1.86

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

phoenixcontact

CWE-416

NVD

Published: 2019-06-24

Updated: 2019-06-27

Summary

An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to a Use-After-Free and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation, the attacker needs to exchange the original file with the manipulated one on the application programming workstation.

Vulnerable Configurations

Part	Description	Count
Application	Phoenixcontact Phoenixcontact Automationworx Software Suite 1.81 Phoenixcontact Automationworx Software Suite 1.84 Phoenixcontact Automationworx Software Suite 1.86	3

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References