Article No° | Product Name | Affected Version(s) |
---|---|---|
PC Worx | <= 1.87 | |
PC Worx Express | <= 1.87 |
Manipulated PC Worx projects could lead to a remote code execution due to insufficient input
data validation.
The attacker needs to get access to an original PC Worx project to be able to manipulate data
inside the project folder. After manipulation the attacker needs to exchange the original files by
the manipulated ones on the application programming workstation.
PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier can lead to a stack-based overflow. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation.
mwe file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier is vulnerable to out-of-bounds read remote code execution. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation.
Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities.
Automated systems in operation which were programmed with one of the above-mentioned products are not affected.
We strongly recommend customers to exchange project files only using secure file exchange services. Project files should not be exchanged via unencrypted email.
In addition, we recommend exchanging or storing project files together with a checksum to ensure their integrity.
With the next version of Automation Worx Software Suite a sharpened input data validation with respect to buffer size and description of size and number of objects referenced in a file will be implemented.
ZDI-CAN-10147 was discovered by Natnael Samson working with Trend Micro Zero Day Initiative
ZDI-CAN-10586 was discovered by mdm working with Trend Micro Zero Day Initiative
Phoenix Contact reported the vulnerabilities to CERT@VDE.