VYPR
← All advisories
Unrated severityNVD Advisory· Published Jun 21, 2022· Updated Sep 16, 2024

Insufficient Verification of Data Vulnerability in PHOENIX CONTACT classic line industrial controllers

CVE-2022-31800

Description

An unauthenticated remote attacker can upload malicious logic to ProConOS-based devices to gain full control.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

An unauthenticated remote attacker can upload malicious logic to ProConOS-based devices to gain full control.

Vulnerability

The vulnerability exists in devices based on ProConOS/ProConOS eCLR, specifically Phoenix Contact classic line industrial controllers. The devices insufficiently verify uploaded data, allowing an attacker to upload arbitrary malicious logic. Affected versions are listed in the vendor advisory [1].

Exploitation

The attacker does not require authentication and can upload malicious logic remotely. The only requirement is network connectivity to the device. By sending crafted logic, the attacker can bypass verification and execute arbitrary code on the device.

Impact

Successful exploitation gives the attacker full control over the device, including the ability to execute arbitrary malicious code. This can lead to complete compromise of the controller and potentially disrupt industrial processes.

Mitigation

Phoenix Contact has released fixed versions for the affected devices. Users should update to the latest firmware as specified in the advisory [1]. No workarounds are available.

References
  1. PHOENIX CONTACT: Vulnerability in classic line industrial controllers

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

17
  • PHOENIX CONTACT/AXC 1050v5
    Range: All Versions
  • PHOENIX CONTACT/AXC 1050 XCv5
    Range: All Versions
  • PHOENIX CONTACT/AXC 3050v5
    Range: All Versions
  • PHOENIX CONTACT/FC 350 PCI ETHv5
    Range: All Versions
  • PHOENIX CONTACT/ILC 1x0v5
    Range: All Versions
  • PHOENIX CONTACT/ILC 1x1v5
    Range: All Versions
  • PHOENIX CONTACT/ILC 1x1 GSM/GPRSv5
    Range: All Versions
  • PHOENIX CONTACT/ILC 3xxv5
    Range: All Versions
  • PHOENIX CONTACT/PC WORX RT BASICv5
    Range: All Versions
  • Phoenixcontact/PC Worxcpe-rescue
    Range: All Versions
  • PHOENIX CONTACT/RFC 430 ETH-IBv5
    Range: All Versions
  • PHOENIX CONTACT/RFC 450 ETH-IBv5
    Range: All Versions
  • PHOENIX CONTACT/RFC 460R PN 3TXv5
    Range: All Versions
  • PHOENIX CONTACT/RFC 460R PN 3TX-Sv5
    Range: All Versions
  • PHOENIX CONTACT/RFC 470 PN 3TXv5
    Range: All Versions
  • PHOENIX CONTACT/RFC 470S PN 3TXv5
    Range: All Versions
  • PHOENIX CONTACT/RFC 480S PN 4TXv5
    Range: All Versions

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.