CVE-2021-34597
Phoenix Contact: PC Worx/-Express prone to improper input validation vulnerability
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Improper Input Validation vulnerability in PC Worx Automation Suite of Phoenix Contact up to version 1.88 could allow an attacker with a manipulated project file to unpack arbitrary files outside of the selected project directory.
Una vulnerabilidad de comprobación de entrada inapropiada en PC Worx Automation Suite de Phoenix Contact versiones hasta 1.88, podrÃa permitir a un atacante con un archivo de proyecto manipulado desempaquetar archivos arbitrarios fuera del directorio del proyecto seleccionado
*Credits:
The vulnerability was discovered by Jake Baines of Dragos Inc. We kindly appreciate the coordinated disclosure of these vulnerabilities by the finder., PHOENIX CONTACT thanks CERT@VDE for the coordination and support with this publication.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-06-10 CVE Reserved
- 2021-11-04 CVE Published
- 2024-07-19 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://cert.vde.com/en/advisories/VDE-2021-052 | Mitigation |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Phoenixcontact Search vendor "Phoenixcontact" | Pc Worx Search vendor "Phoenixcontact" for product "Pc Worx" | <= 1.88 Search vendor "Phoenixcontact" for product "Pc Worx" and version " <= 1.88" | - |
Affected
| ||||||
| Phoenixcontact Search vendor "Phoenixcontact" | Pc Worx Express Search vendor "Phoenixcontact" for product "Pc Worx Express" | <= 1.88 Search vendor "Phoenixcontact" for product "Pc Worx Express" and version " <= 1.88" | - |
Affected
| ||||||