Phoenix Contact: Classic line industrial controllers prone to inadequate integrity check of PLC
Monitor7.5VDE-2023-057Dec 12, 2023
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
Phoenix Contact classic line industrial controllers (AXC, ILC, RFC, FC series) lack integrity and authenticity verification mechanisms for application code, configurations, and executable files. The CRC check warning can be manipulated. An attacker with network access could modify PLC applications without detection. These controllers are designed for closed industrial networks protected by firewalls and network segmentation. All affected products remain unfixed.
What this means
What could happen
An attacker with network access to a Phoenix Contact classic line controller could modify the PLC application code (logic, configurations, executable files) without detection, since the controllers lack integrity verification mechanisms. This could allow unauthorized changes to process control logic, causing incorrect operation of manufacturing equipment or production line shutdowns.
Who's at risk
Manufacturing facilities using Phoenix Contact classic line industrial controllers (AXC 1050/1050 XC/3050 series, ILC 1x0/1x1/3xx series, RFC 430/450/460R/470S/480S, FC 350 PCI ETH) and their associated engineering tools (Automation Worx Software Suite, PC Worx, Config+). This affects any facility where these controllers manage critical process control logic, valve timing, equipment sequencing, or safety-critical functions.
How it could be exploited
An attacker on the network (or with remote access) could intercept and modify application files during transfer to the PLC, or directly alter stored configurations on the controller. The CRC check mechanism can be bypassed or manipulated. Since there is no integrity verification, the controller will accept and run the altered code without warning the operator of the tampering.
Prerequisites
- Network access to the controller or to the engineering tool communication path
- Access to the file transfer mechanism (direct connection, Automation Worx Software Suite, or engineering tool communication)
- No encryption or integrity checking on transmitted project data
remotely exploitableno authentication requiredlow complexityno patch availableaffects manufacturing process control
Affected products (18)
18 EOL
ProductAffected VersionsFix Status
AXC 1050All versionsNo fix (EOL)
AXC 1050 XCAll versionsNo fix (EOL)
AXC 3050All versionsNo fix (EOL)
Config+All versionsNo fix (EOL)
FC 350 PCI ETHAll versionsNo fix (EOL)
Remediation & Mitigation
0/6
Do now
0/3HARDENINGIsolate all Phoenix Contact classic line controllers in a protected network segment using firewalls; restrict all inbound network access except from authorized engineering workstations
HARDENINGRequire all remote access to engineering tools and controllers to use VPN with encryption and authentication
HARDENINGStore all project files and configurations in protected, encrypted environments with access controls; do not transmit via email or unencrypted file transfer
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
WORKAROUNDDisable OT communication protocols (Ethernet/network services) on controllers that cannot operate in protected network zones, via CPU console or web-based management
HARDENINGImplement external integrity and authenticity verification (e.g., cryptographic hashing, digital signatures) on all project files before transfer to PLCs, using third-party tools or processes outside the controller
Mitigations - no patch available
0/1The following products have reached End of Life with no planned fix: AXC 1050, AXC 1050 XC, AXC 3050, Config+, FC 350 PCI ETH, ILC1x0, ILC1x1, ILC 3xx, PC Worx, RFC 430 ETH-IB, RFC 450 ETH-IB, RFC 460R PN 3TX, RFC 470S PN 3TX, RFC 480S PN 4TX, Automation Worx Software Suite, PC Worx Express, PC WORX RT BASIC, PC WORX SRT. Apply the following compensating controls:
HARDENINGEstablish and enforce a security management system including change control procedures, file integrity monitoring, and audit logging for all modifications to PLC applications and configurations
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/eb29f98c-0a0f-4549-b47f-2fcd59baa834