Vulnerabilities > CVE-2019-12870 - Access of Uninitialized Pointer vulnerability in Phoenixcontact Automationworx Software Suite

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

phoenixcontact

CWE-824

NVD

Published: 2019-06-24

Updated: 2019-06-27

Summary

An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Uninitialized Pointer and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation, the attacker needs to exchange the original file with the manipulated one on the application programming workstation.

Vulnerable Configurations

Part	Description	Count
Application	Phoenixcontact Phoenixcontact Automationworx Software Suite *	1

Common Weakness Enumeration (CWE)

CWE-824 - Access of Uninitialized Pointer

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References