Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2019-12871
HistoryJun 24, 2019 - 3:15 p.m.

CVE-2019-12871

2019-06-2415:15:10
CWE-416
mitre
web.nvd.nist.gov
39
cve-2019-12871
phoenix contact
pc worx
pc worx express
config+
use-after-free
remote code execution
security vulnerability

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.055

Percentile

93.3%

JSON

An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to a Use-After-Free and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation, the attacker needs to exchange the original file with the manipulated one on the application programming workstation.

Affected configurations

Nvd
Node
phoenixcontactautomationworx_software_suiteRange1.86
VendorProductVersionCPE
phoenixcontactautomationworx_software_suite*cpe:2.3:a:phoenixcontact:automationworx_software_suite:*:*:*:*:*:*:*:*

Related

prion 1
zdi 3
nvd 1
cvelist 1
ics 1
prion
prion
Remote code execution
2019-06-24 15:15:00
zdi
zdi
Phoenix Contact Automationworx BCP File Parsing Use-After-Free Remote Code Execution Vulnerability
2019-06-20 00:00:00
Phoenix Contact Automationworx BCP File Parsing Use-After-Free Remote Code Execution Vulnerability
2019-06-20 00:00:00
Phoenix Contact Automationworx BCP File Parsing Use-After-Free Remote Code Execution Vulnerability
2019-06-20 00:00:00
nvd
nvd
CVE-2019-12871
2019-06-24 15:15:10
cvelist
cvelist
CVE-2019-12871
2019-06-24 14:57:47
ics
ics
PHOENIX CONTACT Automation Worx Software Suite
2019-08-05 12:00:00

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.055

Percentile

93.3%

JSON
Related for CVE-2019-12871
prion1zdi3nvd1cvelist1ics1