CVE-2019-12870 - An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and C

CVE-2019-12870

Summary

An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Uninitialized Pointer and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation, the attacker needs to exchange the original file with the manipulated one on the application programming workstation.

References

Vulnerable Configurations

cpe:2.3:a:phoenixcontact:automationworx_software_suite:*:*:*:*:*:*:*:*
cpe:2.3:a:phoenixcontact:automationworx_software_suite:*:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 27-06-2019 - 16:26)
Impact:
Exploitability:

CWE

CWE-824

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

misc

Last major update

27-06-2019 - 16:26

Published

24-06-2019 - 16:15

Last modified

27-06-2019 - 16:26