Back to overview

PHOENIX CONTACT: Multiple vulnerabilities in ENERGY AXC PU

VDE-2023-003
Last update
05/14/2025 15:00
Published at
03/14/2023 10:14
Vendor(s)
Phoenix Contact GmbH & Co. KG
External ID
VDE-2023-003
CSAF Document
Download

Summary

Multiple vulnerabilities have been discovered in CODESYS Control V3 runtime system.
For details regarding the single vulnerabilities please refer to the security advisories issued by CODESYS:

  • CODESYS Security Advisory 2022-02
  • CODESYS Security Advisory 2022-04
  • CODESYS Security Advisory 2022-06
  • CODESYS Security Advisory 2022-09

Impact

The CODESYS Control runtime system enables embedded or PC-based devices to be a programmable industrial controller. Such products contain communication servers for the CODESYS protocol to enable communication with clients.

Affected Product(s)

Model no. Product name Affected versions
1264327 ENERGY AXC PU Firmware <V04.15.00.00

Vulnerabilities

Expand / Collapse all

Published
09/22/2025 14:57
Severity
8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Weakness
Exposure of Resource to Wrong Sphere (CWE-668)
Summary

A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected products.

References
cve.org | nvd.nist.gov

Published
09/22/2025 14:57
Severity
7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Weakness
Use of Insufficiently Random Values (CWE-330)
Summary

An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed.

References
cve.org | nvd.nist.gov

Published
09/22/2025 14:57
Severity
7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Weakness
Uncontrolled Resource Consumption (CWE-400)
Summary

In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected.

References
cve.org | nvd.nist.gov

Published
09/22/2025 14:57
Severity
7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Weakness
Untrusted Pointer Dereference (CWE-822)
Summary

An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be written. If invalid memory is accessed, this results in a crash.

References
cve.org | nvd.nist.gov

Published
09/22/2025 14:57
Severity
6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Weakness
NULL Pointer Dereference (CWE-476)
Summary

An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash.

References
cve.org | nvd.nist.gov

Mitigation

Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to Phoenix Contacts application note.Measures to protect network-capable devices with Ethernet connection

Remediation

Phoenix Contact strongly recommends updating to the latest firmware mentioned in the list of affected products, which fixes this vulnerability.

Revision History

Version Date Summary
1 03/14/2023 10:14 Initial revision.
2 05/14/2025 15:00 Fix: added distribution