Details of VAR-201906-0524

ID

VAR-201906-0524

CVE

CVE-2019-12871

TITLE

Phoenix Contact Automationworx BCP File Parsing Use-After-Free Remote Code Execution Vulnerability

Trust: 2.1

sources: ZDI: ZDI-19-577 // ZDI: ZDI-19-578 // ZDI: ZDI-19-576

DESCRIPTION

An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to a Use-After-Free and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation, the attacker needs to exchange the original file with the manipulated one on the application programming workstation. PHOENIX CONTACT PC Worx , PC Worx Express , Config+ Contains a vulnerability in the use of freed memory.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Phoenix Contact Automationworx. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of BCP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. The Automation Worx Software Suite is an automation package from Phoenix Contact. Failed exploit attempts will likely cause a denial-of-service condition

Trust: 4.5

sources: NVD: CVE-2019-12871 // JVNDB: JVNDB-2019-005782 // ZDI: ZDI-19-577 // ZDI: ZDI-19-578 // ZDI: ZDI-19-576 // CNVD: CNVD-2019-41441 // BID: 108869 // IVD: 35198296-e784-4d5a-ac34-19c6b1d5ccd3

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 35198296-e784-4d5a-ac34-19c6b1d5ccd3 // CNVD: CNVD-2019-41441

AFFECTED PRODUCTS

vendor:	phoenix contact	model:	automationworx	scope:	-	version:	-	Trust: 2.1
vendor:	phoenixcontact	model:	automationworx software suite	scope:	lte	version:	1.86	Trust: 1.0
vendor:	phoenix contact	model:	automationworx software suite	scope:	lte	version:	1.86	Trust: 0.8
vendor:	phoenix	model:	contact automation worx software suite	scope:	lte	version:	<=1.86	Trust: 0.6
vendor:	phoenix	model:	contact automation worx software suite	scope:	eq	version:	1.86	Trust: 0.3
vendor:	automationworx suite	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 35198296-e784-4d5a-ac34-19c6b1d5ccd3 // ZDI: ZDI-19-577 // ZDI: ZDI-19-578 // ZDI: ZDI-19-576 // CNVD: CNVD-2019-41441 // BID: 108869 // JVNDB: JVNDB-2019-005782 // NVD: CVE-2019-12871

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2019-12871
value:	HIGH
Trust: 2.1
nvd@nist.gov:	CVE-2019-12871
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-12871
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2019-41441
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201906-834
value:	HIGH
Trust: 0.6
IVD:	35198296-e784-4d5a-ac34-19c6b1d5ccd3
value:	HIGH
Trust: 0.2

nvd@nist.gov:	CVE-2019-12871
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-41441
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	35198296-e784-4d5a-ac34-19c6b1d5ccd3
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

ZDI:	CVE-2019-12871
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 2.1
nvd@nist.gov:	CVE-2019-12871
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: IVD: 35198296-e784-4d5a-ac34-19c6b1d5ccd3 // ZDI: ZDI-19-577 // ZDI: ZDI-19-578 // ZDI: ZDI-19-576 // CNVD: CNVD-2019-41441 // JVNDB: JVNDB-2019-005782 // CNNVD: CNNVD-201906-834 // NVD: CVE-2019-12871

PROBLEMTYPE DATA

problemtype:

CWE-416

Trust: 1.8

sources: JVNDB: JVNDB-2019-005782 // NVD: CVE-2019-12871

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-834

TYPE

Resource management error

Trust: 0.8

sources: IVD: 35198296-e784-4d5a-ac34-19c6b1d5ccd3 // CNNVD: CNNVD-201906-834

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-005782

PATCH

title:	VDE-2019-014	url:	https://cert.vde.com/en-us/advisories/vde-2019-014	Trust: 2.9
title:	Automation Worx Software Suite PC Worx , PC Worx Express and Config+ Fixes for component resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93979	Trust: 0.6

sources: ZDI: ZDI-19-577 // ZDI: ZDI-19-578 // ZDI: ZDI-19-576 // JVNDB: JVNDB-2019-005782 // CNNVD: CNNVD-201906-834

EXTERNAL IDS

db:	NVD	id:	CVE-2019-12871	Trust: 5.6
db:	ZDI	id:	ZDI-19-578	Trust: 2.6
db:	ICS CERT	id:	ICSA-19-171-01	Trust: 2.3
db:	ZDI	id:	ZDI-19-577	Trust: 1.6
db:	ZDI	id:	ZDI-19-576	Trust: 1.6
db:	CERT@VDE	id:	VDE-2019-014	Trust: 1.6
db:	ZDI	id:	ZDI-19-579	Trust: 0.9
db:	ZDI	id:	ZDI-19-575	Trust: 0.9
db:	BID	id:	108869	Trust: 0.9
db:	CNVD	id:	CNVD-2019-41441	Trust: 0.8
db:	CNNVD	id:	CNNVD-201906-834	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-005782	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-7786	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-7780	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-7785	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.2227	Trust: 0.6
db:	IVD	id:	35198296-E784-4D5A-AC34-19C6B1D5CCD3	Trust: 0.2

REFERENCES

url:	https://cert.vde.com/en-us/advisories/vde-2019-014	Trust: 3.7
url:	https://www.zerodayinitiative.com/advisories/zdi-19-578/	Trust: 1.9
url:	https://ics-cert.us-cert.gov/advisories/icsa-19-171-01	Trust: 1.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12871	Trust: 1.4
url:	https://www.phoenixcontact.com/online/portal/pc	Trust: 0.9
url:	https://www.zerodayinitiative.com/advisories/zdi-19-579/	Trust: 0.9
url:	https://www.zerodayinitiative.com/advisories/zdi-19-575/	Trust: 0.9
url:	https://www.zerodayinitiative.com/advisories/zdi-19-577/	Trust: 0.9
url:	https://www.zerodayinitiative.com/advisories/zdi-19-576/	Trust: 0.9
url:	https://dam-mdc.phoenixcontact.com/asset/156443151564/5fb7e8f696c4f9f9d893846d561b0bb6/security_advisory_automation-worx_cve-2019-12869-12871.pdf	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12871	Trust: 0.8
url:	https://www.us-cert.gov/ics/advisories/icsa-19-171-01	Trust: 0.8
url:	https://www.securityfocus.com/bid/108869	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.2227/	Trust: 0.6

sources: ZDI: ZDI-19-577 // ZDI: ZDI-19-578 // ZDI: ZDI-19-576 // CNVD: CNVD-2019-41441 // BID: 108869 // JVNDB: JVNDB-2019-005782 // CNNVD: CNNVD-201906-834 // NVD: CVE-2019-12871

CREDITS

9sg Security Team

Trust: 1.4

sources: ZDI: ZDI-19-577 // ZDI: ZDI-19-576

SOURCES

db:	IVD	id:	35198296-e784-4d5a-ac34-19c6b1d5ccd3
db:	ZDI	id:	ZDI-19-577
db:	ZDI	id:	ZDI-19-578
db:	ZDI	id:	ZDI-19-576
db:	CNVD	id:	CNVD-2019-41441
db:	BID	id:	108869
db:	JVNDB	id:	JVNDB-2019-005782
db:	CNNVD	id:	CNNVD-201906-834
db:	NVD	id:	CVE-2019-12871

LAST UPDATE DATE

2024-11-23T22:16:58.756000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-19-577	date:	2019-06-20T00:00:00
db:	ZDI	id:	ZDI-19-578	date:	2019-06-20T00:00:00
db:	ZDI	id:	ZDI-19-576	date:	2019-06-20T00:00:00
db:	CNVD	id:	CNVD-2019-41441	date:	2019-11-20T00:00:00
db:	BID	id:	108869	date:	2019-06-20T00:00:00
db:	JVNDB	id:	JVNDB-2019-005782	date:	2019-07-09T00:00:00
db:	CNNVD	id:	CNNVD-201906-834	date:	2019-06-28T00:00:00
db:	NVD	id:	CVE-2019-12871	date:	2024-11-21T04:23:44.867

SOURCES RELEASE DATE

db:	IVD	id:	35198296-e784-4d5a-ac34-19c6b1d5ccd3	date:	2019-11-20T00:00:00
db:	ZDI	id:	ZDI-19-577	date:	2019-06-20T00:00:00
db:	ZDI	id:	ZDI-19-578	date:	2019-06-20T00:00:00
db:	ZDI	id:	ZDI-19-576	date:	2019-06-20T00:00:00
db:	CNVD	id:	CNVD-2019-41441	date:	2019-11-20T00:00:00
db:	BID	id:	108869	date:	2019-06-20T00:00:00
db:	JVNDB	id:	JVNDB-2019-005782	date:	2019-06-28T00:00:00
db:	CNNVD	id:	CNNVD-201906-834	date:	2019-06-20T00:00:00
db:	NVD	id:	CVE-2019-12871	date:	2019-06-24T15:15:10.173