Phoenix Contact Automation Worx CVE-2019-16675 Remote Code Execution Vulnerability

Description

Phoenix Contact Automation Worx is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause a denial-of-service condition. The following components of Automation Worx Software Suite version 1.86 and prior are affected: PC Worx PC Worx Express Config+

Technologies Affected

• Phoenix Contact Automation Worx Software Suite 1.86

Recommendations

Run all software as a nonprivileged user with minimal access rights.
Run all non-administrative software as a non-administrative user with the least amount of privileges required to successfully operate. This will greatly reduce the potential damage that successful exploitation may achieve.

Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Deploy NIDS to monitor network traffic for signs of anomalous or suspicious activity including unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits.

Run all software as a nonprivileged user with minimal access rights.
To limit the impact of latent vulnerabilities, configure servers and other applications to run as a nonadministrative user with minimal access rights.

Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].