Phoenix Contact: Automation Worx Software Suite affected by Remote Code Execution (RCE) vulnerability

Vulnerability

This vulnerability affects Phoenix Contact Classic Automation Worx Software Suite in version 1.87 and below [1]. The issue resides in the parsing of bus configuration files (*.bcp). The software fails to properly validate user-supplied data within BCP files, leading to a memory corruption condition when unallocated memory is freed due to incompletely initialized data [1]. An attacker must obtain access to an original *.bcp file and then exchange it with a manipulated version on the application programming workstation [1].

Exploitation

To exploit this vulnerability, an attacker needs to acquire an original bus configuration file (*.bcp) and replace it with a maliciously crafted version on the target workstation [1]. User interaction is required: the target must visit a malicious page or open a malicious file [1]. No authentication is necessary, but the attacker requires local access to the programming workstation to perform the file exchange [1].

Impact

Successful exploitation allows an attacker to execute arbitrary code in the context of the current process [1]. This can compromise the confidentiality, integrity, and availability of the application programming workstation [1]. Automated systems in operation that were programmed with the affected products are not impacted, but the development environment is vulnerable [1].

Mitigation

As of the available references, no fixed version has been explicitly detailed. Affected users should apply updates from Phoenix Contact when they become available. Until a patch is released, limit access to programming workstations and ensure that only trusted *.bcp files are used [1]. The vendor advisory (VDE-2021-020) does not provide a patch at this time [2].