Share: Email | Twitter

ID

VDE-2024-067

Published

2024-10-08 14:00 (CEST)

Last update

2024-10-08 14:00 (CEST)

Vendor(s)

PHOENIX CONTACT GmbH & Co. KG

Product(s)

Article No° Product Name Affected Version(s)
PLCnext Engineer < 2024.0.4 LTS
PLCnext Engineer < 2024.06

Summary

Vulnerabilities in .NET and Visual Studio functions System.Text.Json, System.Formats.Asn1, OPCFoundation.NetStandard.Opc.Ua.Core allow an remote attacker to execute a Denial-of-Servce attack.


Last Update:

Oct. 7, 2024, 11:10 a.m.

Weakness

Uncontrolled Resource Consumption  (CWE 400) 

Summary

.NET Core and Visual Studio Denial of Service Vulnerability.
Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30105


Impact

Availability of an application programming workstation might be compromised by attacks using these vulnerabilities.

Solution

Mitigation

To mitigate the vulnerabilities and to ensure the availability of the PLCnext Engineer please ensure that only data from trusted sources are used.

Remediation

Phoenix Contact recommends affected users to update to the current PLCnext Engineer 2024.0.4 LTS or 2024.6 which fixes the vulnerabilities.

Reported by

CERT@VDE coordinated with Phoenix Contact