Summary
A manipulated PC Worx or Config+ project file could lead to a remote code execution.\
The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation the attacker needs to exchange the original file by the manipulated one on the application programming workstation.
Impact
Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities.\
Automated systems in operation which were programmed with one of the above-mentioned products are not affected.
Affected Product(s)
| Model no. | Product name | Affected versions |
|---|---|---|
| Config + <=1.86 | Config + <=1.86 | |
| PC Worx <=1.86 | PC Worx <=1.86 | |
| PC Worx Express <=1.86 | PC Worx Express <=1.86 |
Vulnerabilities
Expand / Collapse allAn issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Out-Of-Bounds Read, Information Disclosure, and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation, the attacker needs to exchange the original file with the manipulated one on the application programming workstation.
An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to a Use-After-Free and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation, the attacker needs to exchange the original file with the manipulated one on the application programming workstation.
An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Uninitialized Pointer and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation, the attacker needs to exchange the original file with the manipulated one on the application programming workstation.
Mitigation
We strongly recommend customers to exchange project files only using secure file exchange services.\
Project files should not be exchanged via unencrypted email.
Remediation
With the next version of Automationworx Software Suite the following measures will be implemented:
The zlib component will be updated to the latest version (1.2.11.0). By utilizing the latest version of zlib a manipulated BCP file is detected as corrupt. The unpacking operation is aborted and therefor the remote code execution is precluded.\
The validation of input data will be improved.\
Objects in the affected software components will be completely initialized.\
Further 3rd party components will be checked for known vulnerabilities and will be exchanged or updated if required.\
General preventive security measures will be implemented such as address space layout randomization.
Revision History
| Version | Date | Summary |
|---|---|---|
| 1 | 06/19/2019 14:41 | Initial revision. |
| 2 | 11/06/2024 12:27 | Fix: correct certvde domain, added self-reference |
| 3 | 05/14/2025 14:28 | Fix: version space, added distribution |