// For flags

CVE-2019-12871

Phoenix Contact Automationworx BCP File Parsing Use-After-Free Remote Code Execution Vulnerability

Severity Score

8.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to a Use-After-Free and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation, the attacker needs to exchange the original file with the manipulated one on the application programming workstation.

Se detecto un problema en PHOENIX CONTACT PC Worx hasta la versión 1.86, PC Worx Express hasta la versión 1.86 y Config+ hasta la versión 1.86. Un archivo de proyecto de PC Worx o Config+ manipulado podría conllevar a un uso de memoria previamente liberada (Use-After-Free) y a una ejecución de código remota. El atacante debe conseguir acceso a un archivo de proyecto original de PC Worx o Config+ para poder manipularlo. Después de la manipulación, el atacante debe intercambiar el archivo original con el manipulado en la estación de trabajo de programación de la aplicación.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Phoenix Contact Automationworx. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of BCP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process.

*Credits: kimiya, rgod, mdm of 9sg Security Team
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-06-18 CVE Reserved
  • 2019-06-20 CVE Published
  • 2024-08-04 CVE Updated
  • 2024-11-14 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-416: Use After Free
CAPEC
References (2)
URL Tag Source
https://cert.vde.com/en-us/advisories/vde-2019-014 Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-19-578 Third Party Advisory
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Phoenixcontact
Search vendor "Phoenixcontact"
 Automationworx Software Suite
Search vendor "Phoenixcontact" for product "Automationworx Software Suite"
 <= 1.86
Search vendor "Phoenixcontact" for product "Automationworx Software Suite" and version " <= 1.86"
-
Affected