CVE-2019-12870

HIGH

Phoenixcontact Automationworx Software Suite - Remote Code Execution

Title source: rule

Description

An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Uninitialized Pointer and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation, the attacker needs to exchange the original file with the manipulated one on the application programming workstation.

References (2)

[Third Party Advisory, VDB Entry] https://www.zerodayinitiative.com/advisories/ZDI-19-575/

[Third Party Advisory] https://cert.vde.com/en-us/advisories/vde-2019-014

Scores

CVSS v3 8.8

EPSS 0.0173

EPSS Percentile 82.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-824

Status published

Products (1)

phoenixcontact/automationworx_software_suite < 1.86

Published Jun 24, 2019

Tracked Since Feb 18, 2026