Phoenix Contact: MULTIPROG Engineering tool and ProConOS eCLR SDK prone to CWE-732

Plan PatchCVSS 9.8VDE-2023-051Dec 12, 2023

Phoenix ContactManufacturing

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

ProConOS/ProConOS eCLR is a runtime SDK embedded in automation hardware and firmware by third-party vendors. Logic programs generated by the MULTIPROG engineering tool lack integrity and authenticity verification. An attacker can modify logic files on the engineering station or in transit, and load them into the controller without tamper detection. The malicious program can modify its own code to hide the attack. No patch is available; Phoenix Contact recommends network segmentation, VPNs, and secure handling of project data. Users must check with their specific device vendors for their implementations' resilience to this vector.

What this means

What could happen

An attacker with network access to an engineering workstation can modify PLC logic programs without detection, potentially altering process behavior, disabling safety functions, or causing unintended process changes without leaving traces of tampering.

Who's at risk

Manufacturers of automation control devices (PLCs, process controllers, distributed I/O systems) that embed Phoenix Contact's ProConOS/ProConOS eCLR runtime should be contacted to determine if they have published mitigation or if their implementation provides integrity checks. This affects any facility using such devices, particularly water treatment, power generation, chemical processing, and other critical infrastructure sectors.

How it could be exploited

An attacker modifies MULTIPROG logic files on an unprotected engineering station or intercepts them during transmission to the controller. The modified logic is loaded into the ProConOS/eCLR runtime without integrity verification. The malicious program can further modify its own code to hide changes from operators and engineers.

Prerequisites

Network access to engineering workstation running MULTIPROG or the controller
Ability to intercept or modify logic files during transmission or at rest
Access to project data files (e.g., via email, file transfer, or local filesystem)

remotely exploitableno authentication requiredlow complexityno patch availableaffects safety systems

Exploitability

Unlikely to be exploited — EPSS score 0.8%

Affected products (2)

2 EOL

ProductAffected VersionsFix Status

MULTIPROGAll versionsNo fix (EOL)

ProConOS eCLR (SDK)All versionsNo fix (EOL)

Remediation & Mitigation

0/6

Do now

0/5

MULTIPROG

HARDENINGIsolate all engineering stations using MULTIPROG on a dedicated network segment with firewall rules restricting access to only authorized personnel and approved controller devices

HARDENINGStore all MULTIPROG project files in protected environments (encrypted storage, access-controlled repositories) rather than email or shared drives

All products

HARDENINGRequire VPN connection for all remote access from engineering workstations to production controllers

HARDENINGEstablish a documented process requiring digital signature or cryptographic hash verification before loading any logic file into a controller; retain records of all modifications

WORKAROUNDCheck with your device manufacturer to determine if their specific ProConOS eCLR implementation includes integrity or authenticity protections for logic files

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGImplement network-level traffic inspection and logging on connections between engineering stations and controllers to detect unauthorized logic modifications

CVEs (1)

CVE-2023-0757

View full CERT@VDE advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/fdc86113-afb0-490c-8f59-4bdaabbf0579

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.