CVE-2020-10939

Vulnerability

CVE-2020-10939 describes insecure default path permissions in PHOENIX CONTACT PC WORX SRT versions through 1.14. The software installs with overly permissive access controls on its installation directory or related paths, allowing a local user to modify files or replace executables that run with elevated privileges. No specific configuration is required for the vulnerability to be present; it exists in the default installation state [1].

Exploitation

An attacker must have local access to the system running PC WORX SRT. No authentication beyond standard user-level access is needed. The attacker can write a malicious file (e.g., a DLL or executable) into a directory that is writable by low-privileged users and then wait for a privileged process (e.g., a service or the application itself) to load that file, resulting in code execution in the context of the higher-privileged process [1].

Impact

Successful exploitation allows an attacker to escalate privileges locally, potentially gaining SYSTEM or administrator-level access to the affected Windows system. This can lead to full compromise of the software and the host operating system, including data exfiltration, further malware installation, and persistent unauthorized access [1].

Mitigation

PHOENIX CONTACT has released a fix in PC WORX SRT version 1.15 or later. Users should update to the latest version available from the vendor's official website. No workaround is documented for versions before 1.14; removing insecure permissions manually is possible but not officially supported. The vulnerability is not listed in CISA's KEV [1].