CVE-2020-12497

Summary

PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier can lead to a stack-based overflow. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation.

Affected Software

VendorProductVersion RangeStatus
Phoenix ContactAutomation Worxunspecified <= 1.87affected
Phoenix ContactAutomation Worx Expressunspecified <= 1.87affected

Weaknesses

  • CWE-121: CWE-121 Stack-based Buffer Overflow

Workarounds

We strongly recommend customers to exchange project files only using secure file exchange services. Project files should not be exchanged via unencrypted email. In addition, we recommend exchanging or storing project files together with a checksum to ensure their integrity.

ADP Enrichment

CVE Program Container

Additional References

References