Primary

Context

Phoenix Contact PLCnext Watchdog File Manipulation Vulnerability Allowing Unauthorized File Access

Vulnerability

Patched

A vulnerability exists in Phoenix Contact PLCnext firmware versions prior to 2025.0.2, allowing low-privileged remote attackers with file access to replace a critical file used by the watchdog service. This manipulation can lead to unauthorized read, write, and execute access to any file on the device, after the watchdog has been initialized.

Impact

Exploitation of this vulnerability could compromise the availability, integrity, or confidentiality of the affected PLCnext Control device.

Remediation

Users are advised to update to the latest firmware version 2025.0.2. Phoenix Contact recommends always using an up-to-date version of PLCnext Engineer.

Added: Jul 8, 2025, 7:27 AM

Updated: Jul 8, 2025, 7:27 AM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

4.9

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

4.9

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Phoenix Contact PLCnext Watchdog File Manipulation Vulnerability Allowing Unauthorized File Access

Vulnerability

Impact

Remediation

Affected Products

Phoenix Contact AXC F 1152

Phoenix Contact AXC F 2152

Phoenix Contact AXC F 3152

Phoenix Contact BPC 9102S

Phoenix Contact RFC 4072S

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating