CVE-2019-12871

Name of the Vulnerable Software and Affected Versions PHOENIX CONTACT PC Worx versions 1.86 and earlier PHOENIX CONTACT PC Worx Express versions 1.86 and earlier PHOENIX CONTACT Config+ versions 1.86 and earlier

Description The issue is related to a Use-After-Free condition that can lead to remote code execution. It involves manipulating a PC Worx or Config+ project file, which requires access to an original file. After manipulation, the attacker must replace the original file with the manipulated one on the application programming workstation. The vulnerability is associated with the use of memory after it has been freed, potentially allowing a remote attacker to execute arbitrary code.

Recommendations For PHOENIX CONTACT PC Worx versions 1.86 and earlier, consider restricting access to project files to prevent manipulation. For PHOENIX CONTACT PC Worx Express versions 1.86 and earlier, avoid exchanging project files from untrusted sources. For PHOENIX CONTACT Config+ versions 1.86 and earlier, limit access to the application programming workstation to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.