cnvd - cnvd-2020-38414

cnvd-2020-38414

Vulnerability from cnvd

Title: Phoenix Contact PC Worx和Worx Express缓冲区溢出漏洞（CNVD-2020-38414）

Description:

Phoenix Contact PC Worx和Phoenix Contact PC Worx Express都是德国菲尼克斯电气（Phoenix Contact）公司的一套用于PLC（可编程逻辑控制器）的编程软件。

Phoenix Contact PC Worx和PC Worx Express 1.87及之前版本中的PLCopen XML文件解析存在缓冲区溢出漏洞，该漏洞源于程序未充分验证输入数据。远程攻击者可利用该漏洞执行代码。

Severity: 中

Formal description:

目前厂商暂未发布修复措施解决此安全问题，建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法： https://www.phoenixcontact.com/

Reference: https://nvd.nist.gov/vuln/detail/CVE-2020-12497

Impacted products

Name
['PHOENIX CONTACT PC Worx <=1.87', 'PHOENIX CONTACT PC Worx Express <=1.87']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-12497"
    }
  },
  "description": "Phoenix Contact PC Worx\u548cPhoenix Contact PC Worx Express\u90fd\u662f\u5fb7\u56fd\u83f2\u5c3c\u514b\u65af\u7535\u6c14\uff08Phoenix Contact\uff09\u516c\u53f8\u7684\u4e00\u5957\u7528\u4e8ePLC\uff08\u53ef\u7f16\u7a0b\u903b\u8f91\u63a7\u5236\u5668\uff09\u7684\u7f16\u7a0b\u8f6f\u4ef6\u3002\n\nPhoenix Contact PC Worx\u548cPC Worx Express 1.87\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u7684PLCopen XML\u6587\u4ef6\u89e3\u6790\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u5145\u5206\u9a8c\u8bc1\u8f93\u5165\u6570\u636e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4ee3\u7801\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u6682\u672a\u53d1\u5e03\u4fee\u590d\u63aa\u65bd\u89e3\u51b3\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u6216\u53c2\u8003\u7f51\u5740\u4ee5\u83b7\u53d6\u89e3\u51b3\u529e\u6cd5\uff1a\r\nhttps://www.phoenixcontact.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-38414",
  "openTime": "2020-07-13",
  "products": {
    "product": [
      "PHOENIX CONTACT PC Worx \u003c=1.87",
      "PHOENIX CONTACT PC Worx Express \u003c=1.87"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-12497",
  "serverity": "\u4e2d",
  "submitTime": "2020-07-02",
  "title": "Phoenix Contact PC Worx\u548cWorx Express\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2020-38414\uff09"
}

CVE-2020-12497 (GCVE-0-2020-12497)

Vulnerability from cvelistv5

Published

2020-07-01 15:52

Modified

2024-08-04 11:56

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-121 - Stack-based Buffer Overflow

Summary

PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier can lead to a stack-based overflow. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation.

References

▼	URL	Tags
	https://cert.vde.com/de-de/advisories/vde-2020-023	x_refsource_CONFIRM
	https://www.zerodayinitiative.com/advisories/ZDI-20-825/	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-21-398/	x_refsource_MISC

Impacted products

Vendor

Product

Version

▼

Phoenix Contact

Automation Worx

Version: unspecified <

Phoenix Contact

Automation Worx Express

Version: unspecified <

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:56:52.059Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert.vde.com/de-de/advisories/vde-2020-023"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-825/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-398/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Automation Worx",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThanOrEqual": "1.87",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Automation Worx Express",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThanOrEqual": "1.87",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "reported by Natnael Samson working with Trend Micro Zero Day Initiative, Phoenix Contact reported to CERT@VDE"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier can lead to a stack-based overflow. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-31T09:06:17",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert.vde.com/de-de/advisories/vde-2020-023"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-825/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-398/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "With the next version of Automation Worx Software Suite (Version \u003e 1.87) a sharpened input data validation with respect to buffer size and description of size and number of objects referenced in a file will be implemented."
        }
      ],
      "source": {
        "defect": [
          "VDE-2020-023"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Phoenix Contact Automation Worx \u003c= 1.87: stack-based overflow",
      "workarounds": [
        {
          "lang": "en",
          "value": "We strongly recommend customers to exchange project files only using secure file exchange services. Project files should not be exchanged via unencrypted email.\nIn addition, we recommend exchanging or storing project files together with a checksum to ensure their integrity."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "info@cert.vde.com",
          "ID": "CVE-2020-12497",
          "STATE": "PUBLIC",
          "TITLE": "Phoenix Contact Automation Worx \u003c= 1.87: stack-based overflow"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Automation Worx",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "1.87"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Automation Worx Express",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "1.87"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Phoenix Contact"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "reported by Natnael Samson working with Trend Micro Zero Day Initiative, Phoenix Contact reported to CERT@VDE"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier can lead to a stack-based overflow. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-121 Stack-based Buffer Overflow"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert.vde.com/de-de/advisories/vde-2020-023",
              "refsource": "CONFIRM",
              "url": "https://cert.vde.com/de-de/advisories/vde-2020-023"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-825/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-825/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-398/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-398/"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "With the next version of Automation Worx Software Suite (Version \u003e 1.87) a sharpened input data validation with respect to buffer size and description of size and number of objects referenced in a file will be implemented."
          }
        ],
        "source": {
          "defect": [
            "VDE-2020-023"
          ],
          "discovery": "EXTERNAL"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "We strongly recommend customers to exchange project files only using secure file exchange services. Project files should not be exchanged via unencrypted email.\nIn addition, we recommend exchanging or storing project files together with a checksum to ensure their integrity."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2020-12497",
    "datePublished": "2020-07-01T15:52:35",
    "dateReserved": "2020-04-30T00:00:00",
    "dateUpdated": "2024-08-04T11:56:52.059Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted