Critical Remote Code Execution Vulnerability Discovered in PHOENIX CONTACT MULTIPROG and ProConOS eCLR (SDK)

CVECVE-2023-0757
CVSScvssV3_1: 9.8
SourceCVE-2023-0757

Researchers have discovered a serious vulnerability in PHOENIX CONTACT MULTIPROG and ProConOS eCLR (SDK) that could allow remote attackers to gain full control without authentication.

PHOENIX CONTACT MULTIPROG and ProConOS eCLR (SDK) are tools used for programming industrial devices. The vulnerability is due to improper permission assignment that allows unauthorized uploading and execution of malicious code.

An attacker could exploit this from remote locations by sending specially crafted requests that upload a harmful program. This would give the attacker complete access like an administrator to view and change settings, install malware, or cause other damage.

To protect yourself, users should contact PHOENIX CONTACT for updates and apply them immediately. Administrators should also review permissions on their systems to ensure only authorized access is allowed for programming functions. Regular monitoring and network segmentation can help detect and limit the impact of any exploitation.

While a serious issue, taking timely action can prevent compromise. We recommend staying up-to-date on advisories and tightening security as new vulnerabilities are always being uncovered in even the most common tools.

References