PHOENIX CONTACT: Vulnerability in ProConOS/ProConOS eCLR SDK and MULTIPROG Engineering tool

ProConOS/ProConOS eCLR insufficiently verifies uploaded data.

The identified vulnerability allows attackers uploading logic with arbitrary malicious code oncehaving access to the communication to products that are utilizing ProConOS/ProConOS eCLR.Attackers must have network or physical controller access to exploit this vulnerability. Thisvulnerability affects all versions of ProConOS/ProConOS eCLR and MULTIPROG from PhoenixContact Software (formerly KW-Software).

Manufacturers using ProConOS/ProConOS eCLR in their automation devices are advised tocheck their implementation and may publish an advisory according to their product.
Users of automation devices utilizing ProConOS/ProConOS eCLR in their automation systemsmay check if their application requires additional security measures like an adequate defense–in-depth networking architecture, the use of virtual private networks (VPNs) for remote access,as well as the use of firewalls for network segmentation or controller isolation.
Users should check their manufacturers security advisories for more adequate informationaccording to their dedicated device.
Users should ensure that the logic is always transferred or stored in protected environments.This is valid for data in transmission as well as data in rest. Connections between theEngineering Tools and the controller must always be in a locally protected environment orprotected by VPN for remote access. Project data shouldn't send as a file via e-mail or othertransfer mechanisms without additional integrity and authenticity checks.Project data should save in protected environments only.
Generic information and recommendations for security measures to protect network-capabledevices can be found in the application note.