Summary
The build settings of a PLCnext Engineer project (.pcwex) can be manipulated in a way that can result in the execution of remote code.
The attacker needs to get access to a PLCnext Engineer project to be able to manipulate files inside. Additionally, the files of the remote code need to be transferred to a location which can be accessed by the PC that runs PLCnext Engineer. When PLCnext Engineer runs a build process of the manipulated project the remote code can be executed.
Impact
Availability, integrity, or confidentiality of an engineering workstation might be compromised by attacks using these vulnerabilities.
Affected Product(s)
| Model no. | Product name | Affected versions |
|---|---|---|
| 1046008 | Software PLCnext Engineer <=2020.3.1 | Software PLCnext Engineer <=2020.3.1 |
Vulnerabilities
Expand / Collapse allMultiple memory corruption vulnerabilities exist in CodeMeter (All versions prior to 7.10) where the packet parser mechanism does not verify length fields. An attacker could send specially crafted packets to exploit these vulnerabilities.
Mitigation
We strongly recommend customers to exchange project files only using secure file exchange
services. Project files should not be exchanged via unencrypted email. Users should avoid
importing project files from unknown source and exchange or store project files together with a
checksum to ensure their integrity.
Remediation
Phoenix Contact strongly recommends updating to the latest version PLCnext Enineer 2020.6, which fixes this vulnerability.
Revision History
| Version | Date | Summary |
|---|---|---|
| 1 | 21.07.2020 11:38 | Initial revision. |
| 2 | 06.11.2024 12:27 | Fix: correct certvde domain, added self-reference |
| 3 | 14.05.2025 14:28 | Fix: version space, removed ia, firmware category, added distribution |