PT-2020-5909 · Phoenix Contact · Pc Worx Express+1
Mdm
·
Published
2020-07-01
·
Updated
2020-07-10
·
CVE-2020-12498
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier
Description:
The issue is related to
mwe file parsing in Phoenix Contact PC Worx and PC Worx Express, which is vulnerable to out-of-bounds read remote code execution. This is due to insufficient input data validation, allowing manipulated PC Worx projects to potentially lead to remote code execution. The vulnerability is associated with a buffer read beyond its boundaries, which could enable an attacker to execute arbitrary code.Recommendations:
For versions 1.87 and earlier, update to a version later than 1.87 to resolve the issue.
As a temporary workaround, consider restricting the use of
mwe file parsing in PC Worx and PC Worx Express until a patch is available.
Avoid using manipulated PC Worx projects to minimize the risk of exploitation.Fix
Out of bounds Read
Stack Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Pc Worx
Pc Worx Express