Phoenix Contact: Device and Update Management Windows Installer Privilege Escalation

A low-privileged user on a workstation running Phoenix Contact DaUM can escalate their privileges to administrator level and execute arbitrary commands, potentially gaining full control of the device management system and all connected industrial equipment.

Water utilities and municipal electric utilities using Phoenix Contact DaUM for device provisioning and firmware updates. This affects IT staff and engineers who use DaUM workstations to manage remote terminal units (RTUs), programmable logic controllers (PLCs), and other field devices.

An attacker with local access to a workstation running DaUM exploits misconfigured file permissions on nssm.exe (a service management utility) to execute arbitrary code with administrator privileges. This allows the attacker to modify device configurations, deploy malicious updates to connected industrial devices, or disable monitoring and security controls.