VDE-2019-014

Vulnerability from csaf_phoenixcontactgmbhcokg - Published: 2019-06-19 12:41 - Updated: 2025-05-14 12:28
Summary
PHOENIX CONTACT: Multiple Vulnerabilities in Automation Worx Software Suite
Notes
Summary: A manipulated PC Worx or Config+ project file could lead to a remote code execution.\ The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation the attacker needs to exchange the original file by the manipulated one on the application programming workstation.
Impact: Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities.\ Automated systems in operation which were programmed with one of the above-mentioned products are not affected.
Mitigation: We strongly recommend customers to exchange project files only using secure file exchange services.\ Project files should not be exchanged via unencrypted email.
Remediation: With the next version of Automationworx Software Suite the following measures will be implemented: The zlib component will be updated to the latest version (1.2.11.0). By utilizing the latest version of zlib a manipulated BCP file is detected as corrupt. The unpacking operation is aborted and therefor the remote code execution is precluded.\ The validation of input data will be improved.\ Objects in the affected software components will be completely initialized.\ Further 3rd party components will be checked for known vulnerabilities and will be exchanged or updated if required.\ General preventive security measures will be implemented such as address space layout randomization.
CVE-2019-12870

An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Uninitialized Pointer and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation, the attacker needs to exchange the original file with the manipulated one on the application programming workstation.

8.8 (High)
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-824 - Access of Uninitialized Pointer
Mitigation We strongly recommend customers to exchange project files only using secure file exchange services.\ Project files should not be exchanged via unencrypted email.
Vendor Fix With the next version of Automationworx Software Suite the following measures will be implemented: The zlib component will be updated to the latest version (1.2.11.0). By utilizing the latest version of zlib a manipulated BCP file is detected as corrupt. The unpacking operation is aborted and therefor the remote code execution is precluded.\ The validation of input data will be improved.\ Objects in the affected software components will be completely initialized.\ Further 3rd party components will be checked for known vulnerabilities and will be exchanged or updated if required.\ General preventive security measures will be implemented such as address space layout randomization.
CVE-2019-12871

An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to a Use-After-Free and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation, the attacker needs to exchange the original file with the manipulated one on the application programming workstation.

8.8 (High)
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-416 - Use After Free
Mitigation We strongly recommend customers to exchange project files only using secure file exchange services.\ Project files should not be exchanged via unencrypted email.
Vendor Fix With the next version of Automationworx Software Suite the following measures will be implemented: The zlib component will be updated to the latest version (1.2.11.0). By utilizing the latest version of zlib a manipulated BCP file is detected as corrupt. The unpacking operation is aborted and therefor the remote code execution is precluded.\ The validation of input data will be improved.\ Objects in the affected software components will be completely initialized.\ Further 3rd party components will be checked for known vulnerabilities and will be exchanged or updated if required.\ General preventive security measures will be implemented such as address space layout randomization.
CVE-2019-12869

An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Out-Of-Bounds Read, Information Disclosure, and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation, the attacker needs to exchange the original file with the manipulated one on the application programming workstation.

8.8 (High)
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-125 - Out-of-bounds Read
Mitigation We strongly recommend customers to exchange project files only using secure file exchange services.\ Project files should not be exchanged via unencrypted email.
Vendor Fix With the next version of Automationworx Software Suite the following measures will be implemented: The zlib component will be updated to the latest version (1.2.11.0). By utilizing the latest version of zlib a manipulated BCP file is detected as corrupt. The unpacking operation is aborted and therefor the remote code execution is precluded.\ The validation of input data will be improved.\ Objects in the affected software components will be completely initialized.\ Further 3rd party components will be checked for known vulnerabilities and will be exchanged or updated if required.\ General preventive security measures will be implemented such as address space layout randomization.
References
Acknowledgments
CERT@VDE certvde.com
NCCIC
Zerodayinitiative
9sg Security Team
To clipboard 

{
  "document": {
    "acknowledgments": [
      {
        "organization": "CERT@VDE",
        "summary": "coordination",
        "urls": [
          "https://certvde.com"
        ]
      },
      {
        "organization": "NCCIC",
        "summary": "coordination"
      },
      {
        "organization": "Zerodayinitiative",
        "summary": "reporting"
      },
      {
        "organization": "9sg Security Team",
        "summary": "researching"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-GB",
    "notes": [
      {
        "category": "summary",
        "text": "A manipulated PC Worx or Config+ project file could lead to a remote code execution.\\\nThe attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation the attacker needs to exchange the original file by the manipulated one on the application programming workstation.",
        "title": "Summary"
      },
      {
        "category": "description",
        "text": "Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities.\\\nAutomated systems in operation which were programmed with one of the above-mentioned products are not affected.",
        "title": "Impact"
      },
      {
        "category": "description",
        "text": "We strongly recommend customers to exchange project files only using secure file exchange services.\\\nProject files should not be exchanged via unencrypted email.",
        "title": "Mitigation"
      },
      {
        "category": "description",
        "text": "With the next version of Automationworx Software Suite the following measures will be implemented:\n\nThe zlib component will be updated to the latest version (1.2.11.0). By utilizing the latest version of zlib a manipulated BCP file is detected as corrupt. The unpacking operation is aborted and therefor the remote code execution is precluded.\\\nThe validation of input data will be improved.\\\nObjects in the affected software components will be completely initialized.\\\nFurther 3rd party components will be checked for known vulnerabilities and will be exchanged or updated if required.\\\nGeneral preventive security measures will be implemented such as address space layout randomization.",
        "title": "Remediation"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@phoenixcontact.com",
      "name": "Phoenix Contact GmbH \u0026 Co. KG",
      "namespace": "https://phoenixcontact.com/psirt"
    },
    "references": [
      {
        "category": "external",
        "summary": "CERT@VDE Security Advisories for Phoenix Contact",
        "url": "https://certvde.com/en/advisories/vendor/phoenixcontact"
      },
      {
        "category": "self",
        "summary": "VDE-2019-014: PHOENIX CONTACT: Multiple Vulnerabilities in Automation Worx Software Suite - HTML",
        "url": "https://certvde.com/en/advisories/VDE-2019-014"
      },
      {
        "category": "self",
        "summary": "VDE-2019-014: PHOENIX CONTACT: Multiple Vulnerabilities in Automation Worx Software Suite - CSAF",
        "url": "https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2019/vde-2019-014.json"
      }
    ],
    "title": "PHOENIX CONTACT: Multiple Vulnerabilities in Automation Worx Software Suite",
    "tracking": {
      "aliases": [
        "VDE-2019-014"
      ],
      "current_release_date": "2025-05-14T12:28:19.000Z",
      "generator": {
        "date": "2024-09-02T12:35:39.599Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.11"
        }
      },
      "id": "VDE-2019-014",
      "initial_release_date": "2019-06-19T12:41:00.000Z",
      "revision_history": [
        {
          "date": "2019-06-19T12:41:00.000Z",
          "number": "1",
          "summary": "Initial revision."
        },
        {
          "date": "2024-11-06T11:27:01.000Z",
          "number": "2",
          "summary": "Fix: correct certvde domain, added self-reference"
        },
        {
          "date": "2025-05-14T12:28:19.000Z",
          "number": "3",
          "summary": "Fix: version space, added distribution"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "\u003c=1.86",
                    "product": {
                      "name": "Config + \u003c=1.86",
                      "product_id": "CSAFPID-11001"
                    }
                  }
                ],
                "category": "product_name",
                "name": "Config +"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "\u003c=1.86",
                    "product": {
                      "name": "PC Worx \u003c=1.86",
                      "product_id": "CSAFPID-11002"
                    }
                  }
                ],
                "category": "product_name",
                "name": "PC Worx"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "\u003c=1.86",
                    "product": {
                      "name": "PC Worx Express \u003c=1.86",
                      "product_id": "CSAFPID-11003"
                    }
                  }
                ],
                "category": "product_name",
                "name": "PC Worx Express"
              }
            ],
            "category": "product_family",
            "name": "Software"
          }
        ],
        "category": "vendor",
        "name": "Phoenix Contact"
      }
    ],
    "product_groups": [
      {
        "group_id": "CSAFGID-0001",
        "product_ids": [
          "CSAFPID-11001",
          "CSAFPID-11002",
          "CSAFPID-11003"
        ],
        "summary": "Affected products."
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-12870",
      "cwe": {
        "id": "CWE-824",
        "name": "Access of Uninitialized Pointer"
      },
      "notes": [
        {
          "audience": "all",
          "category": "description",
          "text": "An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Uninitialized Pointer and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation, the attacker needs to exchange the original file with the manipulated one on the application programming workstation.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-11001",
          "CSAFPID-11002",
          "CSAFPID-11003"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "We strongly recommend customers to exchange project files only using secure file exchange services.\\\nProject files should not be exchanged via unencrypted email.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "With the next version of Automationworx Software Suite the following measures will be implemented:\n\nThe zlib component will be updated to the latest version (1.2.11.0). By utilizing the latest version of zlib a manipulated BCP file is detected as corrupt. The unpacking operation is aborted and therefor the remote code execution is precluded.\\\nThe validation of input data will be improved.\\\nObjects in the affected software components will be completely initialized.\\\nFurther 3rd party components will be checked for known vulnerabilities and will be exchanged or updated if required.\\\nGeneral preventive security measures will be implemented such as address space layout randomization.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 8.8,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 8.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-11001",
            "CSAFPID-11002",
            "CSAFPID-11003"
          ]
        }
      ],
      "title": "CVE-2019-12870"
    },
    {
      "cve": "CVE-2019-12871",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "audience": "all",
          "category": "description",
          "text": "An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to a Use-After-Free and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation, the attacker needs to exchange the original file with the manipulated one on the application programming workstation.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-11001",
          "CSAFPID-11002",
          "CSAFPID-11003"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "We strongly recommend customers to exchange project files only using secure file exchange services.\\\nProject files should not be exchanged via unencrypted email.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "With the next version of Automationworx Software Suite the following measures will be implemented:\n\nThe zlib component will be updated to the latest version (1.2.11.0). By utilizing the latest version of zlib a manipulated BCP file is detected as corrupt. The unpacking operation is aborted and therefor the remote code execution is precluded.\\\nThe validation of input data will be improved.\\\nObjects in the affected software components will be completely initialized.\\\nFurther 3rd party components will be checked for known vulnerabilities and will be exchanged or updated if required.\\\nGeneral preventive security measures will be implemented such as address space layout randomization.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 8.8,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 8.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-11001",
            "CSAFPID-11002",
            "CSAFPID-11003"
          ]
        }
      ],
      "title": "CVE-2019-12871"
    },
    {
      "cve": "CVE-2019-12869",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "audience": "all",
          "category": "description",
          "text": "An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Out-Of-Bounds Read, Information Disclosure, and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation, the attacker needs to exchange the original file with the manipulated one on the application programming workstation.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-11001",
          "CSAFPID-11002",
          "CSAFPID-11003"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "We strongly recommend customers to exchange project files only using secure file exchange services.\\\nProject files should not be exchanged via unencrypted email.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "With the next version of Automationworx Software Suite the following measures will be implemented:\n\nThe zlib component will be updated to the latest version (1.2.11.0). By utilizing the latest version of zlib a manipulated BCP file is detected as corrupt. The unpacking operation is aborted and therefor the remote code execution is precluded.\\\nThe validation of input data will be improved.\\\nObjects in the affected software components will be completely initialized.\\\nFurther 3rd party components will be checked for known vulnerabilities and will be exchanged or updated if required.\\\nGeneral preventive security measures will be implemented such as address space layout randomization.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 8.8,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 8.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-11001",
            "CSAFPID-11002",
            "CSAFPID-11003"
          ]
        }
      ],
      "title": "CVE-2019-12869"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.