Phoenix Contact: ProConOS prone to Download of Code Without Integrity Check
Monitor7.5VDE-2023-054Dec 12, 2023
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
ProConOS and ProConOS eCLR are controller runtime systems used in industrial automation devices. The application runtime (logic, configurations) lacks integrity and authenticity checks. The CRC validation that warns users of mismatches between engineering tool versions and PLC code can be manipulated. An attacker with network access could modify PLC logic or configuration without detection. No vendor patch is available; remediation requires network segregation, encryption, and access controls.
What this means
What could happen
An attacker with network access to an engineering workstation or PLC running ProConOS could modify the PLC logic or configuration without detection, potentially altering process setpoints, disabling safety interlocks, or stopping operations entirely.
Who's at risk
Manufacturing facilities using Phoenix Contact MULTIPROG engineering tool or any automation device built on ProConOS/ProConOS eCLR runtime (such as industrial controllers, PLCs, and distributed I/O modules embedded by equipment vendors). Any plant where these systems manage critical processes is at risk.
How it could be exploited
An attacker with access to the network where the MULTIPROG engineering tool or ProConOS controller resides could intercept and modify application files (logic, configuration) during transmission or at rest. The absence of integrity checks means the modified code would load and execute on the PLC without warning, even though a CRC check exists, it can be manipulated by the attacker.
Prerequisites
- Network access to MULTIPROG engineering workstation or ProConOS controller
- Ability to intercept or modify files in transit or on disk (requires network positioning or local access to unencrypted storage)
- Knowledge of the application structure being targeted
remotely exploitableno authentication requiredno patch availableaffects safety systems (if logic controls interlocks or setpoints)
Affected products (2)
2 EOL
ProductAffected VersionsFix Status
MULTIPROGAll versionsNo fix (EOL)
ProConOS eCLR (SDK)All versionsNo fix (EOL)
Remediation & Mitigation
0/6
Do now
0/5MULTIPROG
HARDENINGRestrict network access to MULTIPROG and ProConOS controllers to authorized engineering workstations and control systems only; use firewall rules to deny all other inbound access
HARDENINGFor remote engineering access, require VPN with multi-factor authentication; do not allow direct internet-facing access to MULTIPROG or controller management interfaces
HARDENINGEncrypt all logic and configuration file transmission between MULTIPROG and the PLC using VPN or TLS; do not send project files via email or unencrypted file transfer
All products
HARDENINGSegment all automation networks: isolate engineering workstations, PLCs, and network devices into a dedicated OT zone separated from corporate IT by firewalls with explicit allow rules only for required traffic
WORKAROUNDReview your specific device manufacturer's security advisories to determine if your ProConOS-based controller includes additional mitigation or if end-of-life guidance applies
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
MULTIPROG
HARDENINGStore all MULTIPROG project files and PLC configurations only on secured, access-controlled storage with encryption at rest; implement file integrity monitoring (FIM) to detect unauthorized changes
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/fb002529-9e9d-466d-8f0a-7e89b26abbfc