CVE-2019-12869

Name of the Vulnerable Software and Affected Versions PHOENIX CONTACT PC Worx versions 1.86 and earlier PHOENIX CONTACT PC Worx Express versions 1.86 and earlier PHOENIX CONTACT Config+ versions 1.86 and earlier

Description An issue in the affected software allows a manipulated project file to cause an Out-Of-Bounds Read, potentially leading to Information Disclosure and remote code execution. The attacker must first obtain an original project file, manipulate it, and then exchange it with the original file on the application programming workstation. This could allow a remote attacker to disclose protected information and execute arbitrary code using a managed project file.

Recommendations For PHOENIX CONTACT PC Worx versions 1.86 and earlier, consider restricting access to project files to minimize the risk of exploitation. For PHOENIX CONTACT PC Worx Express versions 1.86 and earlier, avoid using potentially manipulated project files until a fix is available. For PHOENIX CONTACT Config+ versions 1.86 and earlier, as a temporary workaround, consider disabling the use of project files from untrusted sources until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.