/2WORKAROUNDOnly import Device Snapshots and TAR/ZIP files from trusted, verified sources
HARDENINGRestrict file import and extraction operations to trusted engineering personnel only
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
HOTFIXUpdate PLCnext Technology toolchain for Windows to version 2022.0 LTS or later
HOTFIXUpdate FL Network Manager to version 6.0.1 or later
CVEs (2)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/f9ceba12-595f-464c-a1a5-214f63a8d868