VDE-2020-023

Vulnerability from csaf_phoenixcontactgmbhcokg - Published: 2020-07-01 08:25 - Updated: 2025-05-14 12:28
Summary
PHOENIX CONTACT: Two Vulnerabilities in Automation Worx Suite
Notes
Summary: Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation. The attacker needs to get access to an original PC Worx project to be able to manipulate data inside the project folder. After manipulation the attacker needs to exchange the original files by the manipulated ones on the application programming workstation.
Impact: Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities. Automated systems in operation which were programmed with one of the above-mentioned products are not affected.
Mitigation: We strongly recommend customers to exchange project files only using secure file exchange services. Project files should not be exchanged via unencrypted email. In addition, we recommend exchanging or storing project files together with a checksum to ensure their integrity.
Remediation: With the next version of Automation Worx Software Suite a sharpened input data validation with respect to buffer size and description of size and number of objects referenced in a file will be implemented.
CVE-2020-12497

PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier can lead to a stack-based overflow. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation.

7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-121 - Stack-based Buffer Overflow
Mitigation We strongly recommend customers to exchange project files only using secure file exchange services. Project files should not be exchanged via unencrypted email. In addition, we recommend exchanging or storing project files together with a checksum to ensure their integrity.
Vendor Fix With the next version of Automation Worx Software Suite a sharpened input data validation with respect to buffer size and description of size and number of objects referenced in a file will be implemented.
CVE-2020-12498

mwe file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier is vulnerable to out-of-bounds read remote code execution. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation.

7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-121 - Stack-based Buffer Overflow
Mitigation We strongly recommend customers to exchange project files only using secure file exchange services. Project files should not be exchanged via unencrypted email. In addition, we recommend exchanging or storing project files together with a checksum to ensure their integrity.
Vendor Fix With the next version of Automation Worx Software Suite a sharpened input data validation with respect to buffer size and description of size and number of objects referenced in a file will be implemented.
References
Acknowledgments
CERT@VDE
Trend Micro Zero Day Initiative Natnael Samson mdm
To clipboard 

{
  "document": {
    "acknowledgments": [
      {
        "organization": "CERT@VDE",
        "summary": "coordination"
      },
      {
        "names": [
          "Natnael Samson",
          "mdm"
        ],
        "organization": "Trend Micro Zero Day Initiative",
        "summary": "discovered"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-GB",
    "notes": [
      {
        "category": "summary",
        "text": "Manipulated PC Worx projects could lead to a remote code execution due to insufficient input\ndata validation.\n\nThe attacker needs to get access to an original PC Worx project to be able to manipulate data\ninside the project folder. After manipulation the attacker needs to exchange the original files by\nthe manipulated ones on the application programming workstation.",
        "title": "Summary"
      },
      {
        "category": "description",
        "text": "Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities.\nAutomated systems in operation which were programmed with one of the above-mentioned products are not affected.",
        "title": "Impact"
      },
      {
        "category": "description",
        "text": "We strongly recommend customers to exchange project files only using secure file exchange services. Project files should not be exchanged via unencrypted email.\nIn addition, we recommend exchanging or storing project files together with a checksum to ensure their integrity.",
        "title": "Mitigation"
      },
      {
        "category": "description",
        "text": "With the next version of Automation Worx Software Suite a sharpened input data validation with respect to buffer size and description of size and number of objects referenced in a file will be implemented.",
        "title": "Remediation"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@phoenixcontact.com",
      "name": "Phoenix Contact GmbH \u0026 Co. KG",
      "namespace": "https://phoenixcontact.com/psirt"
    },
    "references": [
      {
        "category": "external",
        "summary": "CERT@VDE Security Advisories for Phoenix Contact",
        "url": "https://certvde.com/en/advisories/vendor/phoenixcontact/"
      },
      {
        "category": "self",
        "summary": "VDE-2020-023: PHOENIX CONTACT: Two Vulnerabilities in Automation Worx Suite - HTML",
        "url": "https://certvde.com/de/advisories/VDE-2020-023/"
      },
      {
        "category": "self",
        "summary": "VDE-2020-023: PHOENIX CONTACT: Two Vulnerabilities in Automation Worx Suite - CSAF",
        "url": "https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2020/vde-2020-023.json"
      }
    ],
    "title": "PHOENIX CONTACT: Two Vulnerabilities in Automation Worx Suite",
    "tracking": {
      "aliases": [
        "VDE-2020-023"
      ],
      "current_release_date": "2025-05-14T12:28:19.000Z",
      "generator": {
        "date": "2024-11-11T11:48:33.579Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.14"
        }
      },
      "id": "VDE-2020-023",
      "initial_release_date": "2020-07-01T08:25:00.000Z",
      "revision_history": [
        {
          "date": "2020-07-01T08:25:00.000Z",
          "number": "1",
          "summary": "Initial revision."
        },
        {
          "date": "2025-05-14T12:28:19.000Z",
          "number": "2",
          "summary": "Fix: version space, added distribution"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "\u003c=1.87",
                    "product": {
                      "name": "Software PC Worx \u003c=1.87",
                      "product_id": "CSAFPID-51001"
                    }
                  }
                ],
                "category": "product_name",
                "name": "PC Worx"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "\u003c=1.87",
                    "product": {
                      "name": "Software PC Worx Express \u003c=1.87",
                      "product_id": "CSAFPID-51002"
                    }
                  }
                ],
                "category": "product_name",
                "name": "PC Worx Express"
              }
            ],
            "category": "product_family",
            "name": "Software"
          }
        ],
        "category": "vendor",
        "name": "PHOENIX CONTACT"
      }
    ],
    "product_groups": [
      {
        "group_id": "CSAFGID-0001",
        "product_ids": [
          "CSAFPID-51001",
          "CSAFPID-51002"
        ],
        "summary": "Affected products."
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-12497",
      "cwe": {
        "id": "CWE-121",
        "name": "Stack-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "description",
          "text": "PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier can lead to a stack-based overflow. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation.",
          "title": "Description"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-51001",
          "CSAFPID-51002"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "We strongly recommend customers to exchange project files only using secure file exchange services. Project files should not be exchanged via unencrypted email.\nIn addition, we recommend exchanging or storing project files together with a checksum to ensure their integrity.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "With the next version of Automation Worx Software Suite a sharpened input data validation with respect to buffer size and description of size and number of objects referenced in a file will be implemented.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 7.8,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 7.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-51001",
            "CSAFPID-51002"
          ]
        }
      ],
      "title": "CVE-2020-12497"
    },
    {
      "cve": "CVE-2020-12498",
      "cwe": {
        "id": "CWE-121",
        "name": "Stack-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "description",
          "text": "mwe file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier is vulnerable to out-of-bounds read remote code execution. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation.",
          "title": "Description"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-51001",
          "CSAFPID-51002"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "We strongly recommend customers to exchange project files only using secure file exchange services. Project files should not be exchanged via unencrypted email.\nIn addition, we recommend exchanging or storing project files together with a checksum to ensure their integrity.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "With the next version of Automation Worx Software Suite a sharpened input data validation with respect to buffer size and description of size and number of objects referenced in a file will be implemented.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 7.8,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 7.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-51001",
            "CSAFPID-51002"
          ]
        }
      ],
      "title": "CVE-2020-12498"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.