Phoenix Contact: PLCnext Control prone to download of code without integrity check

MonitorCVSS 7.7VDE-2023-058Dec 12, 2023

Phoenix ContactManufacturing

Attack path

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

PLCnext Control application files (logic, executables, configurations) lack robust integrity verification. An authenticated attacker could craft malicious application files in a way that bypasses the integrity check mechanism, allowing unauthorized modifications to be loaded onto the PLC undetected. PLCnext Engineer should warn users of integrity mismatches when in Online mode, but a skilled attacker could potentially craft changes that evade this detection. The vulnerability affects all current PLCnext Control hardware platforms through version 2024.0, and the vendor has not released patches.

What this means

What could happen

An authenticated attacker could manipulate PLC application files (logic, configurations) in a way that bypasses integrity checks, allowing unauthorized changes to industrial processes that are difficult to detect or remove. This could lead to undetected tampering with control logic, process parameters, or safety interlocks.

Who's at risk

Manufacturing facilities using Phoenix Contact PLCnext Control systems (AXC F series controllers, BPC 9102S gateway, EPC 1502/1522 edge controllers, RFC 4072R/S safety controllers, and PLCnext Engineer software) are affected. This impacts any organization that uses these PLCs to control automated processes, assembly lines, or safety-critical equipment.

How it could be exploited

An attacker with valid credentials and access to the PLCnext Engineer workstation or network connection to the PLC could craft malicious application files that evade the integrity verification mechanisms. The attacker would then upload or transfer these tampered files to the PLC, where the weakened integrity check fails to detect the manipulation, and the malicious code executes as part of the normal application.

Prerequisites

Valid engineering workstation credentials (PLCnext Engineer user account)
Network access to the PLC (direct engineering connection or remote access)
Knowledge of PLCnext application file structure and integrity check mechanisms
Access to PLC application files during engineering phase or through compromised engineering workstation

Remotely exploitable (with credentials and network access)Authentication required (but uses credentials, not multi-factor)No patch available for affected versionsCould affect safety system configurationsIntegrity check bypass reduces detectability of tampering

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (9)

9 EOL

ProductAffected VersionsFix Status

AXC F 2152≤ 2024.0No fix (EOL)

AXC F 3152≤ 2024.0No fix (EOL)

BPC 9102S≤ 2024.0No fix (EOL)

EPC 1522≤ 2024.0No fix (EOL)

RFC 4072R≤ 2024.0No fix (EOL)

RFC 4072S≤ 2024.0No fix (EOL)

PLCnext Engineer <=2024.0≤ 2024.0No fix (EOL)

AXC F 1152≤ 2024.0No fix (EOL)

Remediation & Mitigation

0/8

Do now

0/5

HARDENINGRestrict PLCnext Engineer workstation access to authorized engineering personnel only; disable local admin accounts and enforce strong password policies

HARDENINGIsolate engineering networks (PLCnext Engineer to PLC communication) on a separate VLAN or air-gapped network segment not connected to production control network

WORKAROUNDRequire VPN for any remote access to PLCnext Engineer workstations or PLC systems; restrict non-VPN access at the firewall

HARDENINGEnable and verify PLCnext Control project data integrity check feature is active; review the integrity check settings and logging configuration

HARDENINGDo not transfer PLC project files via email or unencrypted file sharing; establish a secure, authenticated file transfer process with integrity verification (e.g., signed files, checksums)

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HARDENINGMonitor PLCnext Engineer and PLC logs for 'Project Integrity Warning' entries; investigate and document any integrity warnings and remediate deviations from the known-good project

HARDENINGImplement certificate-based authentication for PLC access; use certificate management features in PLCnext Control to control which engineering workstations can connect

HOTFIXCheck Phoenix Contact PSIRT and product download pages regularly for firmware updates; apply latest Long-Term Support (LTS) versions when available and tested in your environment

CVEs (1)

CVE-2023-46144

View full CERT@VDE advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/361e2066-b93d-42c3-adbc-f758bf8197c1

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.