CVE-2019-16675

Name of the Vulnerable Software and Affected Versions PHOENIX CONTACT PC Worx versions 1.86 and earlier PHOENIX CONTACT PC Worx Express versions 1.86 and earlier PHOENIX CONTACT Config+ versions 1.86 and earlier

Description An issue was discovered that could lead to an Out-of-bounds Read and remote code execution. This occurs when a manipulated project file is used, which can happen if an attacker gains access to an original project file, manipulates the data, and then exchanges the original file with the manipulated one on the application programming workstation.

Recommendations For PHOENIX CONTACT PC Worx versions 1.86 and earlier, consider restricting access to project files to prevent manipulation. For PHOENIX CONTACT PC Worx Express versions 1.86 and earlier, avoid using potentially manipulated project files until a fix is available. For PHOENIX CONTACT Config+ versions 1.86 and earlier, as a temporary workaround, consider validating all project files before use to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.