Phoenix Contact: Device and Update Management Windows Installer Privilege Escalation

Plan PatchCVSS 7.8VDE-2025-063Aug 12, 2025

Phoenix Contact

Attack path

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

A privilege escalation vulnerability exists in Phoenix Contact Device and Update Management (DaUM) prior to version 2025.3.1. The DAUM-WINDOWS-SERVICE has misconfigured permissions on nssm.exe, which allows a low-privileged local user to execute arbitrary code with administrative privileges.

What this means

What could happen

An attacker with local access to a Windows system running DaUM could gain administrative control, allowing them to modify device configurations, deploy unauthorized firmware updates, or disrupt management operations across managed industrial devices.

Who's at risk

Organizations using Phoenix Contact DaUM for centralized device and firmware management should care, particularly those managing multiple industrial devices or controllers across their facilities. This affects Windows-based DaUM installations managing PLCs, gateways, and field devices.

How it could be exploited

An attacker with a low-privileged local account on a Windows system running DaUM exploits misconfigured permissions on nssm.exe to execute arbitrary commands with administrative privileges, gaining full control of the management service and all devices it manages.

Prerequisites

Local account access to the Windows system running DaUM
DaUM version prior to 2025.3.1 installed

low complexitylocal access requiredmisconfigured permissionsadministrative privilege escalation

Exploitability

Unlikely to be exploited — EPSS score 0.0%

Affected products (1)

ProductAffected VersionsFix Status

DaUM <2025.3.1DaUM<2025.3.12025.3.1

Remediation & Mitigation

0/3

Do now

0/1

HARDENINGRestrict local administrative access to Windows systems running DaUM to authorized personnel only

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate DaUM to version 2025.3.1 or later

Long-term hardening

0/1

HARDENINGAudit and remove low-privileged local accounts that do not require system access

CVEs (1)

CVE-2025-41686

View full CERT@VDE advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/1c3be202-c8d1-468d-aee6-ac1aa4c6a238

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.