Summary
A vulnerability has been disclosed in PLC ifm AC4xxS that allows an attacker to trigger the safety state with the help of a specially crafted html request. This leads to a loss of availability.
Impact
An unauthorized attacker can exploit this vulnerability to issue malicious commands to the PLC, potentially disrupting or damaging the production line.
Affected Product(s)
| Model no. | Product name | Affected versions |
|---|---|---|
| AC402s | Firmware 4.04<4.3.17, Firmware 6.1.8 | |
| AC422s | Firmware 4.04<4.3.17, Firmware 6.1.8 | |
| AC424s | Firmware 4.04<4.3.17, Firmware 6.1.8 | |
| AC432s | Firmware 4.04<4.3.17, Firmware 6.1.8 | |
| AC434s | Firmware 6.1.8, Firmware 4.04<4.3.17 |
Vulnerabilities
Expand / Collapse allThe endpoint hosts a script that allows an unauthorized remote attacker to put the system in a fail-safe state over the network due to missing authentication.
Mitigation
When using automation components, make sure that no unauthorized access can take place. In addition, measures should be taken to ensure that the components do not have direct access to Internet resources and that they cannot be accessed from insecure networks. Use available security measures such as authentication and authorization groups.
PLC with firmware V6.1.8 http interface can be disabled.
Acknowledgments
ifm electronic GmbH thanks the following parties for their efforts:
- CERT@VDE for coordination (see https://certvde.com )
- Dmytro Kryhin from National Technical University of Ukraine "Igor Sikorsky Kyiv Polytechnic Institute" for reporting (see https://kpi.ua/en )
Revision History
| Version | Date | Summary |
|---|---|---|
| 1.0.0 | 06/30/2025 12:00 | Initial release. |
| 2.0.0 | 02/16/2026 16:00 | Updated content and product names. |
| 2.0.1 | 02/18/2026 09:00 | Fixed Typo. |