Phoenix Contact AXC F 1152
0 remedies
cpe:2.3:h:phoenixcontact:axc_f_1152:*:*:*:*:*:*:*
0 remedies
- < 2026.0.3
Phoenix Contact PLCnext Web-Based Management APP Installation Vulnerability Allowing Arbitrary Code Execution
Vulnerability
A vulnerability exists in the Web-based Management interface of Phoenix Contact PLCnext devices, allowing low-privileged Engineer users to install unverified applications from the PLCnext Store. This lack of data verification could lead to arbitrary code execution with root privileges on the affected PLC device. The vulnerability impacts several PLCnext Control models and versions prior to 2026.0.3.
Impact
Exploitation of this vulnerability could allow authenticated low-privileged users to execute arbitrary code with root privileges on the affected PLCnext Control device, potentially compromising the integrity and availability of the system.
Remediation
Users are advised to update their devices to PLCnext firmware version 2026.0.3 or later, which addresses this vulnerability. If an immediate update is not possible, consider disabling the APP Manager to reduce the attack surface and manually verify the SHA-256 checksum of downloaded APPs before installation.
Added: May 27, 2026, 8:44 AM
Updated: May 27, 2026, 8:44 AM
Vulnerability Rating
Custom Algorithm
spread
2.6impact
10.0exploitability
4.3remediation
0.0relevance
9.7threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.