CVE-2021-34597
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Improper Input Validation vulnerability in PC Worx Automation Suite of Phoenix Contact up to version 1.88 could allow an attacker with a manipulated project file to unpack arbitrary files outside of the selected project directory.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Phoenix Contact | PC Worx | PC Worx <= 1.88 | affected |
| Phoenix Contact | PC Worx | PC Worx-Express <= 1.88 | affected |
Weaknesses
- CWE-20: CWE-20 Improper Input Validation
Workarounds
Temporary Fix / Mitigation We strongly recommend customers to exchange project files only using secure file exchange services. Project files should not be exchanged via unencrypted email. In addition, we recommend exchanging or storing project files together with a checksum to ensure their integrity.
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.