CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 0CVE-2019-12869 – Phoenix Contact Automationworx BCP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2019-12869
An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Out-Of-Bounds Read, Information Disclosure, and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation, the attacker needs to exchange the original file with the manipulated one on the application programming workstation. Se detectó un problema en PC Worx hasta la versión 1.86, PC Worx Express hasta la versión 1.86 y Config+ hasta la versión 1.86 de PHOENIX CONTACT. • https://cert.vde.com/en-us/advisories/vde-2019-014 https://www.zerodayinitiative.com/advisories/ZDI-19-579 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 0CVE-2019-12870 – Phoenix Contact Automationworx BCP File Parsing Uninitialized Pointer Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-12870
An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Uninitialized Pointer and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation, the attacker needs to exchange the original file with the manipulated one on the application programming workstation. Se detectó un problema en PHOENIX CONTACT PC Worx hasta la versión 1.86, PC Worx Express hasta la versión 1.86 y Config + hasta la versión 1.86. • https://cert.vde.com/en-us/advisories/vde-2019-014 https://www.zerodayinitiative.com/advisories/ZDI-19-575 • CWE-824: Access of Uninitialized Pointer •
CVSS: 8.8EPSS: 4%CPEs: 1EXPL: 0CVE-2019-12871 – Phoenix Contact Automationworx BCP File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-12871
An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to a Use-After-Free and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation, the attacker needs to exchange the original file with the manipulated one on the application programming workstation. Se detecto un problema en PHOENIX CONTACT PC Worx hasta la versión 1.86, PC Worx Express hasta la versión 1.86 y Config+ hasta la versión 1.86. • https://cert.vde.com/en-us/advisories/vde-2019-014 https://www.zerodayinitiative.com/advisories/ZDI-19-578 • CWE-416: Use After Free •