Vulnerability-Lookup

CNVD-2021-55175

Vulnerability from cnvd - Published: 2021-07-27

Title

Phoenix Contact Classic Automation Worx Software Suite缓冲区溢出漏洞

Description

Phoenix Contact Classic Automation是德国Phoenix Contac（Phoenix Contact）公司的提供剩余零件和 Phoenix Contact 维修服务。 Phoenix Contact Classic Automation Worx Software Suite 1.87及之前版本存在安全漏洞，该漏洞源于当未分配的内存由于未完全初始化的数据而被释放时，攻击者可利用该漏洞通过被操纵的PC Worx或Config+项目可能会导致远程代码执行。

Severity

中

Formal description

目前厂商暂未发布修复措施解决此安全问题，建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法： https://cert.vde.com/en-us/advisories/vde-2021-020。

Reference

https://cert.vde.com/en-us/advisories/vde-2021-020

Impacted products

Name
Phoenix Contac Classic Automation Worx Software Suite <=1.87

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-33542"
    }
  },
  "description": "Phoenix Contact Classic Automation\u662f\u5fb7\u56fdPhoenix Contac\uff08Phoenix Contact\uff09\u516c\u53f8\u7684\u63d0\u4f9b\u5269\u4f59\u96f6\u4ef6\u548c Phoenix Contact \u7ef4\u4fee\u670d\u52a1\u3002\n\nPhoenix Contact Classic Automation Worx Software Suite 1.87\u53ca\u4e4b\u524d\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5f53\u672a\u5206\u914d\u7684\u5185\u5b58\u7531\u4e8e\u672a\u5b8c\u5168\u521d\u59cb\u5316\u7684\u6570\u636e\u800c\u88ab\u91ca\u653e\u65f6\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u88ab\u64cd\u7eb5\u7684PC Worx\u6216Config+\u9879\u76ee\u53ef\u80fd\u4f1a\u5bfc\u81f4\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u6682\u672a\u53d1\u5e03\u4fee\u590d\u63aa\u65bd\u89e3\u51b3\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u6216\u53c2\u8003\u7f51\u5740\u4ee5\u83b7\u53d6\u89e3\u51b3\u529e\u6cd5\uff1a\r\nhttps://cert.vde.com/en-us/advisories/vde-2021-020\u3002",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-55175",
  "openTime": "2021-07-27",
  "products": {
    "product": "Phoenix Contac Classic Automation Worx Software Suite \u003c=1.87"
  },
  "referenceLink": "https://cert.vde.com/en-us/advisories/vde-2021-020",
  "serverity": "\u4e2d",
  "submitTime": "2021-06-29",
  "title": "Phoenix Contact Classic Automation Worx Software Suite\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}

CVE-2021-33542 (GCVE-0-2021-33542)

Vulnerability from cvelistv5 – Published: 2021-06-25 18:26 – Updated: 2024-09-17 01:31

Title

Phoenix Contact: Automation Worx Software Suite affected by Remote Code Execution (RCE) vulnerability

Summary

Phoenix Contact Classic Automation Worx Software Suite in Version 1.87 and below is affected by a remote code execution vulnerability. Manipulated PC Worx or Config+ projects could lead to a remote code execution when unallocated memory is freed because of incompletely initialized data. The attacker needs to get access to an original bus configuration file (*.bcp) to be able to manipulate data inside. After manipulation the attacker needs to exchange the original file by the manipulated one on the application programming workstation. Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities. Automated systems in operation which were programmed with one of the above-mentioned products are not affected.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-824 - Access of Uninitialized Pointer

Assigner

CERTVDE

References

URL

Tags

	https://cert.vde.com/en-us/advisories/vde-2021-020	x_refsource_CONFIRM
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Phoenix Contact	Automation Worx Software Suite	Affected: PC Worx , ≤ 1.87 (custom) Affected: PC Worx Express , ≤ 1.87 (custom) Affected: Config+ , ≤ 1.87 (custom)

Credits

The vulnerability was discovered by Francis Provencher {PRL} and reported by Zero Day Initiative (ZDI) as ZDI-CAN-13134. PHOENIX CONTACT thanks CERT@VDE for the coordination and support with this publication.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:50:43.120Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en-us/advisories/vde-2021-020"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-782/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Automation Worx Software Suite",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThanOrEqual": "1.87",
              "status": "affected",
              "version": "PC Worx",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "1.87",
              "status": "affected",
              "version": "PC Worx Express",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "1.87",
              "status": "affected",
              "version": "Config+",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "The vulnerability was discovered by Francis Provencher {PRL} and reported by Zero Day Initiative (ZDI) as ZDI-CAN-13134. PHOENIX CONTACT thanks CERT@VDE for the coordination and support with this publication."
        }
      ],
      "datePublic": "2021-06-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Phoenix Contact Classic Automation Worx Software Suite in Version 1.87 and below is affected by a remote code execution vulnerability. Manipulated PC Worx or Config+ projects could lead to a remote code execution when unallocated memory is freed because of incompletely initialized data. The attacker needs to get access to an original bus configuration file (*.bcp) to be able to manipulate data inside. After manipulation the attacker needs to exchange the original file by the manipulated one on the application programming workstation. Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities. Automated systems in operation which were programmed with one of the above-mentioned products are not affected."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-824",
              "description": "CWE-824 Access of Uninitialized Pointer",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-07T09:06:35",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert.vde.com/en-us/advisories/vde-2021-020"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-782/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Temporary Fix / Mitigation\nWe strongly recommend customers to exchange project files only using secure file exchange services. Project files should not be exchanged via unencrypted email.\n\nRemediation\nWith the next version of Automationworx Software Suite the affected data will be initialized completely and thereby freeing of unallocated memory will be prevented."
        }
      ],
      "source": {
        "advisory": "VDE-2021-020",
        "defect": [
          "VDE-2021-020"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Phoenix Contact: Automation Worx Software Suite affected by Remote Code Execution (RCE) vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "info@cert.vde.com",
          "DATE_PUBLIC": "2021-06-23T10:00:00.000Z",
          "ID": "CVE-2021-33542",
          "STATE": "PUBLIC",
          "TITLE": "Phoenix Contact: Automation Worx Software Suite affected by Remote Code Execution (RCE) vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Automation Worx Software Suite",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "PC Worx",
                            "version_value": "1.87"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "PC Worx Express",
                            "version_value": "1.87"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "Config+",
                            "version_value": "1.87"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Phoenix Contact"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "The vulnerability was discovered by Francis Provencher {PRL} and reported by Zero Day Initiative (ZDI) as ZDI-CAN-13134. PHOENIX CONTACT thanks CERT@VDE for the coordination and support with this publication."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Phoenix Contact Classic Automation Worx Software Suite in Version 1.87 and below is affected by a remote code execution vulnerability. Manipulated PC Worx or Config+ projects could lead to a remote code execution when unallocated memory is freed because of incompletely initialized data. The attacker needs to get access to an original bus configuration file (*.bcp) to be able to manipulate data inside. After manipulation the attacker needs to exchange the original file by the manipulated one on the application programming workstation. Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities. Automated systems in operation which were programmed with one of the above-mentioned products are not affected."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-824 Access of Uninitialized Pointer"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert.vde.com/en-us/advisories/vde-2021-020",
              "refsource": "CONFIRM",
              "url": "https://cert.vde.com/en-us/advisories/vde-2021-020"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-782/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-782/"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Temporary Fix / Mitigation\nWe strongly recommend customers to exchange project files only using secure file exchange services. Project files should not be exchanged via unencrypted email.\n\nRemediation\nWith the next version of Automationworx Software Suite the affected data will be initialized completely and thereby freeing of unallocated memory will be prevented."
          }
        ],
        "source": {
          "advisory": "VDE-2021-020",
          "defect": [
            "VDE-2021-020"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2021-33542",
    "datePublished": "2021-06-25T18:26:06.409806Z",
    "dateReserved": "2021-05-24T00:00:00",
    "dateUpdated": "2024-09-17T01:31:44.718Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2021-55175

CVE-2021-33542 (GCVE-0-2021-33542)

Tags

Sightings

Nomenclature