CVE-2021-34597

Summary

Improper Input Validation vulnerability in PC Worx Automation Suite of Phoenix Contact up to version 1.88 could allow an attacker with a manipulated project file to unpack arbitrary files outside of the selected project directory.

Affected Software

VendorProductVersion RangeStatus
Phoenix ContactPC WorxPC Worx <= 1.88affected
Phoenix ContactPC WorxPC Worx-Express <= 1.88affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

Workarounds

Temporary Fix / Mitigation We strongly recommend customers to exchange project files only using secure file exchange services. Project files should not be exchanged via unencrypted email. In addition, we recommend exchanging or storing project files together with a checksum to ensure their integrity.

ADP Enrichment

CVE Program Container

Additional References

References