Your one-stop web resource providing safety and security information to manufacturers

Phoenix Contact is currently working on the next version of the Automation Worx Software Suite, which will take care of access of uninitialized pointer, out-of-bounds read, and use after free vulnerabilities, according to a report with NCCIC.

Successful exploitation of these remotely exploitable vulnerabilities could allow an attacker, with access to an original PC Worx or Config+ project file, to perform remote code execution. 9sg Security Team working with Trend Micro’s Zero Day Initiative discovered the vulnerabilities.

RELATED STORIES
BD Alaris Fixes Gateway Workstation
Johnson Controls Fixes exacqVision Hole
WAGO Clears Managed Switch Holes
Siemens Clears SCALANCE X Hole

The following components of Automation Worx Software Suite Version 1.86 and earlier are affected:
• PC Worx
• PC Worx Express
• Config+

In one vulnerability, an access of uninitialized pointer vulnerability may allow remote code execution.

Cyber Security

CVE-2019-12870 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.8.

In addition, there is an out-of-bounds read vulnerability may allow remote code execution.

CVE-2019-12869 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 3.3.

Also there is a use after free vulnerability may allow remote code execution.

CVE-2019-12871 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.8.

The product sees use mainly in the critical manufacturing sector. It sees action on a global basis.

No known public exploits specifically target these vulnerabilities. However, an attacker with low skill level could leverage the vulnerabilities.

Phoenix Contact is currently working on the next version of the Automation Worx Software Suite.

Phoenix Contact recommends users exchange project files using only secure file exchange services, and project files should not be exchanged via unencrypted email.

Pin It on Pinterest

Share This