CVE-2019-12870

Vulnerability

An uninitialized pointer vulnerability exists in the BCP file parsing routine of PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86 [1]. The issue occurs when a specially crafted project file is opened, causing the software to access a pointer that has not been properly initialized [1]. This code path is reachable when a user opens a malicious BCP file within the affected applications [1].

Exploitation

An attacker must first obtain an original PC Worx or Config+ project file and then manipulate it to trigger the uninitialized pointer [1]. The attacker then needs to exchange the original file with the manipulated one on the application programming workstation, requiring the victim to open the malicious file [1]. User interaction is required, such as the target visiting a malicious page or opening the malicious file via email or other means [1].

Impact

Successful exploitation allows an attacker to execute arbitrary code in the context of the current process [1]. This can lead to full compromise of the workstation, including potential disclosure, modification, or destruction of sensitive data, as well as further propagation within the control network [1]. The CVSS v3.0 base score is 7.8 (High) with impact to confidentiality, integrity, and availability all rated as High [1].

Mitigation

PHOENIX CONTACT has released updates to address this vulnerability; users should upgrade to version 1.90 or later of the affected products as specified in the vendor advisory [1]. For users unable to upgrade immediately, it is recommended to avoid opening project files from untrusted sources and to restrict physical and network access to the programming workstation [1]. The vulnerability is not known to be listed in CISA's Known Exploited Vulnerabilities (KEV) catalog as of publication [1].