Primary

Context

Phoenix Contact PLCnext Watchdog Reboot Vulnerability

Vulnerability

Patched

A vulnerability exists in Phoenix Contact PLCnext devices, specifically in the AXC F 1152, AXC F 2152, AXC F 3152, BPC 9102S, and RFC 4072S models, all running versions prior to 2025.0.2. The issue arises from incorrect default permissions on a configuration file, allowing low-privileged remote attackers to manipulate the watchdog feature and force the device to reboot.

Impact

Exploitation of this vulnerability causes a denial-of-service condition by forcing the affected device to reboot, disrupting any ongoing processes or operations.

Remediation

Users are advised to update to the latest firmware version 2025.0.2. Phoenix Contact recommends always using an up-to-date version of PLCnext Engineer.

Added: Jul 8, 2025, 7:29 AM

Updated: Jul 8, 2025, 7:29 AM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

0.6

exploitability

4.9

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

0.6

exploitability

4.9

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Phoenix Contact PLCnext Watchdog Reboot Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Phoenix Contact AXC F 1152

Phoenix Contact AXC F 2152

Phoenix Contact AXC F 3152

Phoenix Contact BPC 9102S

Phoenix Contact RFC 4072S

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating