Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware
Act Now9.8VDE-2024-073Dec 9, 2024
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
Multiple critical vulnerabilities in PLCnext firmware for several Phoenix Contact industrial automation controllers. Flaws include buffer overflows, path traversal, command injection, information disclosure, and other issues in Linux components used by the firmware. These allow unauthenticated remote code execution, security bypass, and denial of service. Affected product lines: AXC F 1152/2152/3152, RFC 4072S/R, BPC 9102S (fixed in 2024.0.6 LTS), and EPC 1502/1522 (fixed in 2024.0.3 LTS).
What this means
What could happen
Multiple critical vulnerabilities in Phoenix Contact PLCnext industrial controllers allow unauthenticated remote attackers to execute arbitrary code, bypass security controls, and cause denial of service—threatening operational continuity of manufacturing facilities. This is actively being exploited in the wild.
Who's at risk
Manufacturing facilities operating Phoenix Contact PLCnext automation controllers (AXC F series, RFC 4072 series, BPC 9102S, EPC 1500 series). This includes discrete manufacturers, chemical processing plants, automotive suppliers, and any facility using these PLCs for process control or safety-critical functions.
How it could be exploited
An attacker with network access to the device can send malicious requests over the network to exploit multiple flaws (information disclosure, buffer overflows, command injection, path traversal) to gain code execution on the PLC firmware. No authentication or user interaction is required.
Prerequisites
- Network access to the affected Phoenix Contact PLCnext controller on the OT network
- Device running a vulnerable firmware version (anything older than 2024.0.6 LTS for AXC F/RFC 4072S/BPC 9102S or older than 2024.0.3 LTS for EPC 1502/1522)
remotely exploitableno authentication requiredlow complexityactively exploited (KEV)affects critical industrial control systemsmultiple vulnerability classes (code execution, information disclosure, denial of service)
Exploitability
Actively exploited — confirmed by CISA KEV
Affected products (8)
8 with fix
ProductAffected VersionsFix Status
AXC F 1152<2024.0.6 LTS2024.0.6 LTS
AXC F 2152<2024.0.6 LTS2024.0.6 LTS
AXC F 3152<2024.0.6 LTS2024.0.6 LTS
RFC 4072S<2024.0.6 LTS2024.0.6 LTS
BPC 9102S<2024.0.6 LTS2024.0.6 LTS
RFC 4072R<2024.0.6 LTS2024.0.6 LTS
EPC 1502<2024.0.3 LTS2024.0.3 LTS
EPC 1522<2024.0.3 LTS2024.0.3 LTS
Remediation & Mitigation
0/5
Do now
0/4AXC F 1152
HOTFIXUpdate all AXC F 1152, AXC F 2152, AXC F 3152, RFC 4072S, BPC 9102S, and RFC 4072R controllers to firmware version 2024.0.6 LTS or later
EPC 1502
HOTFIXUpdate all EPC 1502 and EPC 1522 controllers to firmware version 2024.0.3 LTS or later
All products
WORKAROUNDRestrict network access to PLCnext controllers to only authorized engineering workstations and control systems; block all unexpected inbound connections on management and data ports
HOTFIXUpdate PLCnext Engineer development software to the latest version
Long-term hardening
0/1HARDENINGImplement network segmentation to isolate PLCnext controllers from untrusted networks and the internet
CVEs (63)
CVE-2023-38039CVE-2023-46219CVE-2023-46218CVE-2023-38545CVE-2023-38546CVE-2023-34969CVE-2022-42010CVE-2022-42011CVE-2022-42012CVE-2022-48554CVE-2023-29499CVE-2023-32636CVE-2023-32643CVE-2023-32611CVE-2023-32665CVE-2023-5156CVE-2023-4911CVE-2024-0553CVE-2024-0567CVE-2023-33953CVE-2023-32731CVE-2023-32732CVE-2023-4785CVE-2023-44487CVE-2023-2603CVE-2023-6004CVE-2023-26551CVE-2023-26552CVE-2023-26553CVE-2023-26554CVE-2023-26555CVE-2022-29900CVE-2022-29901CVE-2023-48795CVE-2023-51384CVE-2023-51385CVE-2023-5363CVE-2023-3817CVE-2023-47100CVE-2022-40897CVE-2023-40217CVE-2023-4016CVE-2023-7104CVE-2021-41072CVE-2023-42465CVE-2023-5441CVE-2023-5344CVE-2023-5535CVE-2023-4781CVE-2023-4734CVE-2023-4733CVE-2023-4736CVE-2023-4735CVE-2023-4750CVE-2023-4738CVE-2023-4752CVE-2023-4751CVE-2023-48231CVE-2023-48237CVE-2023-48706CVE-2023-46246CVE-2023-45853CVE-2023-4807
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/fe72774a-36a6-4130-8398-a3fd32251932