CVE-2019-12870

CWE-8243 documents3 sources
Severity
8.8HIGH
EPSS
1.7%
top 17.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Phoenixcontact Automationworx Software Suite
Timeline
PublishedJun 24
Latest updateMay 24

Description

An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Uninitialized Pointer and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation, the attacker needs to exchange the original file with the manipulated one on the application programming workstation.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-q6f5-9m85-j5v5: An issue was discovered in PHOENIX CONTACT PC Worx through 12022-05-24
CVEList
CVE-2019-12870: An issue was discovered in PHOENIX CONTACT PC Worx through 12019-06-24
CVE-2019-12870 (HIGH CVSS 8.8) | An issue was discovered in PHOENIX | cvebase.io