CVE-2021-34597

CWE-20Improper Input Validation3 documents3 sources
Severity
7.8HIGH
EPSS
0.2%
top 63.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Phoenix Contact PC WorxPhoenixcontact PC WorxPhoenixcontact PC Worx Express
Timeline
PublishedNov 4
Latest updateMay 24

Description

Improper Input Validation vulnerability in PC Worx Automation Suite of Phoenix Contact up to version 1.88 could allow an attacker with a manipulated project file to unpack arbitrary files outside of the selected project directory.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5phoenix_contact/pc_worxPC Worx1.88+1

🔴Vulnerability Details

2
GHSA
GHSA-m8p2-4fmh-2gr9: Improper Input Validation vulnerability in PC Worx Automation Suite of Phoenix Contact up to version 12022-05-24
CVEList
Phoenix Contact: PC Worx/-Express prone to improper input validation vulnerability2021-11-04
CVE-2021-34597 (HIGH CVSS 7.8) | Improper Input Validation vulnerabi | cvebase.io