Phoenix Contact PLCnext Firmware Privilege Escalation Vulnerability

A local privilege escalation vulnerability has been identified in Phoenix Contact PLCnext firmware versions prior to 2026.0.3. This vulnerability allows low-privileged users to manipulate configuration or application-related files in user-writable areas, potentially influencing the behavior of privileged system services. The exploitation of this vulnerability could lead to unauthorized code execution with elevated permissions, compromising the integrity and availability of the affected PLCnext Control systems.

Impact

Exploitation of this vulnerability could allow low-privileged users to interfere with privileged services by altering configuration files, potentially leading to unauthorized actions being performed with elevated rights. This could disrupt the normal operation of the PLCnext Control system and undermine its overall security.

Remediation

Users are advised to update to PLCnext firmware version 2026.0.3 or later, which addresses this vulnerability. If an immediate update is not possible, local access to the device should be restricted to authorized users only, and the device should be operated in a secured environment to prevent unauthorized access.