CVE-2020-12498 - OpenCVE

mwe file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier is vulnerable to out-of-bounds read remote code execution. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Phoenixcontact	Pc Worx Pc Worx Express

Configuration 1 [-]

OR	cpe:2.3:a:phoenixcontact:pc_worx::::::::
	cpe:2.3:a:phoenixcontact:pc_worx_express::::::::

No data.

References

Link	Providers
https://cert.vde.com/de-de/advisories/vde-2020-023
https://www.zerodayinitiative.com/advisories/ZDI-20-826/

History

No history.

MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published: 2020-07-01T15:52:35

Updated: 2024-08-04T11:56:52.080Z

Reserved: 2020-04-30T00:00:00

Link: CVE-2020-12498

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-07-01T16:15:12.963

Modified: 2020-07-10T16:47:21.940

Link: CVE-2020-12498

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Automation Worx", "vendor": "Phoenix Contact", "versions": [{"lessThanOrEqual": "1.87", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Automation Worx Express", "vendor": "Phoenix Contact", "versions": [{"lessThanOrEqual": "1.87", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "reported by mdm working with Trend Micro Zero Day Initiative, Phoenix Contact reported to CERT@VDE"}], "descriptions": [{"lang": "en", "value": "mwe file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier is vulnerable to out-of-bounds read remote code execution. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-07-10T14:06:05", "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://cert.vde.com/de-de/advisories/vde-2020-023"}, {"tags": ["x_refsource_MISC"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-826/"}], "solutions": [{"lang": "en", "value": "With the next version of Automation Worx Software Suite (Version > 1.87) a sharpened input data validation with respect to buffer size and description of size and number of objects referenced in a file will be implemented."}], "source": {"defect": ["VDE-2020-023"], "discovery": "EXTERNAL"}, "title": "Phoenix Contact Automation Worx <= 1.87: out-of-bounds read remote code execution", "workarounds": [{"lang": "en", "value": "We strongly recommend customers to exchange project files only using secure file exchange services. Project files should not be exchanged via unencrypted email.\nIn addition, we recommend exchanging or storing project files together with a checksum to ensure their integrity."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "info@cert.vde.com", "ID": "CVE-2020-12498", "STATE": "PUBLIC", "TITLE": "Phoenix Contact Automation Worx <= 1.87: out-of-bounds read remote code execution"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Automation Worx", "version": {"version_data": [{"version_affected": "<=", "version_value": "1.87"}]}}, {"product_name": "Automation Worx Express", "version": {"version_data": [{"version_affected": "<=", "version_value": "1.87"}]}}]}, "vendor_name": "Phoenix Contact"}]}}, "credit": [{"lang": "eng", "value": "reported by mdm working with Trend Micro Zero Day Initiative, Phoenix Contact reported to CERT@VDE"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "mwe file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier is vulnerable to out-of-bounds read remote code execution. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-121 Stack-based Buffer Overflow"}]}]}, "references": {"reference_data": [{"name": "https://cert.vde.com/de-de/advisories/vde-2020-023", "refsource": "CONFIRM", "url": "https://cert.vde.com/de-de/advisories/vde-2020-023"}, {"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-826/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-826/"}]}, "solution": [{"lang": "en", "value": "With the next version of Automation Worx Software Suite (Version > 1.87) a sharpened input data validation with respect to buffer size and description of size and number of objects referenced in a file will be implemented."}], "source": {"defect": ["VDE-2020-023"], "discovery": "EXTERNAL"}, "work_around": [{"lang": "en", "value": "We strongly recommend customers to exchange project files only using secure file exchange services. Project files should not be exchanged via unencrypted email.\nIn addition, we recommend exchanging or storing project files together with a checksum to ensure their integrity."}]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T11:56:52.080Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://cert.vde.com/de-de/advisories/vde-2020-023"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-826/"}]}]}, "cveMetadata": {"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "assignerShortName": "CERTVDE", "cveId": "CVE-2020-12498", "datePublished": "2020-07-01T15:52:35", "dateReserved": "2020-04-30T00:00:00", "dateUpdated": "2024-08-04T11:56:52.080Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:phoenixcontact:pc_worx:*:*:*:*:*:*:*:*", "matchCriteriaId": "400D4462-61F2-4EA4-A500-1ECD7CC5E37B", "versionEndExcluding": "1.87", "vulnerable": true}, {"criteria": "cpe:2.3:a:phoenixcontact:pc_worx_express:*:*:*:*:*:*:*:*", "matchCriteriaId": "613450E9-39B4-4D97-BB64-A3AE3B7ECCA9", "versionEndIncluding": "1.87", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "mwe file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier is vulnerable to out-of-bounds read remote code execution. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation."}, {"lang": "es", "value": "El an\u00e1lisis de archivos mwe en Phoenix Contact PC Worx y PC Worx Express versiones 1.87 y anteriores, es vulnerable a una ejecuci\u00f3n de c\u00f3digo remota de lectura fuera de l\u00edmites. Los proyectos manipulados de PC Worx podr\u00eda conllevar a una ejecuci\u00f3n de c\u00f3digo remota debido a una comprobaci\u00f3n de datos de entrada insuficiente"}], "id": "CVE-2020-12498", "lastModified": "2020-07-10T16:47:21.940", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "info@cert.vde.com", "type": "Secondary"}]}, "published": "2020-07-01T16:15:12.963", "references": [{"source": "info@cert.vde.com", "tags": ["Vendor Advisory"], "url": "https://cert.vde.com/de-de/advisories/vde-2020-023"}, {"source": "info@cert.vde.com", "tags": ["Third Party Advisory"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-826/"}], "sourceIdentifier": "info@cert.vde.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-121"}], "source": "info@cert.vde.com", "type": "Secondary"}]}