CVE-2021-33542

CWE-8243 documents3 sources

Severity

7.0HIGH

EPSS

0.5%

top 32.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phoenix Contact Automation Worx Software Suite Phoenixcontact Config\+Phoenixcontact PC Worx +1 more

Timeline

PublishedJun 25

Latest updateMay 24

Description

Phoenix Contact Classic Automation Worx Software Suite in Version 1.87 and below is affected by a remote code execution vulnerability. Manipulated PC Worx or Config+ projects could lead to a remote code execution when unallocated memory is freed because of incompletely initialized data. The attacker needs to get access to an original bus configuration file (*.bcp) to be able to manipulate data inside. After manipulation the attacker needs to exchange the original file by the manipulated one on t…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5phoenix_contact/automation_worx_software_suitePC Worx — 1.87+2

▶NVDphoenixcontact/pc_worx1.87

▶NVDphoenixcontact/pc_worx_express1.87

▶NVDphoenixcontact/config\+1.87

🔴Vulnerability Details

GHSA

GHSA-88r6-jjq4-269q: Phoenix Contact Classic Automation Worx Software Suite in Version 1↗2022-05-24

▶

CVEList

Phoenix Contact: Automation Worx Software Suite affected by Remote Code Execution (RCE) vulnerability↗2021-06-25

▶