ID CVE-2020-12497
Summary PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier can lead to a stack-based overflow. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation.
References
Vulnerable Configurations
  • cpe:2.3:a:phoenixcontact:pc_worx:-:*:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx:-:*:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx:1.10:*:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx:1.10:*:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx:1.20:sp2:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx:1.20:sp2:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx:1.20:sp2_hotfix1:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx:1.20:sp2_hotfix1:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx:1.23:*:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx:1.23:*:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx:1.30:-:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx:1.30:-:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx:1.30:sp1:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx:1.30:sp1:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx:1.30:sp2:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx:1.30:sp2:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx:1.30:sp2_hotfix1:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx:1.30:sp2_hotfix1:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx:1.30:sp2_hotfix4:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx:1.30:sp2_hotfix4:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx:1.40:-:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx:1.40:-:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx:1.40:hotfix1:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx:1.40:hotfix1:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx:1.40:sp1:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx:1.40:sp1:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx:1.40:sp4:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx:1.40:sp4:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx:1.40:sp4_hotfix2:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx:1.40:sp4_hotfix2:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx:1.50:-:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx:1.50:-:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx:1.50:hotfix1:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx:1.50:hotfix1:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx:1.50:sp1:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx:1.50:sp1:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx:1.50:sp2:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx:1.50:sp2:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx:1.50:sp3:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx:1.50:sp3:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx:1.50:sp3_hotfix1:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx:1.50:sp3_hotfix1:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx:1.50:sp3_hotfix2:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx:1.50:sp3_hotfix2:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx:1.60:-:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx:1.60:-:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx:1.60:sp1:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx:1.60:sp1:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx:1.60:sp1_hotfix4:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx:1.60:sp1_hotfix4:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx:1.60:sp2:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx:1.60:sp2:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx:1.70:-:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx:1.70:-:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx:1.70:sp1:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx:1.70:sp1:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx:1.70:sp2:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx:1.70:sp2:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx:1.70:sp2_hotfix1:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx:1.70:sp2_hotfix1:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx:1.70:sp2_hotfix2:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx:1.70:sp2_hotfix2:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx:1.80:*:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx:1.80:*:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx:1.81:-:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx:1.81:-:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx:1.81:v1:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx:1.81:v1:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx:1.81:v2:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx:1.81:v2:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx:1.81:v3:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx:1.81:v3:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx:1.82:-:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx:1.82:-:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx:1.82:v1:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx:1.82:v1:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx:1.83:-:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx:1.83:-:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx:1.83:hotfix3:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx:1.83:hotfix3:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx:1.84:*:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx:1.84:*:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx:1.85:-:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx:1.85:-:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx:1.85:hotfix1:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx:1.85:hotfix1:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx:1.85:hotfix2:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx:1.85:hotfix2:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx:1.86:*:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx:1.86:*:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx:1.87:*:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx:1.87:*:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx_express:-:*:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx_express:-:*:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx_express:1.10:*:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx_express:1.10:*:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx_express:1.20:sp2:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx_express:1.20:sp2:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx_express:1.20:sp2_hotfix1:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx_express:1.20:sp2_hotfix1:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx_express:1.23:*:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx_express:1.23:*:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx_express:1.30:-:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx_express:1.30:-:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx_express:1.30:sp1:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx_express:1.30:sp1:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx_express:1.30:sp2:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx_express:1.30:sp2:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx_express:1.30:sp2_hotfix1:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx_express:1.30:sp2_hotfix1:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx_express:1.30:sp2_hotfix4:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx_express:1.30:sp2_hotfix4:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx_express:1.40:-:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx_express:1.40:-:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx_express:1.40:hotfix1:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx_express:1.40:hotfix1:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx_express:1.40:sp1:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx_express:1.40:sp1:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx_express:1.40:sp4:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx_express:1.40:sp4:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx_express:1.40:sp4_hotfix2:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx_express:1.40:sp4_hotfix2:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx_express:1.50:-:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx_express:1.50:-:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx_express:1.50:hotfix1:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx_express:1.50:hotfix1:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx_express:1.50:sp1:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx_express:1.50:sp1:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx_express:1.50:sp2:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx_express:1.50:sp2:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx_express:1.50:sp3:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx_express:1.50:sp3:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx_express:1.50:sp3_hotfix1:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx_express:1.50:sp3_hotfix1:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx_express:1.50:sp3_hotfix2:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx_express:1.50:sp3_hotfix2:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx_express:1.60:-:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx_express:1.60:-:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx_express:1.60:sp1:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx_express:1.60:sp1:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx_express:1.60:sp1_hotfix4:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx_express:1.60:sp1_hotfix4:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx_express:1.60:sp2:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx_express:1.60:sp2:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx_express:1.70:-:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx_express:1.70:-:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx_express:1.70:sp1:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx_express:1.70:sp1:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx_express:1.70:sp2:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx_express:1.70:sp2:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx_express:1.70:sp2_hotfix1:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx_express:1.70:sp2_hotfix1:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx_express:1.70:sp2_hotfix2:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx_express:1.70:sp2_hotfix2:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx_express:1.80:*:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx_express:1.80:*:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx_express:1.81:-:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx_express:1.81:-:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx_express:1.81:v1:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx_express:1.81:v1:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx_express:1.81:v2:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx_express:1.81:v2:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx_express:1.81:v3:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx_express:1.81:v3:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx_express:1.82:-:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx_express:1.82:-:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx_express:1.82:v1:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx_express:1.82:v1:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx_express:1.83:-:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx_express:1.83:-:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx_express:1.83:hotfix3:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx_express:1.83:hotfix3:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx_express:1.84:*:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx_express:1.84:*:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx_express:1.85:-:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx_express:1.85:-:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx_express:1.85:hotfix1:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx_express:1.85:hotfix1:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx_express:1.85:hotfix2:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx_express:1.85:hotfix2:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx_express:1.86:*:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx_express:1.86:*:*:*:*:*:*:*
  • cpe:2.3:a:phoenixcontact:pc_worx_express:1.87:*:*:*:*:*:*:*
    cpe:2.3:a:phoenixcontact:pc_worx_express:1.87:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 28-01-2023 - 01:36)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
refmap via4
confirm https://cert.vde.com/de-de/advisories/vde-2020-023
misc https://www.zerodayinitiative.com/advisories/ZDI-20-825/
Last major update 28-01-2023 - 01:36
Published 01-07-2020 - 16:15
Last modified 28-01-2023 - 01:36
Back to Top