Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Pc_worx_express
(Phoenixcontact)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 7 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-12-14 | CVE-2023-46141 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products of the PHOENIX CONTACT classic line allow an remote unauthenticated attacker to gain full access of the affected device. | Automationworx_software_suite, Axc_1050_firmware, Axc_1050_xc_firmware, Axc_3050_firmware, Config\+, Fc_350_pci_eth_firmware, Ilc1x0_firmware, Ilc1x1_firmware, Ilc_3xx_firmware, Pc_worx, Pc_worx_express, Pc_worx_rt_basic_firmware, Pc_worx_srt, Rfc_430_eth\-Ib_firmware, Rfc_450_eth\-Ib_firmware, Rfc_460r_pn_3tx_firmware, Rfc_470s_pn_3tx_firmware, Rfc_480s_pn_4tx_firmware | 9.8 | ||
| 2023-12-14 | CVE-2023-46143 | Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT classic line PLCs allows an unauthenticated remote attacker to modify some or all applications on a PLC. | Automationworx_software_suite, Axc_1050_firmware, Axc_1050_xc_firmware, Axc_3050_firmware, Config\+, Fc_350_pci_eth_firmware, Ilc1x0_firmware, Ilc1x1_firmware, Ilc_3xx_firmware, Pc_worx, Pc_worx_express, Pc_worx_rt_basic_firmware, Pc_worx_srt, Rfc_430_eth\-Ib_firmware, Rfc_450_eth\-Ib_firmware, Rfc_460r_pn_3tx_firmware, Rfc_470s_pn_3tx_firmware, Rfc_480s_pn_4tx_firmware | 7.5 | ||
| 2020-07-01 | CVE-2020-12497 | PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier can lead to a stack-based overflow. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation. | Pc_worx, Pc_worx_express | 7.8 | ||
| 2021-11-04 | CVE-2021-34597 | Improper Input Validation vulnerability in PC Worx Automation Suite of Phoenix Contact up to version 1.88 could allow an attacker with a manipulated project file to unpack arbitrary files outside of the selected project directory. | Pc_worx, Pc_worx_express | 7.8 | ||
| 2021-06-25 | CVE-2021-33542 | Phoenix Contact Classic Automation Worx Software Suite in Version 1.87 and below is affected by a remote code execution vulnerability. Manipulated PC Worx or Config+ projects could lead to a remote code execution when unallocated memory is freed because of incompletely initialized data. The attacker needs to get access to an original bus configuration file (*.bcp) to be able to manipulate data inside. After manipulation the attacker needs to exchange the original file by the manipulated one... | Config\+, Pc_worx, Pc_worx_express | 7.0 | ||
| 2020-07-01 | CVE-2020-12498 | mwe file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier is vulnerable to out-of-bounds read remote code execution. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation. | Pc_worx, Pc_worx_express | N/A | ||
| 2019-10-31 | CVE-2019-16675 | An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Out-of-bounds Read and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project to be able to manipulate data inside. After manipulation, the attacker needs to exchange the original files with the manipulated ones on the application programming workstation. | Config\+, Pc_worx, Pc_worx_express | N/A |