HIGH🇬🇧 English

CVE-2019-12869

CVSS 8.8v3.0pub. 2019-06-24upd. 2024-11-21

An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Out-Of-Bounds Read, Information Disclosure, and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation, the attacker needs to exchange the original file with the manipulated one on the application programming workstation.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Phoenixcontact Automationworx Software Suite

    APP
    Phoenixcontact
    ≤ 1.86
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCEMemory
CWE
Referencje

Powiązane podatności

CVE-2023-46141CRITICAL9.8PL ✓ten sam produkt

Phoenix Contact: nieuprawniony zdalny dostęp do urządzeń linii klasycznej

CVE-2023-46143HIGH7.5ten sam produkt

Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT classic line PLCs allows an unauthen...

CVE-2022-3461HIGH7.8ten sam produkt

In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 manipulated PC Worx or Config+ files could...

CVE-2022-3737HIGH7.8ten sam produkt

In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 memory can be read beyond the intended sco...

CVE-2019-12870HIGH8.8ten sam produkt

An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ thr...