Critical Vulnerabilities Expose ifm Smart PLCs to Remote Attacks

Germany’s CERT@VDE has issued a warning about a series of critical security flaws impacting ifm Smart PLC controllers running firmware versions up to 4.3.17. These vulnerabilities, assigned CVEs 2024-28747 through 2024-28751, could allow attackers to seize control of affected devices, potentially wreaking havoc on industrial processes.

Hard-coded Credentials and Unrestricted Access

One of the most concerning issues (CVE-2024-28747, CVSS 9.8) is the presence of hard-coded credentials within the firmware. This means that attackers can easily gain high-level access to the PLCs without requiring any authentication. Once inside, they could manipulate configurations, disrupt operations, or even execute arbitrary commands.

Additionally, another vulnerability (CVE-2024-28751, CVSS 9.1) allows attackers to enable telnet access using the same hard-coded credentials, further widening the attack surface.

Command Injection and File Manipulation Risks

The remaining vulnerabilities (CVEs 2024-28748 through 2024-28750) relate to command injection flaws in file handling functions. These could enable attackers to inject malicious code into the system, potentially leading to data breaches, sabotage, or other harmful actions.

Affected Versions

The vulnerabilities impact the following firmware versions:

• Smart PLC AC14xx Firmware <= V4.3.17
• Smart PLC AC4xxS Firmware <= V4.3.17

Mitigation and Remediation

While a patch has been released (firmware version 6.1.8 or later), ifm recommends additional precautions to protect Smart PLCs. These include:

• Network Segmentation: Isolate PLCs from insecure networks and the internet to limit exposure.
• Strong Authentication: Enforce robust authentication measures like multi-factor authentication (MFA) wherever possible.
• Authorization Groups: Use authorization groups to restrict access to sensitive functions and data.