CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2021-33542

HIGH
7.8
CVSS Severity Score
EPSS Score0.0790%
EPSS Percentile24.56th
Published2021年6月25日
Last Modified2024年11月21日

Vulnerability Description

Phoenix Contact Classic Automation Worx Software Suite in Version 1.87 and below is affected by a remote code execution vulnerability. Manipulated PC Worx or Config+ projects could lead to a remote code execution when unallocated memory is freed because of incompletely initialized data. The attacker needs to get access to an original bus configuration file (*.bcp) to be able to manipulate data inside. After manipulation the attacker needs to exchange the original file by the manipulated one on the application programming workstation. Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities. Automated systems in operation which were programmed with one of the above-mentioned products are not affected.

Affected Platforms (CPE)

📦
Phoenixcontact

Config\+

<= 1.87
📦
Phoenixcontact

Pc Worx

<= 1.87
📦
Phoenixcontact

Pc Worx Express

<= 1.87

References & Advisories

🔗 https://cert.vde.com/en-us/advisories/vde-2021-020
🔗 https://www.zerodayinitiative.com/advisories/ZDI-21-782/
🔗 https://cert.vde.com/en-us/advisories/vde-2021-020
🔗 https://www.zerodayinitiative.com/advisories/ZDI-21-782/

相關漏洞威脅

CVE-2021-2195110.0

An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERVER_LIST_REQUEST functionality of the home_security binary of...

CVE-2001-002310.0

everythingform.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in th...

CVE-2026-4638910.0

UDS Identity Config builds the Keycloak configuration image (realm, plugins, theme, truststore, JARs) consumed by UDS Core's Ident...

CVE-2001-125210.0

Network Associates PGP Keyserver 7.0 allows remote attackers to bypass authentication and access the administrative web interface ...