Vulnerabilites related to Phoenix Contact - PC Worx
cve-2023-46143
Vulnerability from cvelistv5
Published
2023-12-14 14:06
Modified
2024-08-02 20:37
Severity ?
EPSS score ?
Summary
Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT classic line PLCs allows an unauthenticated remote attacker to modify some or all applications on a PLC.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | PHOENIX CONTACT | Automation Worx Software Suite |
Version: all |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:37:39.880Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-057/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Automation Worx Software Suite",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AXC 1050",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AXC 1050 XC",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AXC 3050",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Config+",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FC 350 PCI ETH",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ILC1x0",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ILC1x1",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ILC 3xx",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PC Worx",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PC Worx Express",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PC WORX RT BASIC",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PC WORX SRT",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RFC 430 ETH-IB",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RFC 450 ETH-IB",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RFC 460R PN 3TX",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RFC 470S PN 3TX",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RFC 480S PN 4TX",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Reid Wightman of Dragos, Inc."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT classic line PLCs allows an unauthenticated remote attacker to modify some or all applications on a PLC."
}
],
"value": "Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT classic line PLCs allows an unauthenticated remote attacker to modify some or all applications on a PLC."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-494",
"description": "CWE-494 Download of Code Without Integrity Check",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-14T14:07:36.807Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-057/"
}
],
"source": {
"advisory": "VDE-2023-057",
"defect": [
"CERT@VDE#64610"
],
"discovery": "EXTERNAL"
},
"title": "Phoenix Contact: Classic line industrial controllers prone to inadequate integrity check of PLC",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2023-46143",
"datePublished": "2023-12-14T14:06:06.479Z",
"dateReserved": "2023-10-17T07:04:03.576Z",
"dateUpdated": "2024-08-02T20:37:39.880Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-3461
Vulnerability from cvelistv5
Published
2022-11-15 10:59
Modified
2024-08-03 01:07
Severity ?
EPSS score ?
Summary
In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 manipulated PC Worx or Config+ files could lead to a heap buffer overflow and a read access violation. Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | PHOENIX CONTACT | Config+ |
Version: 0 ≤ 1.89 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:07:06.698Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-048/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Config+",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "1.89",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PC Worx",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "1.89",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PC Worx Express",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "1.89",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "This vulnerability was discovered by Michael Heinzl"
}
],
"datePublic": "2022-11-08T08:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 manipulated PC Worx or Config+ files could lead to a heap buffer overflow and a read access violation. Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities."
}
],
"value": "In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 manipulated PC Worx or Config+ files could lead to a heap buffer overflow and a read access violation. Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-15T10:59:53.718Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2022-048/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to Automation Worx Software Suite \u0026gt; 1.89"
}
],
"value": "Upgrade to Automation Worx Software Suite \u003e 1.89"
}
],
"source": {
"advisory": "VDE-2022-048",
"defect": [
"CERT@VDE64164"
],
"discovery": "EXTERNAL"
},
"title": "Buffer Overflow in PHOENIX CONTACT Automationworx Software Suite",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-3461",
"datePublished": "2022-11-15T10:59:53.718Z",
"dateReserved": "2022-10-12T05:45:11.921Z",
"dateUpdated": "2024-08-03T01:07:06.698Z",
"requesterUserId": "a1e5283b-8f0d-401e-98b2-bc6219c0e8d1",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-34597
Vulnerability from cvelistv5
Published
2021-11-04 09:50
Modified
2024-09-16 18:09
Severity ?
EPSS score ?
Summary
Improper Input Validation vulnerability in PC Worx Automation Suite of Phoenix Contact up to version 1.88 could allow an attacker with a manipulated project file to unpack arbitrary files outside of the selected project directory.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert.vde.com/en/advisories/VDE-2021-052/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Phoenix Contact | PC Worx |
Version: PC Worx < Version: PC Worx-Express < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:47.360Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-052/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PC Worx",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThanOrEqual": "1.88",
"status": "affected",
"version": "PC Worx",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.88",
"status": "affected",
"version": "PC Worx-Express",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "The vulnerability was discovered by Jake Baines of Dragos Inc. We kindly appreciate the coordinated disclosure of these vulnerabilities by the finder."
},
{
"lang": "en",
"value": "PHOENIX CONTACT thanks CERT@VDE for the coordination and support with this publication."
}
],
"datePublic": "2021-11-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation vulnerability in PC Worx Automation Suite of Phoenix Contact up to version 1.88 could allow an attacker with a manipulated project file to unpack arbitrary files outside of the selected project directory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-04T09:50:10",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-052/"
}
],
"solutions": [
{
"lang": "en",
"value": "With the next version of Automation Worx Software Suite additional plausibility checks for archive content will be implemented."
}
],
"source": {
"advisory": "VDE-2021-052",
"discovery": "EXTERNAL"
},
"title": "Phoenix Contact: PC Worx/-Express prone to improper input validation vulnerability",
"workarounds": [
{
"lang": "en",
"value": "Temporary Fix / Mitigation\nWe strongly recommend customers to exchange project files only using secure file exchange services. Project files should not be exchanged via unencrypted email.\nIn addition, we recommend exchanging or storing project files together with a checksum to ensure their integrity."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-11-03T08:54:00.000Z",
"ID": "CVE-2021-34597",
"STATE": "PUBLIC",
"TITLE": "Phoenix Contact: PC Worx/-Express prone to improper input validation vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PC Worx",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "PC Worx",
"version_value": "1.88"
},
{
"version_affected": "\u003c=",
"version_name": "PC Worx-Express",
"version_value": "1.88"
}
]
}
}
]
},
"vendor_name": "Phoenix Contact"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "The vulnerability was discovered by Jake Baines of Dragos Inc. We kindly appreciate the coordinated disclosure of these vulnerabilities by the finder."
},
{
"lang": "eng",
"value": "PHOENIX CONTACT thanks CERT@VDE for the coordination and support with this publication."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Input Validation vulnerability in PC Worx Automation Suite of Phoenix Contact up to version 1.88 could allow an attacker with a manipulated project file to unpack arbitrary files outside of the selected project directory."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en/advisories/VDE-2021-052/",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2021-052/"
}
]
},
"solution": [
{
"lang": "en",
"value": "With the next version of Automation Worx Software Suite additional plausibility checks for archive content will be implemented."
}
],
"source": {
"advisory": "VDE-2021-052",
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Temporary Fix / Mitigation\nWe strongly recommend customers to exchange project files only using secure file exchange services. Project files should not be exchanged via unencrypted email.\nIn addition, we recommend exchanging or storing project files together with a checksum to ensure their integrity."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-34597",
"datePublished": "2021-11-04T09:50:10.155218Z",
"dateReserved": "2021-06-10T00:00:00",
"dateUpdated": "2024-09-16T18:09:20.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-46141
Vulnerability from cvelistv5
Published
2023-12-14 14:05
Modified
2024-08-02 20:37
Severity ?
EPSS score ?
Summary
Incorrect Permission Assignment for Critical Resource vulnerability in multiple products of the PHOENIX CONTACT classic line allow an remote unauthenticated attacker to gain full access of the affected device.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | PHOENIX CONTACT | Automation Worx Software Suite |
Version: all |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:37:39.537Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-055/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Automation Worx Software Suite",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AXC 1050",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AXC 1050 XC",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AXC 3050",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Config+",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FC 350 PCI ETH",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ILC1x0",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ILC1x1",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ILC 3xx",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PC Worx",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PC Worx Express",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PC WORX RT BASIC",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PC WORX SRT",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RFC 430 ETH-IB",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RFC 450 ETH-IB",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RFC 460R PN 3TX",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RFC 470S PN 3TX",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RFC 480S PN 4TX",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "all"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Reid Wightman of Dragos, Inc."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect Permission Assignment for Critical Resource vulnerability in multiple products of the PHOENIX CONTACT classic line allow an remote unauthenticated attacker to gain full access of the affected device."
}
],
"value": "Incorrect Permission Assignment for Critical Resource vulnerability in multiple products of the PHOENIX CONTACT classic line allow an remote unauthenticated attacker to gain full access of the affected device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-14T14:05:11.292Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-055/"
}
],
"source": {
"advisory": "VDE-2023-055",
"defect": [
"CERT@VDE#64608"
],
"discovery": "EXTERNAL"
},
"title": "Phoenix Contact: Automation Worx and classic line controllers prone to Incorrect Permission Assignment for Critical Resource",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2023-46141",
"datePublished": "2023-12-14T14:05:11.292Z",
"dateReserved": "2023-10-17T07:04:03.576Z",
"dateUpdated": "2024-08-02T20:37:39.537Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-3737
Vulnerability from cvelistv5
Published
2022-11-15 10:59
Modified
2024-08-03 01:20
Severity ?
EPSS score ?
Summary
In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 memory can be read beyond the intended scope due to insufficient validation of input data. Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | PHOENIX CONTACT | Config+ |
Version: 0 ≤ 1.89 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:20:57.710Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-048/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Config+",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "1.89",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PC Worx",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "1.89",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PC Worx Express",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "1.89",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "This vulnerability was discovered by Michael Heinzl"
}
],
"datePublic": "2022-11-08T08:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 memory can be read beyond the intended scope due to insufficient validation of input data. Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities."
}
],
"value": "In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 memory can be read beyond the intended scope due to insufficient validation of input data. Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-15T10:59:00.713Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2022-048/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to Automation Worx Software Suite \u0026gt; 1.89"
}
],
"value": "Upgrade to Automation Worx Software Suite \u003e 1.89"
}
],
"source": {
"advisory": "VDE-2022-048",
"defect": [
"CERT@VDE64164"
],
"discovery": "EXTERNAL"
},
"title": "Out-of-bounds Read in PHOENIX CONTACT Automationworx Software Suite",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-3737",
"datePublished": "2022-11-15T10:59:00.713Z",
"dateReserved": "2022-10-28T07:16:41.383Z",
"dateUpdated": "2024-08-03T01:20:57.710Z",
"requesterUserId": "267706bf-c75a-4dca-aafe-11e4a82952d7",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-201910-0993
Vulnerability from variot
An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Out-of-bounds Read and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project to be able to manipulate data inside. After manipulation, the attacker needs to exchange the original files with the manipulated ones on the application programming workstation. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Phoenix Contact Automationworx. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of BCP files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. The Automation Worx Software Suite is an automation package from Phoenix Contact
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "automationworx",
"scope": null,
"trust": 2.1,
"vendor": "phoenix contact",
"version": null
},
{
"_id": null,
"model": "pc worx express",
"scope": "lte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.86"
},
{
"_id": null,
"model": "config\\+",
"scope": "lte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.86"
},
{
"_id": null,
"model": "pc worx",
"scope": "lte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.86"
},
{
"_id": null,
"model": "config+",
"scope": "lte",
"trust": 0.8,
"vendor": "phoenix contact",
"version": "1.86"
},
{
"_id": null,
"model": "pc worx",
"scope": "lte",
"trust": 0.8,
"vendor": "phoenix contact",
"version": "1.86"
},
{
"_id": null,
"model": "pc worx express",
"scope": "lte",
"trust": 0.8,
"vendor": "phoenix contact",
"version": "1.86"
},
{
"_id": null,
"model": "contact worx",
"scope": "lte",
"trust": 0.6,
"vendor": "phoenix",
"version": "\u003c=1.86"
},
{
"_id": null,
"model": "contact worx express",
"scope": "lte",
"trust": 0.6,
"vendor": "phoenix",
"version": "\u003c=1.86"
},
{
"_id": null,
"model": "contact config+",
"scope": "lte",
"trust": 0.6,
"vendor": "phoenix",
"version": "\u003c=1.86"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "config",
"version": "*"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pc worx",
"version": "*"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pc worx express",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "22dcaf1b-5ab4-4d7f-ac27-00246d44ba9f"
},
{
"db": "ZDI",
"id": "ZDI-19-922"
},
{
"db": "ZDI",
"id": "ZDI-19-923"
},
{
"db": "ZDI",
"id": "ZDI-19-991"
},
{
"db": "CNVD",
"id": "CNVD-2019-40083"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011621"
},
{
"db": "NVD",
"id": "CVE-2019-16675"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:phoenixcontact:config%2b",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:phoenixcontact:pc_worx",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:phoenixcontact:pc_worx_express",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011621"
}
]
},
"credits": {
"_id": null,
"data": "9sg Security Team",
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-922"
},
{
"db": "ZDI",
"id": "ZDI-19-991"
}
],
"trust": 1.4
},
"cve": "CVE-2019-16675",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2019-16675",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2019-40083",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "22dcaf1b-5ab4-4d7f-ac27-00246d44ba9f",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-16675",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.1,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-16675",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-16675",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2019-16675",
"trust": 2.1,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2019-16675",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-16675",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-40083",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-1720",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "22dcaf1b-5ab4-4d7f-ac27-00246d44ba9f",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-16675",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "22dcaf1b-5ab4-4d7f-ac27-00246d44ba9f"
},
{
"db": "ZDI",
"id": "ZDI-19-922"
},
{
"db": "ZDI",
"id": "ZDI-19-923"
},
{
"db": "ZDI",
"id": "ZDI-19-991"
},
{
"db": "CNVD",
"id": "CNVD-2019-40083"
},
{
"db": "VULMON",
"id": "CVE-2019-16675"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011621"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1720"
},
{
"db": "NVD",
"id": "CVE-2019-16675"
}
]
},
"description": {
"_id": null,
"data": "An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Out-of-bounds Read and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project to be able to manipulate data inside. After manipulation, the attacker needs to exchange the original files with the manipulated ones on the application programming workstation. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Phoenix Contact Automationworx. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of BCP files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. The Automation Worx Software Suite is an automation package from Phoenix Contact",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-16675"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011621"
},
{
"db": "ZDI",
"id": "ZDI-19-922"
},
{
"db": "ZDI",
"id": "ZDI-19-923"
},
{
"db": "ZDI",
"id": "ZDI-19-991"
},
{
"db": "CNVD",
"id": "CNVD-2019-40083"
},
{
"db": "IVD",
"id": "22dcaf1b-5ab4-4d7f-ac27-00246d44ba9f"
},
{
"db": "VULMON",
"id": "CVE-2019-16675"
}
],
"trust": 4.32
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2019-16675",
"trust": 5.4
},
{
"db": "ICS CERT",
"id": "ICSA-19-302-01",
"trust": 3.1
},
{
"db": "ZDI",
"id": "ZDI-19-922",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-19-991",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-19-923",
"trust": 1.3
},
{
"db": "CNVD",
"id": "CNVD-2019-40083",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1720",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011621",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-7782",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-7783",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-8097",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.4007",
"trust": 0.6
},
{
"db": "IVD",
"id": "22DCAF1B-5AB4-4D7F-AC27-00246D44BA9F",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2019-16675",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "22dcaf1b-5ab4-4d7f-ac27-00246d44ba9f"
},
{
"db": "ZDI",
"id": "ZDI-19-922"
},
{
"db": "ZDI",
"id": "ZDI-19-923"
},
{
"db": "ZDI",
"id": "ZDI-19-991"
},
{
"db": "CNVD",
"id": "CNVD-2019-40083"
},
{
"db": "VULMON",
"id": "CVE-2019-16675"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011621"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1720"
},
{
"db": "NVD",
"id": "CVE-2019-16675"
}
]
},
"id": "VAR-201910-0993",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "22dcaf1b-5ab4-4d7f-ac27-00246d44ba9f"
},
{
"db": "CNVD",
"id": "CNVD-2019-40083"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "22dcaf1b-5ab4-4d7f-ac27-00246d44ba9f"
},
{
"db": "CNVD",
"id": "CNVD-2019-40083"
}
]
},
"last_update_date": "2024-11-23T22:05:58.228000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Phoenix Contact has issued an update to correct this vulnerability.",
"trust": 2.1,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-302-01"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.phoenixcontact.com/online/portal/pc"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-922"
},
{
"db": "ZDI",
"id": "ZDI-19-923"
},
{
"db": "ZDI",
"id": "ZDI-19-991"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011621"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-125",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011621"
},
{
"db": "NVD",
"id": "CVE-2019-16675"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 5.2,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-302-01"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-922/"
},
{
"trust": 1.7,
"url": "https://cert.vde.com/en-us/advisories"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-991/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16675"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-16675"
},
{
"trust": 0.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-923/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4007/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110659"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-922"
},
{
"db": "ZDI",
"id": "ZDI-19-923"
},
{
"db": "ZDI",
"id": "ZDI-19-991"
},
{
"db": "CNVD",
"id": "CNVD-2019-40083"
},
{
"db": "VULMON",
"id": "CVE-2019-16675"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011621"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1720"
},
{
"db": "NVD",
"id": "CVE-2019-16675"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "22dcaf1b-5ab4-4d7f-ac27-00246d44ba9f",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-922",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-923",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-991",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2019-40083",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2019-16675",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011621",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1720",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2019-16675",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2019-11-12T00:00:00",
"db": "IVD",
"id": "22dcaf1b-5ab4-4d7f-ac27-00246d44ba9f",
"ident": null
},
{
"date": "2019-10-29T00:00:00",
"db": "ZDI",
"id": "ZDI-19-922",
"ident": null
},
{
"date": "2019-10-29T00:00:00",
"db": "ZDI",
"id": "ZDI-19-923",
"ident": null
},
{
"date": "2019-11-26T00:00:00",
"db": "ZDI",
"id": "ZDI-19-991",
"ident": null
},
{
"date": "2019-11-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-40083",
"ident": null
},
{
"date": "2019-10-31T00:00:00",
"db": "VULMON",
"id": "CVE-2019-16675",
"ident": null
},
{
"date": "2019-11-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011621",
"ident": null
},
{
"date": "2019-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-1720",
"ident": null
},
{
"date": "2019-10-31T22:15:10.567000",
"db": "NVD",
"id": "CVE-2019-16675",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2019-10-29T00:00:00",
"db": "ZDI",
"id": "ZDI-19-922",
"ident": null
},
{
"date": "2019-10-29T00:00:00",
"db": "ZDI",
"id": "ZDI-19-923",
"ident": null
},
{
"date": "2019-11-26T00:00:00",
"db": "ZDI",
"id": "ZDI-19-991",
"ident": null
},
{
"date": "2019-11-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-40083",
"ident": null
},
{
"date": "2020-08-24T00:00:00",
"db": "VULMON",
"id": "CVE-2019-16675",
"ident": null
},
{
"date": "2019-11-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011621",
"ident": null
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-1720",
"ident": null
},
{
"date": "2024-11-21T04:30:57.417000",
"db": "NVD",
"id": "CVE-2019-16675",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-1720"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Phoenix Contact Automationworx BCP File Parsing Memory Corruption Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-922"
},
{
"db": "ZDI",
"id": "ZDI-19-923"
}
],
"trust": 1.4
},
"type": {
"_id": null,
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-1720"
}
],
"trust": 0.6
}
}
var-202007-0239
Vulnerability from variot
mwe file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier is vulnerable to out-of-bounds read remote code execution. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation. (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Phoenix Contact Automationworx. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of MWE files by the PC WORX and PC WORX Express executables. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Phoenix Contact PC Worx and Phoenix Contact PC Worx Express are both a set of programming software for PLC (programmable logic controller) of Phoenix Contact (Germany Phoenix Contact)
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "pc worx",
"scope": "lt",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.87"
},
{
"_id": null,
"model": "pc worx express",
"scope": "lte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.87"
},
{
"_id": null,
"model": "pc worx",
"scope": "eq",
"trust": 0.8,
"vendor": "phoenix contact",
"version": "1.87"
},
{
"_id": null,
"model": "pc worx express",
"scope": "eq",
"trust": 0.8,
"vendor": "phoenix contact",
"version": "1.87"
},
{
"_id": null,
"model": "automationworx",
"scope": null,
"trust": 0.7,
"vendor": "phoenix contact",
"version": null
},
{
"_id": null,
"model": "contact pc worx",
"scope": "lte",
"trust": 0.6,
"vendor": "phoenix",
"version": "\u003c=1.87"
},
{
"_id": null,
"model": "contact pc worx express",
"scope": "lte",
"trust": 0.6,
"vendor": "phoenix",
"version": "\u003c=1.87"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-826"
},
{
"db": "CNVD",
"id": "CNVD-2020-38415"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007565"
},
{
"db": "NVD",
"id": "CVE-2020-12498"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:phoenixcontact:pc_worx",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:phoenixcontact:pc_worx_express",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007565"
}
]
},
"credits": {
"_id": null,
"data": "mdm",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-826"
}
],
"trust": 0.7
},
"cve": "CVE-2020-12498",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2020-12498",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-007565",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2020-38415",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-12498",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-007565",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-12498",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-12498",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "info@cert.vde.com",
"id": "CVE-2020-12498",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-007565",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2020-12498",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2020-38415",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202007-073",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-826"
},
{
"db": "CNVD",
"id": "CNVD-2020-38415"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007565"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-073"
},
{
"db": "NVD",
"id": "CVE-2020-12498"
},
{
"db": "NVD",
"id": "CVE-2020-12498"
}
]
},
"description": {
"_id": null,
"data": "mwe file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier is vulnerable to out-of-bounds read remote code execution. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation. (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Phoenix Contact Automationworx. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of MWE files by the PC WORX and PC WORX Express executables. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Phoenix Contact PC Worx and Phoenix Contact PC Worx Express are both a set of programming software for PLC (programmable logic controller) of Phoenix Contact (Germany Phoenix Contact)",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12498"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007565"
},
{
"db": "ZDI",
"id": "ZDI-20-826"
},
{
"db": "CNVD",
"id": "CNVD-2020-38415"
}
],
"trust": 2.79
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-12498",
"trust": 3.7
},
{
"db": "CERT@VDE",
"id": "VDE-2020-023",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-20-826",
"trust": 2.3
},
{
"db": "ICS CERT",
"id": "ICSA-20-191-01",
"trust": 1.4
},
{
"db": "JVN",
"id": "JVNVU97113078",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007565",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10586",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-38415",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "47403",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "47078",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2365",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202007-073",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-826"
},
{
"db": "CNVD",
"id": "CNVD-2020-38415"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007565"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-073"
},
{
"db": "NVD",
"id": "CVE-2020-12498"
}
]
},
"id": "VAR-202007-0239",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38415"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38415"
}
]
},
"last_update_date": "2024-11-23T22:05:29.433000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.phoenixcontact.com/online/portal/pi?1dmy\u0026urile=wcm%3apath%3a/pien/web/home"
},
{
"title": "Phoenix Contact has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-191-01"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-826"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007565"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-125",
"trust": 1.8
},
{
"problemtype": "CWE-121",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007565"
},
{
"db": "NVD",
"id": "CVE-2020-12498"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.4,
"url": "https://cert.vde.com/de-de/advisories/vde-2020-023"
},
{
"trust": 2.1,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-191-01"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12498"
},
{
"trust": 1.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-826/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12498"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97113078/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47403"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47078"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2365/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-826"
},
{
"db": "CNVD",
"id": "CNVD-2020-38415"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007565"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-073"
},
{
"db": "NVD",
"id": "CVE-2020-12498"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-20-826",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2020-38415",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007565",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202007-073",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-12498",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2020-07-10T00:00:00",
"db": "ZDI",
"id": "ZDI-20-826",
"ident": null
},
{
"date": "2020-07-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-38415",
"ident": null
},
{
"date": "2020-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-007565",
"ident": null
},
{
"date": "2020-07-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-073",
"ident": null
},
{
"date": "2020-07-01T16:15:12.963000",
"db": "NVD",
"id": "CVE-2020-12498",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2020-07-10T00:00:00",
"db": "ZDI",
"id": "ZDI-20-826",
"ident": null
},
{
"date": "2020-07-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-38415",
"ident": null
},
{
"date": "2020-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-007565",
"ident": null
},
{
"date": "2020-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-073",
"ident": null
},
{
"date": "2024-11-21T04:59:48.397000",
"db": "NVD",
"id": "CVE-2020-12498",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-073"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Phoenix Contact PC Worx and PC Worx Express Out-of-bounds read vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007565"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-073"
}
],
"trust": 0.6
}
}
var-202007-0238
Vulnerability from variot
PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier can lead to a stack-based overflow. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation. (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Phoenix Contact Automationworx. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PLCOpen XML files. When parsing the pou element, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Phoenix Contact PC Worx and Phoenix Contact PC Worx Express are both a set of programming software for PLC (programmable logic controller) of Phoenix Contact (Germany Phoenix Contact)
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "automationworx",
"scope": null,
"trust": 1.4,
"vendor": "phoenix contact",
"version": null
},
{
"_id": null,
"model": "pc worx",
"scope": "lt",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.87"
},
{
"_id": null,
"model": "pc worx express",
"scope": "lte",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": "1.87"
},
{
"_id": null,
"model": "pc worx",
"scope": "eq",
"trust": 0.8,
"vendor": "phoenix contact",
"version": "1.87"
},
{
"_id": null,
"model": "pc worx express",
"scope": "eq",
"trust": 0.8,
"vendor": "phoenix contact",
"version": "1.87"
},
{
"_id": null,
"model": "contact pc worx",
"scope": "lte",
"trust": 0.6,
"vendor": "phoenix",
"version": "\u003c=1.87"
},
{
"_id": null,
"model": "contact pc worx express",
"scope": "lte",
"trust": 0.6,
"vendor": "phoenix",
"version": "\u003c=1.87"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-825"
},
{
"db": "ZDI",
"id": "ZDI-21-398"
},
{
"db": "CNVD",
"id": "CNVD-2020-38414"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007564"
},
{
"db": "NVD",
"id": "CVE-2020-12497"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:phoenixcontact:pc_worx",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:phoenixcontact:pc_worx_express",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007564"
}
]
},
"credits": {
"_id": null,
"data": "Natnael Samson (@NattiSamson)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-825"
},
{
"db": "ZDI",
"id": "ZDI-21-398"
}
],
"trust": 1.4
},
"cve": "CVE-2020-12497",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2020-12497",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-007564",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2020-38414",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-12497",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-12497",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.4,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-007564",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2020-12497",
"trust": 1.4,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2020-12497",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "info@cert.vde.com",
"id": "CVE-2020-12497",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-007564",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-38414",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202007-072",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-12497",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-825"
},
{
"db": "ZDI",
"id": "ZDI-21-398"
},
{
"db": "CNVD",
"id": "CNVD-2020-38414"
},
{
"db": "VULMON",
"id": "CVE-2020-12497"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007564"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-072"
},
{
"db": "NVD",
"id": "CVE-2020-12497"
},
{
"db": "NVD",
"id": "CVE-2020-12497"
}
]
},
"description": {
"_id": null,
"data": "PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier can lead to a stack-based overflow. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation. (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Phoenix Contact Automationworx. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PLCOpen XML files. When parsing the pou element, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Phoenix Contact PC Worx and Phoenix Contact PC Worx Express are both a set of programming software for PLC (programmable logic controller) of Phoenix Contact (Germany Phoenix Contact)",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12497"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007564"
},
{
"db": "ZDI",
"id": "ZDI-20-825"
},
{
"db": "ZDI",
"id": "ZDI-21-398"
},
{
"db": "CNVD",
"id": "CNVD-2020-38414"
},
{
"db": "VULMON",
"id": "CVE-2020-12497"
}
],
"trust": 3.51
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-12497",
"trust": 4.5
},
{
"db": "CERT@VDE",
"id": "VDE-2020-023",
"trust": 2.5
},
{
"db": "ZDI",
"id": "ZDI-20-825",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-21-398",
"trust": 2.4
},
{
"db": "ICS CERT",
"id": "ICSA-20-191-01",
"trust": 1.4
},
{
"db": "JVN",
"id": "JVNVU97113078",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007564",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10147",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-12244",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-38414",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "47401",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "47118",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "47079",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2365",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202007-072",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-12497",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-825"
},
{
"db": "ZDI",
"id": "ZDI-21-398"
},
{
"db": "CNVD",
"id": "CNVD-2020-38414"
},
{
"db": "VULMON",
"id": "CVE-2020-12497"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007564"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-072"
},
{
"db": "NVD",
"id": "CVE-2020-12497"
}
]
},
"id": "VAR-202007-0238",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38414"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38414"
}
]
},
"last_update_date": "2024-11-23T22:05:29.362000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.phoenixcontact.com/online/portal/pi?1dmy\u0026urile=wcm%3apath%3a/pien/web/home"
},
{
"title": "Phoenix Contact has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-191-01"
},
{
"title": "",
"trust": 0.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-191-01https://cert.vde.com/en-us/advisories/vde-2020-023"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-825"
},
{
"db": "ZDI",
"id": "ZDI-21-398"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007564"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-787",
"trust": 1.8
},
{
"problemtype": "CWE-121",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007564"
},
{
"db": "NVD",
"id": "CVE-2020-12497"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.5,
"url": "https://cert.vde.com/de-de/advisories/vde-2020-023"
},
{
"trust": 2.4,
"url": "https://www.zerodayinitiative.com/advisories/zdi-21-398/"
},
{
"trust": 2.3,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-825/"
},
{
"trust": 2.1,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-191-01"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12497"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12497"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97113078/"
},
{
"trust": 0.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-191-01https://cert.vde.com/en-us/advisories/vde-2020-023"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47401"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47118"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47079"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2365/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-825"
},
{
"db": "ZDI",
"id": "ZDI-21-398"
},
{
"db": "CNVD",
"id": "CNVD-2020-38414"
},
{
"db": "VULMON",
"id": "CVE-2020-12497"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007564"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-072"
},
{
"db": "NVD",
"id": "CVE-2020-12497"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-20-825",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-21-398",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2020-38414",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2020-12497",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007564",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202007-072",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-12497",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2020-07-10T00:00:00",
"db": "ZDI",
"id": "ZDI-20-825",
"ident": null
},
{
"date": "2021-03-31T00:00:00",
"db": "ZDI",
"id": "ZDI-21-398",
"ident": null
},
{
"date": "2020-07-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-38414",
"ident": null
},
{
"date": "2020-07-01T00:00:00",
"db": "VULMON",
"id": "CVE-2020-12497",
"ident": null
},
{
"date": "2020-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-007564",
"ident": null
},
{
"date": "2020-07-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-072",
"ident": null
},
{
"date": "2020-07-01T16:15:12.853000",
"db": "NVD",
"id": "CVE-2020-12497",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2020-07-10T00:00:00",
"db": "ZDI",
"id": "ZDI-20-825",
"ident": null
},
{
"date": "2021-04-16T00:00:00",
"db": "ZDI",
"id": "ZDI-21-398",
"ident": null
},
{
"date": "2020-07-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-38414",
"ident": null
},
{
"date": "2021-03-31T00:00:00",
"db": "VULMON",
"id": "CVE-2020-12497",
"ident": null
},
{
"date": "2020-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-007564",
"ident": null
},
{
"date": "2021-04-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-072",
"ident": null
},
{
"date": "2024-11-21T04:59:48.283000",
"db": "NVD",
"id": "CVE-2020-12497",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-072"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Phoenix Contact PC Worx and PC Worx Express Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007564"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-072"
}
],
"trust": 0.6
}
}