VDE-2019-016

Vulnerability from csaf_phoenixcontactgmbhcokg - Published: 2019-10-15 06:17 - Updated: 2025-05-14 12:28
Summary
PHOENIX CONTACT: Security Advisory for Automation Worx Software Suite
Notes
Summary: Manipulated PC Worx or Config+ projects could lead to a remote code execution due to insufficient input data validation. The attacker needs to get access to an original PC Worx or Config+ project to be able to manipulate data inside the project folder. After manipulation the attacker needs to exchange the original files by the manipulated ones on the application programming workstation.
Impact: Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities. Automated systems in operation which were programmed with one of the above-mentioned products are not affected.
Mitigation: We strongly recommend customers to exchange project files only using secure file exchange services. Project files should not be exchanged via unencrypted email.
Remediation: With the next version of Automationworx Software Suite a sharpened validation of arrays regarding dimension and number of elements during input data conversion will be implemented. To improve the robustness against manipulated project files the input data validation will be extended. Further preventive security measures will be activated in the compiler settings.
CVE-2019-16675

An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Out-of-bounds Read and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project to be able to manipulate data inside. After manipulation, the attacker needs to exchange the original files with the manipulated ones on the application programming workstation.

7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-20 - Improper Input Validation
Mitigation We strongly recommend customers to exchange project files only using secure file exchange services. Project files should not be exchanged via unencrypted email.
Vendor Fix With the next version of Automationworx Software Suite a sharpened validation of arrays regarding dimension and number of elements during input data conversion will be implemented. To improve the robustness against manipulated project files the input data validation will be extended. Further preventive security measures will be activated in the compiler settings.
References
Acknowledgments
9sg Security Team
Zerodayinitiative
CISA
CERT@VDE certvde.com
To clipboard 

{
  "document": {
    "acknowledgments": [
      {
        "organization": "9sg Security Team",
        "summary": "researching"
      },
      {
        "organization": "Zerodayinitiative",
        "summary": "reporting"
      },
      {
        "organization": "CISA",
        "summary": "coordination"
      },
      {
        "organization": "CERT@VDE",
        "summary": "coordination",
        "urls": [
          "https://certvde.com"
        ]
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-GB",
    "notes": [
      {
        "category": "summary",
        "text": "Manipulated PC Worx or Config+ projects could lead to a remote code execution due to\ninsufficient input data validation.\nThe attacker needs to get access to an original PC Worx or Config+ project to be able to\nmanipulate data inside the project folder. After manipulation the attacker needs to exchange the\noriginal files by the manipulated ones on the application programming workstation.",
        "title": "Summary"
      },
      {
        "category": "description",
        "text": "Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities. Automated systems in operation which were programmed with one of the above-mentioned products are not affected.",
        "title": "Impact"
      },
      {
        "category": "description",
        "text": "We strongly recommend customers to exchange project files only using secure file exchange services. Project files should not be exchanged via unencrypted email.",
        "title": "Mitigation"
      },
      {
        "category": "description",
        "text": "With the next version of Automationworx Software Suite a sharpened validation of arrays regarding dimension and number of elements during input data conversion will be implemented. To improve the robustness against manipulated project files the input data validation will be extended. Further preventive security measures will be activated in the compiler settings.",
        "title": "Remediation"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@phoenixcontact.com",
      "name": "Phoenix Contact GmbH \u0026 Co. KG",
      "namespace": "https://phoenixcontact.com/psirt"
    },
    "references": [
      {
        "category": "external",
        "summary": "CERT@VDE Security Advisories for Phoenix Contact",
        "url": "https://certvde.com/en/advisories/vendor/phoenixcontact/"
      },
      {
        "category": "self",
        "summary": "VDE-2019-016: PHOENIX CONTACT: Security Advisory for Automation Worx Software Suite - HTML",
        "url": "https://certvde.com/en/advisories/VDE-2019-016"
      },
      {
        "category": "external",
        "summary": "Phoenix Contact Automationworx BCP File Parsing Memory Corruption Remote Code Execution Vulnerability",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-922/"
      },
      {
        "category": "external",
        "summary": "Phoenix Contact Automationworx MWT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability",
        "url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-8097/"
      },
      {
        "category": "self",
        "summary": "VDE-2019-016: PHOENIX CONTACT: Security Advisory for Automation Worx Software Suite - CSAF",
        "url": "https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2019/vde-2019-016.json"
      }
    ],
    "title": "PHOENIX CONTACT: Security Advisory for Automation Worx Software Suite",
    "tracking": {
      "aliases": [
        "VDE-2019-016"
      ],
      "current_release_date": "2025-05-14T12:28:19.000Z",
      "generator": {
        "date": "2024-07-15T06:41:41.016Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.8"
        }
      },
      "id": "VDE-2019-016",
      "initial_release_date": "2019-10-15T06:17:00.000Z",
      "revision_history": [
        {
          "date": "2019-10-15T06:17:00.000Z",
          "number": "1",
          "summary": "Initial revision."
        },
        {
          "date": "2024-11-06T11:27:01.000Z",
          "number": "2",
          "summary": "Fix: correct certvde domain, added self-reference"
        },
        {
          "date": "2025-05-14T12:28:19.000Z",
          "number": "3",
          "summary": "Fix: version space, added distribution"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "\u003c=1.86",
                    "product": {
                      "name": "Config + \u003c=1.86",
                      "product_id": "CSAFPID-11001"
                    }
                  }
                ],
                "category": "product_name",
                "name": "Config +"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "\u003c=1.86",
                    "product": {
                      "name": "PC Worx \u003c=1.86",
                      "product_id": "CSAFPID-11002"
                    }
                  }
                ],
                "category": "product_name",
                "name": "PC Worx"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "\u003c=1.86",
                    "product": {
                      "name": "PC Worx Express \u003c=1.86",
                      "product_id": "CSAFPID-11003"
                    }
                  }
                ],
                "category": "product_name",
                "name": "PC Worx Express"
              }
            ],
            "category": "product_family",
            "name": "Software"
          }
        ],
        "category": "vendor",
        "name": "Phoenix Contact"
      }
    ],
    "product_groups": [
      {
        "group_id": "CSAFGID-0001",
        "product_ids": [
          "CSAFPID-11001",
          "CSAFPID-11002",
          "CSAFPID-11003"
        ],
        "summary": "Affected products."
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-16675",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "audience": "all",
          "category": "description",
          "text": "An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Out-of-bounds Read and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project to be able to manipulate data inside. After manipulation, the attacker needs to exchange the original files with the manipulated ones on the application programming workstation.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-11001",
          "CSAFPID-11002",
          "CSAFPID-11003"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "We strongly recommend customers to exchange project files only using secure file exchange services. Project files should not be exchanged via unencrypted email.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "With the next version of Automationworx Software Suite a sharpened validation of arrays regarding dimension and number of elements during input data conversion will be implemented. To improve the robustness against manipulated project files the input data validation will be extended. Further preventive security measures will be activated in the compiler settings.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 7.8,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 7.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-11001",
            "CSAFPID-11002",
            "CSAFPID-11003"
          ]
        }
      ],
      "title": "CVE-2019-16675"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.