Lucene search

CERTVDECVELIST:CVE-2020-12498

HistoryJul 01, 2020 - 3:52 p.m.

CVE-2020-12498 Phoenix Contact Automation Worx <= 1.87: out-of-bounds read remote code execution

2020-07-0115:52:35

CWE-121

CERTVDE

www.cve.org

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.004 Low

EPSS

Percentile

73.1%

JSON

mwe file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier is vulnerable to out-of-bounds read remote code execution. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation.

CNA Affected

[
  {
    "product": "Automation Worx",
    "vendor": "Phoenix Contact",
    "versions": [
      {
        "lessThanOrEqual": "1.87",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Automation Worx Express",
    "vendor": "Phoenix Contact",
    "versions": [
      {
        "lessThanOrEqual": "1.87",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

cert.vde.com/de-de/advisories/vde-2020-023

www.zerodayinitiative.com/advisories/ZDI-20-826/

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.004 Low

EPSS

Percentile

73.1%

JSON

Related for CVELIST:CVE-2020-12498