Phoenix Contact Automation Worx <= 1.87: out-of-bounds read remote code execution

Vulnerability

A memory-corruption vulnerability exists in the MWE file parsing logic of Phoenix Contact PC Worx and PC Worx Express versions 1.87 and earlier. The flaw is an out-of-bounds read caused by insufficient validation of user-supplied data when a specially crafted project file is opened. Affected products are part of the Automationworx suite [1].

Exploitation

To exploit this issue, an attacker must convince a target user to open a malicious MWE file (e.g., by visiting a compromised page or opening a booby-trapped project). No authentication is required, but user interaction is necessary. The vulnerability is reachable locally; the CVSS vector is AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [1].

Impact

Successful exploitation allows an attacker to execute arbitrary code in the context of the current process. This could lead to full compromise of the workstation, including disclosure, modification, or destruction of project data and potentially affecting industrial control system integrity [1].

Mitigation

The vendor has not released a fixed version in the available references; users should limit opening MWE files from untrusted sources. The advisory [1] provides no patch details. For the latest updates, consult Phoenix Contact's security portal. No KEV listing is reported at this time.