Insufficient Verification of Data Authenticity
Summary
| CVE | CVE-2025-41669 |
|---|---|
| State | PUBLISHED |
| Assigner | CERTVDE |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-05-27 08:16:39 UTC |
| Updated | 2026-05-27 14:53:22 UTC |
| Description | The Web-based Management allows a remote low privileged Engineer user to install additional APPs on the device downloaded from the PLCnext Store without implementing any data verification mechanism, leading to the capability for an Engineer user to reach arbitrary code execution with root privileges on the PLC device. A successful exploitation may allow to install a manipulated APP package, potentially impacting integrity and availability of the PLCnext Control. |
Risk And Classification
Primary CVSS: v4.0 8.7 HIGH from [email protected]
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS: 0.000580000 probability, percentile 0.183570000 (date 2026-05-31)
Problem Types: CWE-347 | CWE-347 CWE-347 Improper Verification of Cryptographic Signature
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 4.0 | [email protected] | Secondary | 8.7 | HIGH | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/C... |
| 4.0 | CNA | CVSS | 8.7 | HIGH | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
| 3.1 | [email protected] | Primary | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| 3.1 | CNA | CVSS | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
CVSS v4.0 Breakdown
Attack Vector
NetworkAttack Complexity
LowAttack Requirements
NonePrivileges Required
LowUser Interaction
NoneConfidentiality
HighIntegrity
HighAvailability
HighSub Conf.
NoneSub Integrity
NoneSub Availability
NoneCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
LowUser Interaction
NoneScope
UnchangedConfidentiality
HighIntegrity
HighAvailability
HighCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Phoenix Contact | AXC F 1152 | affected 0.0.0 2026.0.3 semver | Not specified |
| CNA | Phoenix Contact | AXC F 1252 | affected 0.0.0 2026.0.3 semver | Not specified |
| CNA | Phoenix Contact | AXC F 2000 EA | affected 0.0.0 2026.0.3 semver | Not specified |
| CNA | Phoenix Contact | AXC F 2152 | affected 0.0.0 2026.0.3 semver | Not specified |
| CNA | Phoenix Contact | AXC F 3152 | affected 0.0.0 2026.0.3 semver | Not specified |
| CNA | Phoenix Contact | BPC 9102S | affected 0.0.0 2026.0.3 semver | Not specified |
| CNA | Phoenix Contact | EPC 1522 | affected 0.0.0 2026.0.3 semver | Not specified |
| CNA | Phoenix Contact | RFC 4072R | affected 0.0.0 2026.0.3 semver | Not specified |
| CNA | Phoenix Contact | RFC 4072S | affected 0.0.0 2026.0.3 semver | Not specified |
| CNA | Phoenix Contact | VL3 UPC 2440 EDGE | affected 0.0.0 2026.0.3 semver | Not specified |
| CNA | Phoenix Contact | VPLCNEXT CONTROL 1000 | affected 0.0.0 2026.0.3 semver | Not specified |
| CNA | Phoenix Contact | VPLCNEXT CONTROL 2000 | affected 0.0.0 2026.0.3 semver | Not specified |
| CNA | Phoenix Contact | VPLCNEXT CONTROL 3000 | affected 0.0.0 2026.0.3 semver | Not specified |
| CNA | Phoenix Contact | VPLCNEXT CONTROL 500 | affected 0.0.0 2026.0.3 semver | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| www.certvde.com/en/advisories/VDE-2026-050 | [email protected] | www.certvde.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
CNA: Diego Giubertoni from Nozomi (en)
There are currently no legacy QID mappings associated with this CVE.