Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

CVE-2020-12498 : Security Advisory and Response

Learn about CVE-2020-12498, a high-severity vulnerability in Phoenix Contact PC Worx and PC Worx Express <= 1.87 versions, leading to out-of-bounds read remote code execution. Find mitigation steps and long-term security practices.

Phoenix Contact Automation Worx <= 1.87: out-of-bounds read remote code execution

Understanding CVE-2020-12498

This CVE involves a vulnerability in Phoenix Contact PC Worx and PC Worx Express versions 1.87 and earlier, leading to out-of-bounds read remote code execution.

What is CVE-2020-12498?

        The vulnerability arises from mwe file parsing in Phoenix Contact PC Worx and PC Worx Express.
        It allows for out-of-bounds read remote code execution due to insufficient input data validation.

The Impact of CVE-2020-12498

        CVSS Score: 7.8 (High Severity)
        Attack Vector: Local
        Confidentiality Impact: High
        Integrity Impact: High
        Availability Impact: High
        User Interaction: Required

Technical Details of CVE-2020-12498

This section provides detailed technical information about the vulnerability.

Vulnerability Description

        The vulnerability is categorized as CWE-121 Stack-based Buffer Overflow.

Affected Systems and Versions

        Products affected: Automation Worx, Automation Worx Express
        Vendor: Phoenix Contact
        Vulnerable versions: <= 1.87

Exploitation Mechanism

        Attack Complexity: Low
        Privileges Required: None
        Scope: Unchanged

Mitigation and Prevention

Guidelines to mitigate the risks associated with CVE-2020-12498.

Immediate Steps to Take

        Exchange project files using secure file exchange services only.
        Avoid exchanging project files via unencrypted email.
        Use checksums when exchanging or storing project files to ensure integrity.

Long-Term Security Practices

        Regularly update to the next version of Automation Worx Software Suite (> 1.87) for improved input data validation.

Patching and Updates

        Ensure the next version of Automation Worx Software Suite includes enhanced input data validation.

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities?
Find Out Now