CVE-2021-34597 - OpenCVE

Improper Input Validation vulnerability in PC Worx Automation Suite of Phoenix Contact up to version 1.88 could allow an attacker with a manipulated project file to unpack arbitrary files outside of the selected project directory.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Phoenixcontact	Pc Worx Pc Worx Express

Configuration 1 [-]

OR	cpe:2.3:a:phoenixcontact:pc_worx::::::::
	cpe:2.3:a:phoenixcontact:pc_worx_express::::::::

No data.

References

Link	Providers
https://cert.vde.com/en/advisories/VDE-2021-052/

History

No history.

MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published: 2021-11-04T09:50:10.155218Z

Updated: 2024-09-16T18:09:20.367Z

Reserved: 2021-06-10T00:00:00

Link: CVE-2021-34597

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-11-04T10:15:07.893

Modified: 2021-11-08T13:55:43.450

Link: CVE-2021-34597

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "PC Worx", "vendor": "Phoenix Contact", "versions": [{"lessThanOrEqual": "1.88", "status": "affected", "version": "PC Worx", "versionType": "custom"}, {"lessThanOrEqual": "1.88", "status": "affected", "version": "PC Worx-Express", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "The vulnerability was discovered by Jake Baines of Dragos Inc. We kindly appreciate the coordinated disclosure of these vulnerabilities by the finder."}, {"lang": "en", "value": "PHOENIX CONTACT thanks CERT@VDE for the coordination and support with this publication."}], "datePublic": "2021-11-03T00:00:00", "descriptions": [{"lang": "en", "value": "Improper Input Validation vulnerability in PC Worx Automation Suite of Phoenix Contact up to version 1.88 could allow an attacker with a manipulated project file to unpack arbitrary files outside of the selected project directory."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-11-04T09:50:10", "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://cert.vde.com/en/advisories/VDE-2021-052/"}], "solutions": [{"lang": "en", "value": "With the next version of Automation Worx Software Suite additional plausibility checks for archive content will be implemented."}], "source": {"advisory": "VDE-2021-052", "discovery": "EXTERNAL"}, "title": "Phoenix Contact: PC Worx/-Express prone to improper input validation vulnerability", "workarounds": [{"lang": "en", "value": "Temporary Fix / Mitigation\nWe strongly recommend customers to exchange project files only using secure file exchange services. Project files should not be exchanged via unencrypted email.\nIn addition, we recommend exchanging or storing project files together with a checksum to ensure their integrity."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "info@cert.vde.com", "DATE_PUBLIC": "2021-11-03T08:54:00.000Z", "ID": "CVE-2021-34597", "STATE": "PUBLIC", "TITLE": "Phoenix Contact: PC Worx/-Express prone to improper input validation vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "PC Worx", "version": {"version_data": [{"version_affected": "<=", "version_name": "PC Worx", "version_value": "1.88"}, {"version_affected": "<=", "version_name": "PC Worx-Express", "version_value": "1.88"}]}}]}, "vendor_name": "Phoenix Contact"}]}}, "credit": [{"lang": "eng", "value": "The vulnerability was discovered by Jake Baines of Dragos Inc. We kindly appreciate the coordinated disclosure of these vulnerabilities by the finder."}, {"lang": "eng", "value": "PHOENIX CONTACT thanks CERT@VDE for the coordination and support with this publication."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Improper Input Validation vulnerability in PC Worx Automation Suite of Phoenix Contact up to version 1.88 could allow an attacker with a manipulated project file to unpack arbitrary files outside of the selected project directory."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20 Improper Input Validation"}]}]}, "references": {"reference_data": [{"name": "https://cert.vde.com/en/advisories/VDE-2021-052/", "refsource": "CONFIRM", "url": "https://cert.vde.com/en/advisories/VDE-2021-052/"}]}, "solution": [{"lang": "en", "value": "With the next version of Automation Worx Software Suite additional plausibility checks for archive content will be implemented."}], "source": {"advisory": "VDE-2021-052", "discovery": "EXTERNAL"}, "work_around": [{"lang": "en", "value": "Temporary Fix / Mitigation\nWe strongly recommend customers to exchange project files only using secure file exchange services. Project files should not be exchanged via unencrypted email.\nIn addition, we recommend exchanging or storing project files together with a checksum to ensure their integrity."}]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T00:19:47.360Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://cert.vde.com/en/advisories/VDE-2021-052/"}]}]}, "cveMetadata": {"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "assignerShortName": "CERTVDE", "cveId": "CVE-2021-34597", "datePublished": "2021-11-04T09:50:10.155218Z", "dateReserved": "2021-06-10T00:00:00", "dateUpdated": "2024-09-16T18:09:20.367Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:phoenixcontact:pc_worx:*:*:*:*:*:*:*:*", "matchCriteriaId": "6E3BC487-A4B3-4ACA-8E5B-9E6E20378BF2", "versionEndIncluding": "1.88", "vulnerable": true}, {"criteria": "cpe:2.3:a:phoenixcontact:pc_worx_express:*:*:*:*:*:*:*:*", "matchCriteriaId": "02821C93-7E26-4596-9727-0BD71DDF5E93", "versionEndIncluding": "1.88", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Input Validation vulnerability in PC Worx Automation Suite of Phoenix Contact up to version 1.88 could allow an attacker with a manipulated project file to unpack arbitrary files outside of the selected project directory."}, {"lang": "es", "value": "Una vulnerabilidad de comprobaci\u00f3n de entrada inapropiada en PC Worx Automation Suite de Phoenix Contact versiones hasta 1.88, podr\u00eda permitir a un atacante con un archivo de proyecto manipulado desempaquetar archivos arbitrarios fuera del directorio del proyecto seleccionado"}], "id": "CVE-2021-34597", "lastModified": "2021-11-08T13:55:43.450", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "info@cert.vde.com", "type": "Primary"}]}, "published": "2021-11-04T10:15:07.893", "references": [{"source": "info@cert.vde.com", "tags": ["Mitigation", "Third Party Advisory"], "url": "https://cert.vde.com/en/advisories/VDE-2021-052/"}], "sourceIdentifier": "info@cert.vde.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "info@cert.vde.com", "type": "Primary"}]}