First published: Mon Jun 24 2019(Updated: )
An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Uninitialized Pointer and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation, the attacker needs to exchange the original file with the manipulated one on the application programming workstation.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Phoenixcontact Automationworx Software Suite | <=1.86 | |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2019-12870.
The Phoenix Contact Automationworx software suite version 1.86 is affected by this vulnerability.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Phoenix Contact Automationworx.
User interaction is required to exploit this vulnerability, such as visiting a malicious page or opening a malicious file.
The severity level of CVE-2019-12870 is high with a CVSS score of 8.8.