Vulnerabilites related to PHOENIX CONTACT - Config+
cve-2023-46143
Vulnerability from cvelistv5
Published
2023-12-14 14:06
Modified
2024-08-02 20:37
Severity ?
EPSS score ?
Summary
Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT classic line PLCs allows an unauthenticated remote attacker to modify some or all applications on a PLC.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | PHOENIX CONTACT | Automation Worx Software Suite |
Version: all |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:37:39.880Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-057/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Automation Worx Software Suite",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AXC 1050",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AXC 1050 XC",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AXC 3050",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Config+",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FC 350 PCI ETH",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ILC1x0",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ILC1x1",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ILC 3xx",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PC Worx",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PC Worx Express",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PC WORX RT BASIC",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PC WORX SRT",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RFC 430 ETH-IB",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RFC 450 ETH-IB",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RFC 460R PN 3TX",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RFC 470S PN 3TX",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RFC 480S PN 4TX",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Reid Wightman of Dragos, Inc."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT classic line PLCs allows an unauthenticated remote attacker to modify some or all applications on a PLC."
}
],
"value": "Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT classic line PLCs allows an unauthenticated remote attacker to modify some or all applications on a PLC."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-494",
"description": "CWE-494 Download of Code Without Integrity Check",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-14T14:07:36.807Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-057/"
}
],
"source": {
"advisory": "VDE-2023-057",
"defect": [
"CERT@VDE#64610"
],
"discovery": "EXTERNAL"
},
"title": "Phoenix Contact: Classic line industrial controllers prone to inadequate integrity check of PLC",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2023-46143",
"datePublished": "2023-12-14T14:06:06.479Z",
"dateReserved": "2023-10-17T07:04:03.576Z",
"dateUpdated": "2024-08-02T20:37:39.880Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-3461
Vulnerability from cvelistv5
Published
2022-11-15 10:59
Modified
2024-08-03 01:07
Severity ?
EPSS score ?
Summary
In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 manipulated PC Worx or Config+ files could lead to a heap buffer overflow and a read access violation. Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | PHOENIX CONTACT | Config+ |
Version: 0 ≤ 1.89 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:07:06.698Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-048/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Config+",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "1.89",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PC Worx",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "1.89",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PC Worx Express",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "1.89",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "This vulnerability was discovered by Michael Heinzl"
}
],
"datePublic": "2022-11-08T08:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 manipulated PC Worx or Config+ files could lead to a heap buffer overflow and a read access violation. Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities."
}
],
"value": "In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 manipulated PC Worx or Config+ files could lead to a heap buffer overflow and a read access violation. Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-15T10:59:53.718Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2022-048/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to Automation Worx Software Suite \u0026gt; 1.89"
}
],
"value": "Upgrade to Automation Worx Software Suite \u003e 1.89"
}
],
"source": {
"advisory": "VDE-2022-048",
"defect": [
"CERT@VDE64164"
],
"discovery": "EXTERNAL"
},
"title": "Buffer Overflow in PHOENIX CONTACT Automationworx Software Suite",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-3461",
"datePublished": "2022-11-15T10:59:53.718Z",
"dateReserved": "2022-10-12T05:45:11.921Z",
"dateUpdated": "2024-08-03T01:07:06.698Z",
"requesterUserId": "a1e5283b-8f0d-401e-98b2-bc6219c0e8d1",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-46141
Vulnerability from cvelistv5
Published
2023-12-14 14:05
Modified
2024-08-02 20:37
Severity ?
EPSS score ?
Summary
Incorrect Permission Assignment for Critical Resource vulnerability in multiple products of the PHOENIX CONTACT classic line allow an remote unauthenticated attacker to gain full access of the affected device.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | PHOENIX CONTACT | Automation Worx Software Suite |
Version: all |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:37:39.537Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-055/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Automation Worx Software Suite",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AXC 1050",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AXC 1050 XC",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AXC 3050",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Config+",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FC 350 PCI ETH",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ILC1x0",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ILC1x1",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ILC 3xx",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PC Worx",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PC Worx Express",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PC WORX RT BASIC",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PC WORX SRT",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RFC 430 ETH-IB",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RFC 450 ETH-IB",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RFC 460R PN 3TX",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RFC 470S PN 3TX",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RFC 480S PN 4TX",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Reid Wightman of Dragos, Inc."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect Permission Assignment for Critical Resource vulnerability in multiple products of the PHOENIX CONTACT classic line allow an remote unauthenticated attacker to gain full access of the affected device."
}
],
"value": "Incorrect Permission Assignment for Critical Resource vulnerability in multiple products of the PHOENIX CONTACT classic line allow an remote unauthenticated attacker to gain full access of the affected device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-14T14:05:11.292Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-055/"
}
],
"source": {
"advisory": "VDE-2023-055",
"defect": [
"CERT@VDE#64608"
],
"discovery": "EXTERNAL"
},
"title": "Phoenix Contact: Automation Worx and classic line controllers prone to Incorrect Permission Assignment for Critical Resource",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2023-46141",
"datePublished": "2023-12-14T14:05:11.292Z",
"dateReserved": "2023-10-17T07:04:03.576Z",
"dateUpdated": "2024-08-02T20:37:39.537Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-3737
Vulnerability from cvelistv5
Published
2022-11-15 10:59
Modified
2024-08-03 01:20
Severity ?
EPSS score ?
Summary
In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 memory can be read beyond the intended scope due to insufficient validation of input data. Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | PHOENIX CONTACT | Config+ |
Version: 0 ≤ 1.89 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:20:57.710Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-048/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Config+",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "1.89",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PC Worx",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "1.89",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PC Worx Express",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "1.89",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "This vulnerability was discovered by Michael Heinzl"
}
],
"datePublic": "2022-11-08T08:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 memory can be read beyond the intended scope due to insufficient validation of input data. Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities."
}
],
"value": "In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 memory can be read beyond the intended scope due to insufficient validation of input data. Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-15T10:59:00.713Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2022-048/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to Automation Worx Software Suite \u0026gt; 1.89"
}
],
"value": "Upgrade to Automation Worx Software Suite \u003e 1.89"
}
],
"source": {
"advisory": "VDE-2022-048",
"defect": [
"CERT@VDE64164"
],
"discovery": "EXTERNAL"
},
"title": "Out-of-bounds Read in PHOENIX CONTACT Automationworx Software Suite",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-3737",
"datePublished": "2022-11-15T10:59:00.713Z",
"dateReserved": "2022-10-28T07:16:41.383Z",
"dateUpdated": "2024-08-03T01:20:57.710Z",
"requesterUserId": "267706bf-c75a-4dca-aafe-11e4a82952d7",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-201910-0993
Vulnerability from variot
An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Out-of-bounds Read and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project to be able to manipulate data inside. After manipulation, the attacker needs to exchange the original files with the manipulated ones on the application programming workstation. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Phoenix Contact Automationworx. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of BCP files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. The Automation Worx Software Suite is an automation package from Phoenix Contact
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "automationworx",
"scope": null,
"trust": 2.1,
"vendor": "phoenix contact",
"version": null
},
{
"_id": null,
"model": "pc worx express",
"scope": "lte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.86"
},
{
"_id": null,
"model": "config\\+",
"scope": "lte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.86"
},
{
"_id": null,
"model": "pc worx",
"scope": "lte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.86"
},
{
"_id": null,
"model": "config+",
"scope": "lte",
"trust": 0.8,
"vendor": "phoenix contact",
"version": "1.86"
},
{
"_id": null,
"model": "pc worx",
"scope": "lte",
"trust": 0.8,
"vendor": "phoenix contact",
"version": "1.86"
},
{
"_id": null,
"model": "pc worx express",
"scope": "lte",
"trust": 0.8,
"vendor": "phoenix contact",
"version": "1.86"
},
{
"_id": null,
"model": "contact worx",
"scope": "lte",
"trust": 0.6,
"vendor": "phoenix",
"version": "\u003c=1.86"
},
{
"_id": null,
"model": "contact worx express",
"scope": "lte",
"trust": 0.6,
"vendor": "phoenix",
"version": "\u003c=1.86"
},
{
"_id": null,
"model": "contact config+",
"scope": "lte",
"trust": 0.6,
"vendor": "phoenix",
"version": "\u003c=1.86"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "config",
"version": "*"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pc worx",
"version": "*"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pc worx express",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "22dcaf1b-5ab4-4d7f-ac27-00246d44ba9f"
},
{
"db": "ZDI",
"id": "ZDI-19-922"
},
{
"db": "ZDI",
"id": "ZDI-19-923"
},
{
"db": "ZDI",
"id": "ZDI-19-991"
},
{
"db": "CNVD",
"id": "CNVD-2019-40083"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011621"
},
{
"db": "NVD",
"id": "CVE-2019-16675"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:phoenixcontact:config%2b",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:phoenixcontact:pc_worx",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:phoenixcontact:pc_worx_express",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011621"
}
]
},
"credits": {
"_id": null,
"data": "9sg Security Team",
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-922"
},
{
"db": "ZDI",
"id": "ZDI-19-991"
}
],
"trust": 1.4
},
"cve": "CVE-2019-16675",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2019-16675",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2019-40083",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "22dcaf1b-5ab4-4d7f-ac27-00246d44ba9f",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-16675",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.1,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-16675",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-16675",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2019-16675",
"trust": 2.1,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2019-16675",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-16675",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-40083",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-1720",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "22dcaf1b-5ab4-4d7f-ac27-00246d44ba9f",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-16675",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "22dcaf1b-5ab4-4d7f-ac27-00246d44ba9f"
},
{
"db": "ZDI",
"id": "ZDI-19-922"
},
{
"db": "ZDI",
"id": "ZDI-19-923"
},
{
"db": "ZDI",
"id": "ZDI-19-991"
},
{
"db": "CNVD",
"id": "CNVD-2019-40083"
},
{
"db": "VULMON",
"id": "CVE-2019-16675"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011621"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1720"
},
{
"db": "NVD",
"id": "CVE-2019-16675"
}
]
},
"description": {
"_id": null,
"data": "An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Out-of-bounds Read and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project to be able to manipulate data inside. After manipulation, the attacker needs to exchange the original files with the manipulated ones on the application programming workstation. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Phoenix Contact Automationworx. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of BCP files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. The Automation Worx Software Suite is an automation package from Phoenix Contact",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-16675"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011621"
},
{
"db": "ZDI",
"id": "ZDI-19-922"
},
{
"db": "ZDI",
"id": "ZDI-19-923"
},
{
"db": "ZDI",
"id": "ZDI-19-991"
},
{
"db": "CNVD",
"id": "CNVD-2019-40083"
},
{
"db": "IVD",
"id": "22dcaf1b-5ab4-4d7f-ac27-00246d44ba9f"
},
{
"db": "VULMON",
"id": "CVE-2019-16675"
}
],
"trust": 4.32
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2019-16675",
"trust": 5.4
},
{
"db": "ICS CERT",
"id": "ICSA-19-302-01",
"trust": 3.1
},
{
"db": "ZDI",
"id": "ZDI-19-922",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-19-991",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-19-923",
"trust": 1.3
},
{
"db": "CNVD",
"id": "CNVD-2019-40083",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1720",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011621",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-7782",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-7783",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-8097",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.4007",
"trust": 0.6
},
{
"db": "IVD",
"id": "22DCAF1B-5AB4-4D7F-AC27-00246D44BA9F",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2019-16675",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "22dcaf1b-5ab4-4d7f-ac27-00246d44ba9f"
},
{
"db": "ZDI",
"id": "ZDI-19-922"
},
{
"db": "ZDI",
"id": "ZDI-19-923"
},
{
"db": "ZDI",
"id": "ZDI-19-991"
},
{
"db": "CNVD",
"id": "CNVD-2019-40083"
},
{
"db": "VULMON",
"id": "CVE-2019-16675"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011621"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1720"
},
{
"db": "NVD",
"id": "CVE-2019-16675"
}
]
},
"id": "VAR-201910-0993",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "22dcaf1b-5ab4-4d7f-ac27-00246d44ba9f"
},
{
"db": "CNVD",
"id": "CNVD-2019-40083"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "22dcaf1b-5ab4-4d7f-ac27-00246d44ba9f"
},
{
"db": "CNVD",
"id": "CNVD-2019-40083"
}
]
},
"last_update_date": "2024-11-23T22:05:58.228000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Phoenix Contact has issued an update to correct this vulnerability.",
"trust": 2.1,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-302-01"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.phoenixcontact.com/online/portal/pc"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-922"
},
{
"db": "ZDI",
"id": "ZDI-19-923"
},
{
"db": "ZDI",
"id": "ZDI-19-991"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011621"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-125",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011621"
},
{
"db": "NVD",
"id": "CVE-2019-16675"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 5.2,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-302-01"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-922/"
},
{
"trust": 1.7,
"url": "https://cert.vde.com/en-us/advisories"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-991/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16675"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-16675"
},
{
"trust": 0.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-923/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4007/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110659"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-922"
},
{
"db": "ZDI",
"id": "ZDI-19-923"
},
{
"db": "ZDI",
"id": "ZDI-19-991"
},
{
"db": "CNVD",
"id": "CNVD-2019-40083"
},
{
"db": "VULMON",
"id": "CVE-2019-16675"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011621"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1720"
},
{
"db": "NVD",
"id": "CVE-2019-16675"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "22dcaf1b-5ab4-4d7f-ac27-00246d44ba9f",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-922",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-923",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-991",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2019-40083",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2019-16675",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011621",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1720",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2019-16675",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2019-11-12T00:00:00",
"db": "IVD",
"id": "22dcaf1b-5ab4-4d7f-ac27-00246d44ba9f",
"ident": null
},
{
"date": "2019-10-29T00:00:00",
"db": "ZDI",
"id": "ZDI-19-922",
"ident": null
},
{
"date": "2019-10-29T00:00:00",
"db": "ZDI",
"id": "ZDI-19-923",
"ident": null
},
{
"date": "2019-11-26T00:00:00",
"db": "ZDI",
"id": "ZDI-19-991",
"ident": null
},
{
"date": "2019-11-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-40083",
"ident": null
},
{
"date": "2019-10-31T00:00:00",
"db": "VULMON",
"id": "CVE-2019-16675",
"ident": null
},
{
"date": "2019-11-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011621",
"ident": null
},
{
"date": "2019-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-1720",
"ident": null
},
{
"date": "2019-10-31T22:15:10.567000",
"db": "NVD",
"id": "CVE-2019-16675",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2019-10-29T00:00:00",
"db": "ZDI",
"id": "ZDI-19-922",
"ident": null
},
{
"date": "2019-10-29T00:00:00",
"db": "ZDI",
"id": "ZDI-19-923",
"ident": null
},
{
"date": "2019-11-26T00:00:00",
"db": "ZDI",
"id": "ZDI-19-991",
"ident": null
},
{
"date": "2019-11-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-40083",
"ident": null
},
{
"date": "2020-08-24T00:00:00",
"db": "VULMON",
"id": "CVE-2019-16675",
"ident": null
},
{
"date": "2019-11-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011621",
"ident": null
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-1720",
"ident": null
},
{
"date": "2024-11-21T04:30:57.417000",
"db": "NVD",
"id": "CVE-2019-16675",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-1720"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Phoenix Contact Automationworx BCP File Parsing Memory Corruption Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-922"
},
{
"db": "ZDI",
"id": "ZDI-19-923"
}
],
"trust": 1.4
},
"type": {
"_id": null,
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-1720"
}
],
"trust": 0.6
}
}