CVE-2019-12871 Information
Feb 14, 2021
cve
Description
An issue was discovered in PHOENIX CONTACT PC Worx through 1.86 PC Worx Express through 1.86 and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to a Use-After-Free and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation the attacker needs to exchange the original file with the manipulated one on the application programming workstation.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Reference
https://cert.vde.com/en-us/advisories/vde-2019-014 https://www.zerodayinitiative.com/advisories/ZDI-19-578/
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
8.8
Share on: