Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware

Act Now9VDE-2024-071Dec 9, 2024

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

Multiple vulnerabilities in Linux components within PLCnext Firmware affect control system devices across the product line. These include use-after-free conditions (CWE-416), race conditions (CWE-362/367), path traversal issues (CWE-59), and other memory safety and logic flaws that can be exploited remotely. The vulnerabilities allow code execution on the affected controllers, potentially compromising industrial process control and automation integrity.

What this means

What could happen

An attacker with network access to a vulnerable PLCnext controller could exploit multiple Linux component flaws to execute code remotely, allowing them to modify control logic, alter process parameters, or halt production on affected manufacturing equipment.

Who's at risk

Manufacturers using Phoenix Contact PLCnext controllers (AXC F, RFC, BPC, EPC product lines) for automation, process control, and machine control in factory environments should prioritize patching. This affects both compact and distributed control systems.

How it could be exploited

An attacker could send a specially crafted network request to the PLCnext controller exploiting one of the underlying Linux component vulnerabilities (use-after-free, race conditions, path traversal). Successful exploitation would give the attacker the ability to run arbitrary code on the controller with elevated privileges.

Prerequisites

Network access to the PLCnext controller on the port running the vulnerable service
No authentication required for the initial exploit vector

remotely exploitableno authentication requiredaffects control logic executionhigh CVSS score (9.0)no patch available for EPC 1502 and EPC 1522 models

Affected products (8)

6 with fix2 EOL

ProductAffected VersionsFix Status

AXC F 1152<2024.0.6 LTS2024.0.6 LTS

AXC F 2152<2024.0.6 LTS2024.0.6 LTS

AXC F 3152<2024.0.6 LTS2024.0.6 LTS

RFC 4072S<2024.0.6 LTS2024.0.6 LTS

BPC 9102S<2024.0.6 LTS2024.0.6 LTS

RFC 4072R<2024.0.6 LTS2024.0.6 LTS

EPC 1522<2024.0.6 LTSNo fix (EOL)

EPC 1502<2024.0.6 LTSNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

EPC 1522

HARDENINGFor EPC 1502 and EPC 1522 controllers where no patch is available, implement network isolation to prevent unauthorized access from untrusted networks

All products

HARDENINGRestrict network access to PLCnext controllers to only authorized engineering workstations and administrative interfaces using firewall rules or network segmentation

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

AXC F 1152

HOTFIXUpdate AXC F 1152, AXC F 2152, AXC F 3152, RFC 4072S, BPC 9102S, and RFC 4072R controllers to firmware version 2024.0.6 LTS or later

All products

HOTFIXUpdate PLCnext Engineer software to the latest version available

CVEs (6)

CVE-2024-4741 CVE-2024-6387 CVE-2024-39894 CVE-2024-32002 CVE-2024-4603 CVE-2024-2511

View full CERT@VDE advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/fe171957-f990-406c-98e5-8834ed5184d8