Vulnerability Description
An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to a Use-After-Free and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation, the attacker needs to exchange the original file with the manipulated one on the application programming workstation.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Phoenixcontact | Automationworx Software Suite | <= 1.86 |
Related Weaknesses (CWE)
References
- https://cert.vde.com/en-us/advisories/vde-2019-014Third Party Advisory
- https://www.zerodayinitiative.com/advisories/ZDI-19-578/Third Party AdvisoryVDB Entry
- https://cert.vde.com/en-us/advisories/vde-2019-014Third Party Advisory
- https://www.zerodayinitiative.com/advisories/ZDI-19-578/Third Party AdvisoryVDB Entry
FAQ
What is CVE-2019-12871?
CVE-2019-12871 is a vulnerability with a CVSS score of 8.8 (HIGH). An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to a Use-After-Free an...
How severe is CVE-2019-12871?
CVE-2019-12871 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-12871?
Check the references section above for vendor advisories and patch information. Affected products include: Phoenixcontact Automationworx Software Suite.