CVE-2025-41669
PLCnext Control Arbitrary Code Execution via Unverified APP Installation
Publication date: 2026-05-27
Last updated on: 2026-05-27
Assigner: CERT VDE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| phoenix_contact | plcnext_firmware | to 2026.0.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-347 | The product does not verify, or incorrectly verifies, the cryptographic signature for data. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows a remote low-privileged Engineer user to execute arbitrary code with root privileges by installing manipulated APPs without verification, potentially compromising the integrity and availability of the PLCnext Control.
Such a compromise of integrity and availability could negatively impact compliance with standards and regulations like GDPR and HIPAA, which require protection of data integrity, availability, and secure system management.
However, the provided information does not explicitly mention the direct impact on compliance with these standards.
Can you explain this vulnerability to me?
This vulnerability affects the Phoenix Contact PLCnext firmware and involves the Web-based Management interface. A remote low-privileged Engineer user can install additional APPs on the device from the PLCnext Store without any data verification or cryptographic signature validation.
Because there is no proper verification, the Engineer user can install manipulated APP packages that may contain malicious code. This allows the user to execute arbitrary code with root privileges on the PLC device.
In summary, the vulnerability enables an attacker with low privileges to escalate their access and fully compromise the device by installing unauthorized and potentially harmful applications.
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to arbitrary code execution with root privileges on the affected PLC device.
This can compromise the integrity and availability of the PLCnext Control system, potentially allowing attackers to manipulate control processes or disrupt operations.
Such impacts could result in operational downtime, loss of control over industrial processes, and increased risk of further attacks or damage.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should apply the firmware update to version 2026.0.3 or later, which resolves the issue.
- Verify the sources of APPs before installation to ensure they are legitimate.
- Restrict access to the Web-based Management interface to prevent unauthorized Engineer users from installing manipulated APPs.