CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2019-12869 – Phoenix Contact Automationworx BCP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2019-12869
20 Jun 2019 — An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Out-Of-Bounds Read, Information Disclosure, and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation, the attacker needs to exchange the original file with the manipulated one on the application programming workstation. Se detectó... • https://cert.vde.com/en-us/advisories/vde-2019-014 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2019-12870 – Phoenix Contact Automationworx BCP File Parsing Uninitialized Pointer Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-12870
20 Jun 2019 — An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Uninitialized Pointer and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation, the attacker needs to exchange the original file with the manipulated one on the application programming workstation. Se detectó un problema en PHOENI... • https://cert.vde.com/en-us/advisories/vde-2019-014 • CWE-824: Access of Uninitialized Pointer •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 0CVE-2019-12871 – Phoenix Contact Automationworx BCP File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-12871
20 Jun 2019 — An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to a Use-After-Free and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation, the attacker needs to exchange the original file with the manipulated one on the application programming workstation. Se detecto un problema en PHOENIX CONTAC... • https://cert.vde.com/en-us/advisories/vde-2019-014 • CWE-416: Use After Free •