Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

CVE-2020-12497 : Vulnerability Insights and Analysis

Learn about CVE-2020-12497, a high-severity vulnerability in Phoenix Contact Automation Worx <= 1.87. Understand its impact, affected systems, exploitation, and mitigation steps.

PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier can lead to a stack-based overflow, potentially resulting in remote code execution due to insufficient input data validation.

Understanding CVE-2020-12497

This CVE involves a stack-based overflow vulnerability in Phoenix Contact Automation Worx <= 1.87.

What is CVE-2020-12497?

The vulnerability arises from PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier, allowing for a stack-based overflow.

The Impact of CVE-2020-12497

        CVSS Base Score: 7.8 (High Severity)
        Attack Vector: Local
        Attack Complexity: Low
        Privileges Required: None
        User Interaction: Required
        Confidentiality, Integrity, and Availability Impact: High

Technical Details of CVE-2020-12497

This section delves into the specifics of the vulnerability.

Vulnerability Description

The vulnerability involves a stack-based overflow in Phoenix Contact Automation Worx <= 1.87 due to inadequate input data validation during PLCopen XML file parsing.

Affected Systems and Versions

        Products: Automation Worx, Automation Worx Express
        Vendor: Phoenix Contact
        Affected Versions: <= 1.87
        Version Type: Custom

Exploitation Mechanism

Exploitation can occur through manipulated PC Worx projects, potentially leading to remote code execution.

Mitigation and Prevention

To address CVE-2020-12497, follow these steps:

Immediate Steps to Take

        Exchange project files using secure file exchange services
        Avoid exchanging project files via unencrypted email
        Store project files with a checksum for integrity verification

Long-Term Security Practices

        Regularly update to the next version of Automation Worx Software Suite (> 1.87)
        Implement sharpened input data validation for buffer size and object references in files
        Follow secure coding practices

Patching and Updates

Stay informed about security updates and patches from Phoenix Contact.

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities?
Find Out Now