{“lastseen”:””,”description”:”The Web-based Management allows a remote low privileged Engineer user to install additional APPs on the device downloaded from the PLCnext Store without implementing any data verification mechanism, leading to the capability for an Engineer user to reach arbitrary code execution with root privileges on the PLC device. A successful exploitation may allow to install a manipulated APP package, potentially impacting integrity and availability of the PLCnext Control.”,”published”:”2026-05-27T07:18:28.236Z”,”modified”:”2026-05-27T07:18:28.236Z”,”type”:”cve”,”title”:”Insufficient Verification of Data Authenticity”,”source”:”CERTVDE”,”references”:”https:\/\/www.certvde.com\/en\/advisories\/VDE-2026-050\/”,”id”:”CVE-2025-41669″,”bulletinFamily”:””,”cwe”:[“CWE-347″],”cvelist”:null,”sourceData”:”Phoenix Contact AXC F 1152 0.0.0\\nPhoenix Contact AXC F 1252 0.0.0\\nPhoenix Contact AXC F 2000 EA 0.0.0\\nPhoenix Contact AXC F 2152 0.0.0\\nPhoenix Contact AXC F 3152 0.0.0\\nPhoenix Contact BPC 9102S 0.0.0\\nPhoenix Contact EPC 1522 0.0.0\\nPhoenix Contact RFC 4072R 0.0.0\\nPhoenix Contact RFC 4072S 0.0.0\\nPhoenix Contact VL3 UPC 2440 EDGE 0.0.0\\nPhoenix Contact VPLCNEXT CONTROL 1000 0.0.0\\nPhoenix Contact VPLCNEXT CONTROL 2000 0.0.0\\nPhoenix Contact VPLCNEXT CONTROL 3000 0.0.0\\nPhoenix Contact VPLCNEXT CONTROL 500 0.0.0″,”sourceHref”:””,”cvss”:{“score”:8.7,”severity”:”HIGH”,”vector”:”CVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:L\/UI:N\/VC:H\/VI:H\/VA:H\/SC:N\/SI:N\/SA:N”,”version”:”4.0″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”AXC F 1152″,”version”:”0.0.0″,”vendor”:”Phoenix Contact”,”ai_description”:”Arbitrary code execution with root privileges due to insufficient data verification in the Web-based Management of PLCnext Control devices”,”ai_severity”:”High”,”ai_vendor”:”Phoenix Contact”,”ai_product”:”PLCnext Control”,”ai_version”:”0.0.0″,”ai_score”:8.7}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:””,”description”:”The Web-based Management allows a remote low privileged Engineer user to install additional APPs on the device downloaded from the PLCnext Store without implementing any…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,8,19,12,15,13,7,11,5],"class_list":["post-57213","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvss","tag-cvss-87","tag-exploit","tag-high","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n