First published: Thu Nov 04 2021(Updated: )
Improper Input Validation vulnerability in PC Worx Automation Suite of Phoenix Contact up to version 1.88 could allow an attacker with a manipulated project file to unpack arbitrary files outside of the selected project directory.
Credit: info@cert.vde.com
Affected Software | Affected Version | How to fix |
---|---|---|
Phoenixcontact Pc Worx | <=1.88 | |
Phoenixcontact Pc Worx Express | <=1.88 |
With the next version of Automation Worx Software Suite additional plausibility checks for archive content will be implemented.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-34597 is an Improper Input Validation vulnerability in PC Worx Automation Suite of Phoenix Contact up to version 1.88.
CVE-2021-34597 could allow an attacker with a manipulated project file to unpack arbitrary files outside of the selected project directory.
The severity of CVE-2021-34597 is high (CVSS score: 7.8).
PC Worx Automation Suite of Phoenix Contact up to version 1.88 and PC Worx Express up to version 1.88 are affected by CVE-2021-34597.
To fix CVE-2021-34597, it is recommended to update PC Worx Automation Suite and PC Worx Express to a version beyond 1.88.