Share: Email | Twitter

ID

VDE-2025-054

Published

2025-07-08 09:00 (CEST)

Last update

2025-07-08 08:57 (CEST)

Vendor(s)

PHOENIX CONTACT GmbH & Co. KG

Product(s)

Article No° Product Name Affected Version(s)
AXC F 1152 < 2025.0.2
AXC F 2152 < 2025.0.2
AXC F 3152 < 2025.0.2
BPC 9102S < 2025.0.2
RFC 4072S < 2025.0.2

Summary

Multiple vulnerabilities in the PLCnext system allowed low-privileged remote attackers to gain unauthorized access or trigger system reboots by manipulating configuration files and symbolic links. Affected services include watchdog, arp-preinit, and security-profile, potentially exposing critical system files. These issues have been resolved in firmware version 2025.0.2.

Vulnerabilities



Last Update
June 27, 2025, 10:50 a.m.
Weakness
Improper Link Resolution Before File Access ('Link Following') (CWE-59)
Summary

A low privileged remote attacker with file access can replace a critical file used by the watchdog to get read, write and execute access to any file on the device after the watchdog has been initialized.

Details
certvde.com 
Last Update
June 27, 2025, 10:51 a.m.
Weakness
Improper Link Resolution Before File Access ('Link Following') (CWE-59)
Summary

A low privileged remote attacker with file access can replace a critical file used by the arp-preinit script to get read, write and execute access to any file on the device.

Details
certvde.com 
Last Update
June 27, 2025, 10:52 a.m.
Weakness
Improper Link Resolution Before File Access ('Link Following') (CWE-59)
Summary

A low privileged remote attacker with file access can replace a critical file or folder used by the service security-profile to get read, write and execute access to any file on the device.

Details
certvde.com 
Last Update
June 27, 2025, 10:49 a.m.
Weakness
Incorrect Default Permissions (CWE-276)
Summary

An low privileged remote attacker can enforce the watchdog of the affected devices to reboot the PLC due to incorrect default permissions of a config file.

Details
certvde.com 

Impact

Availability, integrity, or confidentiality of the PLCnext Control might be compromised by attacks using these vulnerabilities.

Solution

Remediation

Update to the latest 2025.0.2 Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.

Reported by

CERT@VDE coordinated with Phoenix Contact

Reporting: Nozomi