PT-2026-43541 · Phoenix Contact · Plcnext Control

Diego Giubertoni

·

Published

2026-05-27

·

Updated

2026-06-03

·

CVE-2025-41669

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions PLCnext Control (affected versions not specified)
Description The Web-based Management interface lacks a data verification mechanism when installing additional APPs downloaded from the PLCnext Store. This allows a remote low-privileged Engineer user to install a manipulated APP package, which can lead to arbitrary code execution with root privileges on the PLC device, potentially impacting the integrity and availability of the system.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

LPE

Improper Verification of Cryptographic Signature

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2025-41669

Affected Products

Plcnext Control