Phoenix Contact: MULTIPROG Engineering tool and ProConOS eCLR SDK prone to CWE-732
Act Now9.8VDE-2023-051Dec 12, 2023
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
ProConOS/ProConOS eCLR is a runtime SDK embedded in automation hardware and firmware by third-party vendors. Logic programs generated by the MULTIPROG engineering tool lack integrity and authenticity verification. An attacker can modify logic files on the engineering station or in transit, and load them into the controller without tamper detection. The malicious program can modify its own code to hide the attack. No patch is available; Phoenix Contact recommends network segmentation, VPNs, and secure handling of project data. Users must check with their specific device vendors for their implementations' resilience to this vector.
What this means
What could happen
An attacker with network access to an engineering workstation can modify PLC logic programs without detection, potentially altering process behavior, disabling safety functions, or causing unintended process changes without leaving traces of tampering.
Who's at risk
Manufacturers of automation control devices (PLCs, process controllers, distributed I/O systems) that embed Phoenix Contact's ProConOS/ProConOS eCLR runtime should be contacted to determine if they have published mitigation or if their implementation provides integrity checks. This affects any facility using such devices, particularly water treatment, power generation, chemical processing, and other critical infrastructure sectors.
How it could be exploited
An attacker modifies MULTIPROG logic files on an unprotected engineering station or intercepts them during transmission to the controller. The modified logic is loaded into the ProConOS/eCLR runtime without integrity verification. The malicious program can further modify its own code to hide changes from operators and engineers.
Prerequisites
- Network access to engineering workstation running MULTIPROG or the controller
- Ability to intercept or modify logic files during transmission or at rest
- Access to project data files (e.g., via email, file transfer, or local filesystem)
remotely exploitableno authentication requiredlow complexityno patch availableaffects safety systems
Affected products (2)
2 EOL
ProductAffected VersionsFix Status
MULTIPROGAll versionsNo fix (EOL)
ProConOS eCLR (SDK)All versionsNo fix (EOL)
Remediation & Mitigation
0/6
Do now
0/5MULTIPROG
HARDENINGIsolate all engineering stations using MULTIPROG on a dedicated network segment with firewall rules restricting access to only authorized personnel and approved controller devices
HARDENINGStore all MULTIPROG project files in protected environments (encrypted storage, access-controlled repositories) rather than email or shared drives
All products
HARDENINGRequire VPN connection for all remote access from engineering workstations to production controllers
HARDENINGEstablish a documented process requiring digital signature or cryptographic hash verification before loading any logic file into a controller; retain records of all modifications
WORKAROUNDCheck with your device manufacturer to determine if their specific ProConOS eCLR implementation includes integrity or authenticity protections for logic files
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HARDENINGImplement network-level traffic inspection and logging on connections between engineering stations and controllers to detect unauthorized logic modifications
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/fdc86113-afb0-490c-8f59-4bdaabbf0579