Thursday, June 20, 2019

1 Advisory Published – 06-20-19


Today the DHS NCCIC-ICS published a control system security advisory for products from Phoenix Contact.

Phoenix Contact Advisory

This advisory describes three vulnerabilities in the Phoenix Contact Automation Worx Software Suite. The vulnerabilities were reported by 9sg Security Team via the Zero Day Initiative. Phoenix Contact is working on an update to mitigate the vulnerabilities.

The three reported vulnerabilities are:

Access of an uninitialized pointer - CVE-2019-12870;
Out-of-bounds read - CVE-2019-12869; and
Use after free - CVE-2019-12871

NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit these vulnerabilities to allow an attacker, with access to an original PC Worx or Config+ project file, to perform remote code execution.

No comments:

 
/* Use this with templates/template-twocol.html */