Primary

Context

Phoenix Contact PLCnext Firmware Security Profile Vulnerability Allowing Unauthorized File Access

Vulnerability

Patched

A vulnerability exists in Phoenix Contact PLCnext firmware versions prior to 2025.0.2. It allows low-privileged remote attackers with file access to replace critical files or folders used by the service security-profile. This manipulation can grant read, write, and execute access to any file on the device.

Impact

Exploitation of this vulnerability could lead to unauthorized access and manipulation of critical system files, potentially compromising the availability, integrity, and confidentiality of the PLCnext Control.

Remediation

Users are advised to update to the latest firmware version 2025.0.2. Phoenix Contact recommends always using an up-to-date version of PLCnext Engineer.

Added: Jul 8, 2025, 7:23 AM

Updated: Jul 8, 2025, 7:23 AM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

4.9

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

4.9

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Phoenix Contact PLCnext Firmware Security Profile Vulnerability Allowing Unauthorized File Access

Vulnerability

Impact

Remediation

Affected Products

Phoenix Contact AXC F 1152

Phoenix Contact AXC F 2152

Phoenix Contact AXC F 3152

Phoenix Contact BPC 9102S

Phoenix Contact RFC 4072S

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating