PT-2023-7706 · Phoenix Contact · Pc Worx Express +17

Name of the Vulnerable Software and Affected Versions: Phoenix Contact Automation Worx Software Suite versions affected versions not specified AXC 1050 versions affected versions not specified AXC 1050 XC versions affected versions not specified AXC 3050 versions affected versions not specified...

CVE-2020-12498

mwe file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier is vulnerable to out-of-bounds read remote code execution. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation...

CVE-2020-12497

PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier can lead to a stack-based overflow. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation...

CVE-2020-12498

mwe file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier is vulnerable to out-of-bounds read remote code execution. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation...

Stack overflow

PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier can lead to a stack-based overflow. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation...

CVE-2020-12498 Phoenix Contact Automation Worx <= 1.87: out-of-bounds read remote code execution

mwe file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier is vulnerable to out-of-bounds read remote code execution. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation...

CVE-2020-12497 Phoenix Contact Automation Worx <= 1.87: stack-based overflow

PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier can lead to a stack-based overflow. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation...

CVE-2020-12498

Phoenix Contact PC Worx and PC Worx Express (v1.87 and earlier) are affected by CVE-2020-12498 due to insufficient input validation in MWE file parsing, causing an out-of-bounds read that can lead to remote code execution. Affected component: PC Worx/PC Worx Express parsing of MWE project files; ...

Out-of-bounds

An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Out-of-bounds Read and remote code execution. The attacker needs to get access to an original PC Worx or Config+...

CVE-2019-16675

An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Out-of-bounds Read and remote code execution. The attacker needs to get access to an original PC Worx or Config+...

Phoenix Contact Automation Worx CVE-2019-16675 Remote Code Execution Vulnerability

Description Phoenix Contact Automation Worx is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause a denial-of-service condition. The...

The vulnerability of the PC Worx, PC Worx Express, INTERBUS Config+ software package, Automationworx Software Suite components, related to the use of memory after it is freed, allows a hacker to execute arbitrary code.

The vulnerability of the PC Worx, PC Worx Express, INTERBUS Config+ software suite components is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Remote code execution

An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Uninitialized Pointer and remote code execution. The attacker needs to get access to an original PC Worx or Confi...

CVE-2019-12869

An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Out-Of-Bounds Read, Information Disclosure, and remote code execution. The attacker needs to get access to an...

CVE-2019-12869

PHOENIX CONTACT Automation Worx Software Suite components PC Worx, PC Worx Express, and Config+ (version 1.86 and earlier) are affected by CVE-2019-12869. The issue is an Out-Of-Bounds Read that can lead to Information Disclosure and remote code execution when an attacker manipulates a legitimate...

CVE-2019-12870

PHOENIX CONTACT Automation Worx Software Suite (PC Worx, PC Worx Express, Config+; v1.86 and earlier) is affected by CVE-2019-12870. The issue is an uninitialized pointer leading to remote code execution. An attacker must obtain an original PC Worx/Config+ project file, manipulate it, and replace...

CVE-2019-12871

An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to a Use-After-Free and remote code execution. The attacker needs to get access to an original PC Worx or Config+ proje...

CVE-2019-12871

CVE-2019-12871 affects Phoenix Contact Automation Worx Software Suite up to v1.86 (PC Worx, PC Worx Express, Config+). The issue is a Use-After-Free in the handling of project files (notably BCP parsing) that could allow remote code execution after an attacker manipulates a legitimate PC Worx/Con...