Vulnerability Details CVE-2019-12871
An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to a Use-After-Free and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation, the attacker needs to exchange the original file with the manipulated one on the application programming workstation.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.02
EPSS Ranking 82.8%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.8
References
Products affected by CVE-2019-12871
-
cpe:2.3:a:phoenixcontact:automationworx_software_suite:1.81
-
cpe:2.3:a:phoenixcontact:automationworx_software_suite:1.84
-
cpe:2.3:a:phoenixcontact:automationworx_software_suite:1.86