First published: Mon Jun 24 2019(Updated: )
An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Out-Of-Bounds Read, Information Disclosure, and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation, the attacker needs to exchange the original file with the manipulated one on the application programming workstation.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Phoenixcontact Automationworx Software Suite | <=1.86 | |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2019-12869.
The severity of CVE-2019-12869 is high with a severity value of 8.8.
The affected software for CVE-2019-12869 is Phoenix Contact Automationworx.
This vulnerability can be exploited by remote attackers who can disclose sensitive information by tricking the target to visit a malicious page or open a malicious file.
Yes, there are references available for CVE-2019-12869. You can find them at: [https://cert.vde.com/en-us/advisories/vde-2019-014](https://cert.vde.com/en-us/advisories/vde-2019-014) and [https://www.zerodayinitiative.com/advisories/ZDI-19-579/](https://www.zerodayinitiative.com/advisories/ZDI-19-579/)