github - ghsa-m8p2-4fmh-2gr9

ghsa-m8p2-4fmh-2gr9

Vulnerability from github

Published

2022-05-24 19:19

Modified

2022-05-24 19:19

Details

Improper Input Validation vulnerability in PC Worx Automation Suite of Phoenix Contact up to version 1.88 could allow an attacker with a manipulated project file to unpack arbitrary files outside of the selected project directory.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-34597"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-11-04T10:15:00Z",
    "severity": "HIGH"
  },
  "details": "Improper Input Validation vulnerability in PC Worx Automation Suite of Phoenix Contact up to version 1.88 could allow an attacker with a manipulated project file to unpack arbitrary files outside of the selected project directory.",
  "id": "GHSA-m8p2-4fmh-2gr9",
  "modified": "2022-05-24T19:19:47Z",
  "published": "2022-05-24T19:19:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34597"
    },
    {
      "type": "WEB",
      "url": "https://cert.vde.com/en/advisories/VDE-2021-052"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

cve-2021-34597

Vulnerability from cvelistv5

Published

2021-11-04 09:50

Modified

2024-09-16 18:09

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

▼	URL	Tags
	https://cert.vde.com/en/advisories/VDE-2021-052/	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Phoenix Contact	PC Worx	Version: PC Worx < Version: PC Worx-Express <

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:19:47.360Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en/advisories/VDE-2021-052/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "PC Worx",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThanOrEqual": "1.88",
              "status": "affected",
              "version": "PC Worx",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "1.88",
              "status": "affected",
              "version": "PC Worx-Express",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "The vulnerability was discovered by Jake Baines of Dragos Inc. We kindly appreciate the coordinated disclosure of these vulnerabilities by the finder."
        },
        {
          "lang": "en",
          "value": "PHOENIX CONTACT thanks CERT@VDE for the coordination and support with this publication."
        }
      ],
      "datePublic": "2021-11-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper Input Validation vulnerability in PC Worx Automation Suite of Phoenix Contact up to version 1.88 could allow an attacker with a manipulated project file to unpack arbitrary files outside of the selected project directory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-11-04T09:50:10",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert.vde.com/en/advisories/VDE-2021-052/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "With the next version of Automation Worx Software Suite additional plausibility checks for archive content will be implemented."
        }
      ],
      "source": {
        "advisory": "VDE-2021-052",
        "discovery": "EXTERNAL"
      },
      "title": "Phoenix Contact: PC Worx/-Express prone to improper input validation vulnerability",
      "workarounds": [
        {
          "lang": "en",
          "value": "Temporary Fix / Mitigation\nWe strongly recommend customers to exchange project files only using secure file exchange services. Project files should not be exchanged via unencrypted email.\nIn addition, we recommend exchanging or storing project files together with a checksum to ensure their integrity."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "info@cert.vde.com",
          "DATE_PUBLIC": "2021-11-03T08:54:00.000Z",
          "ID": "CVE-2021-34597",
          "STATE": "PUBLIC",
          "TITLE": "Phoenix Contact: PC Worx/-Express prone to improper input validation vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "PC Worx",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "PC Worx",
                            "version_value": "1.88"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "PC Worx-Express",
                            "version_value": "1.88"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Phoenix Contact"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "The vulnerability was discovered by Jake Baines of Dragos Inc. We kindly appreciate the coordinated disclosure of these vulnerabilities by the finder."
          },
          {
            "lang": "eng",
            "value": "PHOENIX CONTACT thanks CERT@VDE for the coordination and support with this publication."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Improper Input Validation vulnerability in PC Worx Automation Suite of Phoenix Contact up to version 1.88 could allow an attacker with a manipulated project file to unpack arbitrary files outside of the selected project directory."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20 Improper Input Validation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert.vde.com/en/advisories/VDE-2021-052/",
              "refsource": "CONFIRM",
              "url": "https://cert.vde.com/en/advisories/VDE-2021-052/"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "With the next version of Automation Worx Software Suite additional plausibility checks for archive content will be implemented."
          }
        ],
        "source": {
          "advisory": "VDE-2021-052",
          "discovery": "EXTERNAL"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "Temporary Fix / Mitigation\nWe strongly recommend customers to exchange project files only using secure file exchange services. Project files should not be exchanged via unencrypted email.\nIn addition, we recommend exchanging or storing project files together with a checksum to ensure their integrity."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2021-34597",
    "datePublished": "2021-11-04T09:50:10.155218Z",
    "dateReserved": "2021-06-10T00:00:00",
    "dateUpdated": "2024-09-16T18:09:20.367Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted