CVE-2020-12497
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier can lead to a stack-based overflow. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Phoenix Contact | Automation Worx | unspecified <= 1.87 | affected |
| Phoenix Contact | Automation Worx Express | unspecified <= 1.87 | affected |
Weaknesses
- CWE-121: CWE-121 Stack-based Buffer Overflow
Workarounds
We strongly recommend customers to exchange project files only using secure file exchange services. Project files should not be exchanged via unencrypted email. In addition, we recommend exchanging or storing project files together with a checksum to ensure their integrity.
ADP Enrichment
CVE Program Container
Additional References
- https://cert.vde.com/de-de/advisories/vde-2020-023
- https://www.zerodayinitiative.com/advisories/ZDI-20-825/
- https://www.zerodayinitiative.com/advisories/ZDI-21-398/
References
- https://cert.vde.com/de-de/advisories/vde-2020-023
- https://www.zerodayinitiative.com/advisories/ZDI-20-825/
- https://www.zerodayinitiative.com/advisories/ZDI-21-398/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.