Share: Email | Twitter

ID

VDE-2021-052

Published

2021-11-03 09:45 (CET)

Last update

2021-11-03 09:45 (CET)

Vendor(s)

PHOENIX CONTACT GmbH & Co. KG

Product(s)

Article No° Product Name Affected Version(s)
PC Worx <= 1.88
PC Worx Express <= 1.88

Summary

PC Worx / -Express is vulnerable to a “zip slip” style vulnerability when loading a project file.


Last Update:

Nov. 17, 2022, 1:09 p.m.

Weakness

Improper Input Validation  (CWE-20) 

Summary

Improper Input Validation vulnerability in PC Worx Automation Suite of Phoenix Contact up to version 1.88 could allow an attacker with a manipulated project file to unpack arbitrary files outside of the selected project directory.

Impact

Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities.
Automated systems in operation which were programmed with one of the above-mentioned products are not affected.

Solution

Mitigation

We strongly recommend customers to exchange project files only using secure file exchange services. Project files should not be exchanged via unencrypted email.
In addition, we recommend exchanging or storing project files together with a checksum to ensure their integrity.

Remediation

With the next version of Automation Worx Software Suite additional plausibility checks for archive content will be implemented.

Reported by

The vulnerability was discovered by Jake Baines of Dragos Inc.
We kindly appreciate the coordinated disclosure of these vulnerabilities by the finder.

PHOENIX CONTACT thanks CERT@VDE for the coordination and support with this publication.