cnvd - cnvd-2020-38414

CNVD-2020-38414

Vulnerability from cnvd - Published: 2020-07-13

Title

Phoenix Contact PC Worx和Worx Express缓冲区溢出漏洞（CNVD-2020-38414）

Description

Phoenix Contact PC Worx和Phoenix Contact PC Worx Express都是德国菲尼克斯电气（Phoenix Contact）公司的一套用于PLC（可编程逻辑控制器）的编程软件。 Phoenix Contact PC Worx和PC Worx Express 1.87及之前版本中的PLCopen XML文件解析存在缓冲区溢出漏洞，该漏洞源于程序未充分验证输入数据。远程攻击者可利用该漏洞执行代码。

Severity

中

Formal description

目前厂商暂未发布修复措施解决此安全问题，建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法： https://www.phoenixcontact.com/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-12497

Impacted products

Name
['PHOENIX CONTACT PC Worx <=1.87', 'PHOENIX CONTACT PC Worx Express <=1.87']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-12497"
    }
  },
  "description": "Phoenix Contact PC Worx\u548cPhoenix Contact PC Worx Express\u90fd\u662f\u5fb7\u56fd\u83f2\u5c3c\u514b\u65af\u7535\u6c14\uff08Phoenix Contact\uff09\u516c\u53f8\u7684\u4e00\u5957\u7528\u4e8ePLC\uff08\u53ef\u7f16\u7a0b\u903b\u8f91\u63a7\u5236\u5668\uff09\u7684\u7f16\u7a0b\u8f6f\u4ef6\u3002\n\nPhoenix Contact PC Worx\u548cPC Worx Express 1.87\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u7684PLCopen XML\u6587\u4ef6\u89e3\u6790\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u5145\u5206\u9a8c\u8bc1\u8f93\u5165\u6570\u636e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4ee3\u7801\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u6682\u672a\u53d1\u5e03\u4fee\u590d\u63aa\u65bd\u89e3\u51b3\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u6216\u53c2\u8003\u7f51\u5740\u4ee5\u83b7\u53d6\u89e3\u51b3\u529e\u6cd5\uff1a\r\nhttps://www.phoenixcontact.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-38414",
  "openTime": "2020-07-13",
  "products": {
    "product": [
      "PHOENIX CONTACT PC Worx \u003c=1.87",
      "PHOENIX CONTACT PC Worx Express \u003c=1.87"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-12497",
  "serverity": "\u4e2d",
  "submitTime": "2020-07-02",
  "title": "Phoenix Contact PC Worx\u548cWorx Express\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2020-38414\uff09"
}

CVE-2020-12497 (GCVE-0-2020-12497)

Vulnerability from cvelistv5 – Published: 2020-07-01 15:52 – Updated: 2024-08-04 11:56

Title

Phoenix Contact Automation Worx <= 1.87: stack-based overflow

Summary

PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier can lead to a stack-based overflow. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-121 - Stack-based Buffer Overflow

Assigner

CERTVDE

References

URL

Tags

	https://cert.vde.com/de-de/advisories/vde-2020-023	x_refsource_CONFIRM
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC

Impacted products

Vendor

Product

Version

Phoenix Contact

Automation Worx

Affected: unspecified , ≤ 1.87 (custom)

Phoenix Contact

Automation Worx Express

Affected: unspecified , ≤ 1.87 (custom)

Credits

reported by Natnael Samson working with Trend Micro Zero Day Initiative, Phoenix Contact reported to CERT@VDE

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:56:52.059Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert.vde.com/de-de/advisories/vde-2020-023"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-825/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-398/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Automation Worx",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThanOrEqual": "1.87",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Automation Worx Express",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThanOrEqual": "1.87",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "reported by Natnael Samson working with Trend Micro Zero Day Initiative, Phoenix Contact reported to CERT@VDE"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier can lead to a stack-based overflow. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-31T09:06:17",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert.vde.com/de-de/advisories/vde-2020-023"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-825/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-398/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "With the next version of Automation Worx Software Suite (Version \u003e 1.87) a sharpened input data validation with respect to buffer size and description of size and number of objects referenced in a file will be implemented."
        }
      ],
      "source": {
        "defect": [
          "VDE-2020-023"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Phoenix Contact Automation Worx \u003c= 1.87: stack-based overflow",
      "workarounds": [
        {
          "lang": "en",
          "value": "We strongly recommend customers to exchange project files only using secure file exchange services. Project files should not be exchanged via unencrypted email.\nIn addition, we recommend exchanging or storing project files together with a checksum to ensure their integrity."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "info@cert.vde.com",
          "ID": "CVE-2020-12497",
          "STATE": "PUBLIC",
          "TITLE": "Phoenix Contact Automation Worx \u003c= 1.87: stack-based overflow"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Automation Worx",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "1.87"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Automation Worx Express",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "1.87"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Phoenix Contact"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "reported by Natnael Samson working with Trend Micro Zero Day Initiative, Phoenix Contact reported to CERT@VDE"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier can lead to a stack-based overflow. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-121 Stack-based Buffer Overflow"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert.vde.com/de-de/advisories/vde-2020-023",
              "refsource": "CONFIRM",
              "url": "https://cert.vde.com/de-de/advisories/vde-2020-023"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-825/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-825/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-398/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-398/"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "With the next version of Automation Worx Software Suite (Version \u003e 1.87) a sharpened input data validation with respect to buffer size and description of size and number of objects referenced in a file will be implemented."
          }
        ],
        "source": {
          "defect": [
            "VDE-2020-023"
          ],
          "discovery": "EXTERNAL"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "We strongly recommend customers to exchange project files only using secure file exchange services. Project files should not be exchanged via unencrypted email.\nIn addition, we recommend exchanging or storing project files together with a checksum to ensure their integrity."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2020-12497",
    "datePublished": "2020-07-01T15:52:35",
    "dateReserved": "2020-04-30T00:00:00",
    "dateUpdated": "2024-08-04T11:56:52.059Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2020-38414

CVE-2020-12497 (GCVE-0-2020-12497)

Tags

Sightings

Nomenclature