Today the DHS NCCIC-ICS published a control system security
advisory for products from Phoenix Contact.
This advisory describes three vulnerabilities in the Phoenix Contact Automation Worx Software Suite. The vulnerabilities were reported by 9sg Security Team via the Zero Day Initiative. Phoenix Contact is working on an update to mitigate the vulnerabilities.
The three reported vulnerabilities are:
• Access of an uninitialized pointer - CVE-2019-12870;
• Out-of-bounds read - CVE-2019-12869; and
• Use after free - CVE-2019-12871
NCCIC-ICS reports that a relatively low-skilled attacker
could remotely exploit these vulnerabilities to allow an attacker, with access
to an original PC Worx or Config+ project file, to perform remote code
execution.
Posts
No comments:
Post a Comment