VDE-2024-061
Last update
30.06.2025 12:00
Published at
30.06.2025 12:00
Vendor(s)
ifm electronic GmbH
External ID
VDE-2024-061
CSAF Document
Summary
A vulnerability has been disclosed in PLC ifm AC4xxS that allows an attacker to trigger the safety state with the help of a specially crafted html request. This leads to a loss of availability.
Impact
An unauthorized attacker can exploit this vulnerability to issue malicious commands to the PLC, potentially disrupting or damaging the production line.
Affected Product(s)
| Model no. | Product name | Affected versions |
|---|---|---|
| ifm Smart PLC AC4xxS | Firmware V4.04<V4.3.17, Firmware V6.1.8 |
Vulnerabilities
Expand / Collapse all
Published
22.09.2025 14:57
Severity
Weakness
Missing Authentication for Critical Function (CWE-306)
References
Mitigation
When using automation components, make sure that no unauthorized access can take place. In addition, measures should be taken to ensure that the components do not have direct access to Internet resources and that they cannot be accessed from insecure networks. Use available security measures such as authentication and authorization groups.
PLC with firmware V6.1.8 http interface can be disabled.
Revision History
| Version | Date | Summary |
|---|---|---|
| 1 | 30.06.2025 12:00 | Initial release. |