CVE-2021-33542
Phoenix Contact: Automation Worx Software Suite affected by Remote Code Execution (RCE) vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Phoenix Contact Classic Automation Worx Software Suite in Version 1.87 and below is affected by a remote code execution vulnerability. Manipulated PC Worx or Config+ projects could lead to a remote code execution when unallocated memory is freed because of incompletely initialized data. The attacker needs to get access to an original bus configuration file (*.bcp) to be able to manipulate data inside. After manipulation the attacker needs to exchange the original file by the manipulated one on the application programming workstation. Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities. Automated systems in operation which were programmed with one of the above-mentioned products are not affected.
Phoenix Contact Classic Automation Worx Software Suite en versiones 1.87 y anteriores, está afectado por una vulnerabilidad de ejecución de código remota. La manipulación de proyectos de PC Worx o Config+ podría conllevar a una ejecución de código remota cuando es liberada una memoria no asignada debido a datos inicializados de forma incompleta. El atacante necesita conseguir acceso a un archivo de configuración de bus original (*.bcp) para poder manipular los datos en su interior. Después de la manipulación, el atacante necesita intercambiar el archivo original por el manipulado en la estación de trabajo de programación de aplicaciones. La disponibilidad, la integridad o la confidencialidad de una estación de trabajo de programación de aplicaciones podría estar comprometida por ataques usando estas vulnerabilidades. Los sistemas automatizados en funcionamiento que fueron programados con uno de los productos mencionados no están afectados
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Phoenix Contact Automationworx. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of BCP files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-05-24 CVE Reserved
- 2021-06-25 CVE Published
- 2024-07-10 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-824: Access of Uninitialized Pointer
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://cert.vde.com/en-us/advisories/vde-2021-020 | Third Party Advisory | |
| https://www.zerodayinitiative.com/advisories/ZDI-21-782 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Phoenixcontact Search vendor "Phoenixcontact" | Config\+ Search vendor "Phoenixcontact" for product "Config\+" | <= 1.87 Search vendor "Phoenixcontact" for product "Config\+" and version " <= 1.87" | - |
Affected
| ||||||
| Phoenixcontact Search vendor "Phoenixcontact" | Pc Worx Search vendor "Phoenixcontact" for product "Pc Worx" | <= 1.87 Search vendor "Phoenixcontact" for product "Pc Worx" and version " <= 1.87" | - |
Affected
| ||||||
| Phoenixcontact Search vendor "Phoenixcontact" | Pc Worx Express Search vendor "Phoenixcontact" for product "Pc Worx Express" | <= 1.87 Search vendor "Phoenixcontact" for product "Pc Worx Express" and version " <= 1.87" | - |
Affected
| ||||||