Phoenix Contact: Multiple Vulnerabilities in PLCnext Engineer

Plan PatchCVSS 7.5VDE-2024-067Oct 8, 2024

Phoenix ContactManufacturing

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Vulnerabilities in .NET and Visual Studio libraries (System.Text.Json, System.Formats.Asn1) and OPC Foundation OPC UA Core used by PLCnext Engineer allow a remote attacker to send specially crafted requests that cause a Denial of Service. The affected libraries fail to validate input correctly, resulting in resource exhaustion and application crash. No user interaction is required.

What this means

What could happen

An attacker on the network can send specially crafted requests to PLCnext Engineer, causing it to become unresponsive and disrupting the engineering and configuration of your control systems. This prevents updates to PLCs and halts development work during an outage.

Who's at risk

Manufacturing facilities and automation engineers using Phoenix Contact PLCnext Engineer for PLC programming and configuration. Any organization that relies on PLCnext Engineer as their engineering workstation for control logic development and deployment is affected.

How it could be exploited

An attacker sends malformed JSON, ASN.1, or OPC UA protocol messages to the PLCnext Engineer application over the network. The vulnerable libraries fail to validate the input correctly, consuming excessive system resources and crashing the service.

Prerequisites

Network access to PLCnext Engineer service (typically port 80/443 or local network)

remotely exploitableno authentication requiredlow complexityaffects engineering systems

Exploitability

Some exploitation risk — EPSS score 2.0%

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

PLCnext Engineer <2024.0.4 LTS<2024.0.4 LTS2024.0.4 LTS+

PLCnext Engineer <2024.6<2024.62024.0.4 LTS+

Remediation & Mitigation

0/1

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate PLCnext Engineer to version 2024.0.4 LTS or later

CVEs (3)

CVE-2024-30105 CVE-2024-38095 CVE-2024-33862

View full CERT@VDE advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/d2bf7e1a-f6d4-4cc2-85e8-67e53a588dad

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.