RSS   Podatności dla 'Config\+'   RSS

2021-06-25
 
CVE-2021-33542

CWE-824
 

 
Phoenix Contact Classic Automation Worx Software Suite in Version 1.87 and below is affected by a remote code execution vulnerability. Manipulated PC Worx or Config+ projects could lead to a remote code execution when unallocated memory is freed because of incompletely initialized data. The attacker needs to get access to an original bus configuration file (*.bcp) to be able to manipulate data inside. After manipulation the attacker needs to exchange the original file by the manipulated one on the application programming workstation. Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities. Automated systems in operation which were programmed with one of the above-mentioned products are not affected.

 

 >>> Vendor: Phoenixcontact 39 Produkty
Fl il 24 bk-pac
Multiprog
Fl com server rs232 firmware
Fl com server rs485 firmware
Fl comserver bas 232 firmware
Fl comserver bas 422 firmware
Fl comserver bas 485-t firmware
Fl comserver basic 232 firmware
Fl comserver basic 422 firmware
Fl comserver basic 485 firmware
Fl comserver uni 232 firmware
Fl comserver uni 422 firmware
Fl comserver uni 485-t firmware
Fl comserver uni 485 firmware
Psi-modem/eth firmware
Ilc plcs firmware
Axc 1050 firmware
Ilc 131 eth/xc firmware
Ilc 131 eth firmware
Ilc 151 eth/xc firmware
Ilc 151 eth firmware
Ilc 171 eth 2tx firmware
Ilc 191 eth 2tx firmware
Ilc 191 me/an firmware
Fl nat smcs 8tx firmware
Fl nat smn 8tx-m-dmg firmware
Fl nat smn 8tx-m firmware
Fl nat smn 8tx firmware
Rad-80211-xd/hp-bus firmware
Rad-80211-xd firmware
Automationworx software suite
Portico server 16 client
Portico server 1 client
Portico server 4 client
Pc worx srt
Config\+
Pc worx
Pc worx express
Proconos


Copyright 2024, cxsecurity.com

 

Back to Top