Headline
CVE-2020-12497: VDE-2020-023 | CERT@VDE
PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier can lead to a stack-based overflow. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation.
2020-07-01 10:25 (CEST) VDE-2020-023
PHOENIX CONTACT: Two Vulnerabilities in Automation Worx Suite
Share: Email | Twitter
**
Published
**
2020-07-01 10:25 (CEST)
**
Last update
**
2020-07-01 10:25 (CEST)
Vendor(s)
PHOENIX CONTACT GmbH & Co. KG
Product(s)
Article No°
Product Name
Affected Version(s)
PC Worx
<= 1.87
PC Worx Express
<= 1.87
**
Summary
**
Manipulated PC Worx projects could lead to a remote code execution due to insufficient input
data validation.
The attacker needs to get access to an original PC Worx project to be able to manipulate data
inside the project folder. After manipulation the attacker needs to exchange the original files by
the manipulated ones on the application programming workstation.
**
Vulnerabilities
**
Last Update
3. Juli 2020 15:34
Weakness
Stack-based Buffer Overflow (CWE-121)
Summary
PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier can lead to a stack-based overflow. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation.
Last Update
3. Juli 2020 15:34
Weakness
Stack-based Buffer Overflow (CWE-121)
Summary
mwe file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier is vulnerable to out-of-bounds read remote code execution. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation.
**
Impact
**
Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities.
Automated systems in operation which were programmed with one of the above-mentioned products are not affected.
**
Solution
**
Temporary Fix / Mitigation
We strongly recommend customers to exchange project files only using secure file exchange services. Project files should not be exchanged via unencrypted email.
In addition, we recommend exchanging or storing project files together with a checksum to ensure their integrity.
Remediation
With the next version of Automation Worx Software Suite a sharpened input data validation with respect to buffer size and description of size and number of objects referenced in a file will be implemented.
**
Reported by
**
ZDI-CAN-10147 was discovered by Natnael Samson working with Trend Micro Zero Day Initiative
ZDI-CAN-10586 was discovered by mdm working with Trend Micro Zero Day Initiative
Phoenix Contact reported the vulnerabilities to CERT@VDE.