(TLP:CLEAR) Privilege Escalation Vulnerabilities Affect Phoenix Contact PLCnext Controllers

Summary: A recent Nozomi Networks analysis identified multiple vulnerabilities affecting Phoenix Contact PLCnext industrial controllers, including a privilege escalation flaw that could allow a low-privileged engineer-level user to gain full control of affected devices.

Analyst Note: Because PLCnext controllers are commonly deployed in water and wastewater treatment and other critical infrastructure environments, WaterISAC encourages utilities using PLCnext products to review vendor advisories and apply available firmware updates. The findings also serve as a reminder that role-based access controls alone may not prevent unauthorized activity if vulnerabilities exist within the underlying platform, underscoring the importance of timely patching, least-privilege access, and defense-in-depth controls within OT environments.

Original Source: https://www.nozominetworks.com/blog/breaking-the-trust-boundary-privilege-escalation-in-a-plcnext-industrial-controller

Related WaterISAC PIRs: 6, 8, 11