Primary

Context

ifm Smart PLC AC4xxS Missing Authentication Vulnerability Allowing Unauthorized Remote Commands

Vulnerability

A vulnerability exists in ifm Smart PLC AC4xxS firmware versions prior to 4.3.17 and 6.1.8, allowing unauthorized remote attackers to send commands that disrupt the system's availability. This is due to improper access control, which enables attackers to trigger a fail-safe state over the network by sending specially crafted HTML requests.

Impact

Exploitation of this vulnerability allows unauthorized attackers to send malicious commands to the PLC, disrupting or damaging the production line.

Remediation

Users can disable the HTTP interface on PLCs with firmware version 6.1.8. For other versions, ensure that automation components are not accessible from insecure networks or the Internet, and use available security measures such as authentication and authorization groups.

Added: Jun 30, 2025, 10:21 AM

Updated: Jun 30, 2025, 10:21 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ifm Smart PLC AC4xxS Missing Authentication Vulnerability Allowing Unauthorized Remote Commands

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating