CVE-2019-12870

Name of the Vulnerable Software and Affected Versions PHOENIX CONTACT PC Worx versions 1.86 and earlier PHOENIX CONTACT PC Worx Express versions 1.86 and earlier PHOENIX CONTACT Config+ versions 1.86 and earlier

Description An issue was discovered that could lead to an Uninitialized Pointer and remote code execution. This occurs when a manipulated project file is used, allowing an attacker to execute arbitrary code. The attacker must first obtain an original project file, manipulate it, and then replace the original file with the manipulated one on the application programming workstation. The vulnerability is related to access to an uninitialized pointer, which can be exploited by a remote attacker to execute arbitrary code.

Recommendations For PHOENIX CONTACT PC Worx versions 1.86 and earlier, consider restricting access to project files to prevent manipulation. For PHOENIX CONTACT PC Worx Express versions 1.86 and earlier, avoid using potentially manipulated project files until a fix is available. For PHOENIX CONTACT Config+ versions 1.86 and earlier, as a temporary workaround, consider implementing additional validation checks on project files before they are used. At the moment, there is no information about a newer version that contains a fix for this vulnerability.