Share: Email | Twitter

ID

VDE-2020-025

Published

2020-07-21 11:38 (CEST)

Last update

2020-07-21 11:38 (CEST)

Vendor(s)

PHOENIX CONTACT GmbH & Co. KG

Product(s)

Article No° Product Name Affected Version(s)
1046008 PLCnext Engineer <= 2020.3.1

Summary

The build settings of a PLCnext Engineer project (.pcwex) can be manipulated in a way that can result in the execution of remote code.
The attacker needs to get access to a PLCnext Engineer project to be able to manipulate files inside. Additionally, the files of the remote code need to be transferred to a location which can be accessed by the PC that runs PLCnext Engineer. When PLCnext Engineer runs a build process of the manipulated project the remote code can be executed.


Last Update:

Oct. 6, 2020, 11:36 a.m.

Weakness

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')  (CWE-22) 

Summary

In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an improper path sanitation vulnerability exists on import of project files.


Impact

Availability, integrity, or confidentiality of an engineering workstation might be compromised by attacks using these vulnerabilities.

Solution

Remediation
Phoenix Contact strongly recommends updating to the latest version PLCnext Enineer 2020.6 or
higher, which fixes this vulnerability.

Temporary Fix / Mitigation
We strongly recommend customers to exchange project files only using secure file exchange
services. Project files should not be exchanged via unencrypted email. Users should avoid
importing project files from unknown source and exchange or store project files together with a
checksum to ensure their integrity.

Reported by

This vulnerability was discovered and reported by Amir Preminger of Claroty.
PHOENIX CONTACT reported the vulnerability to CERT@VDE.