PC Worx Express
with Automationworx Software Suite version 1.86 and earlier
A manipulated PC Worx or Config+ project file could lead to a remote code execution.
The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation the attacker needs to exchange the original file by the manipulated one on the application programming workstation.
Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities.
Automated systems in operation which were programmed with one of the above-mentioned products are not affected.
Temporary Fix / Mitigation
We strongly recommend customers to exchange project files only using secure file exchange services.
Project files should not be exchanged via unencrypted email.
With the next version of Automationworx Software Suite the following measures will be implemented:
The zlib component will be updated to the latest version (184.108.40.206). By utilizing the latest version of zlib a manipulated BCP file is detected as corrupt. The unpacking operation is aborted and therefor the remote code execution is precluded.
The validation of input data will be improved.
Objects in the affected software components will be completely initialized.
Further 3rd party components will be checked for known vulnerabilities and will be exchanged or updated if required.
General preventive security measures will be implemented such as address space layout randomization.
The vulnerabilities were discovered by 9sg Security Team.
Reported through Zerodayinitiative.
Coordinated by NCCIC and CERT@VDE.