ICSA-19-171-01 · Published 2019-06-20 · View on CISA ICS-CERT ↗

PHOENIX CONTACT Automation Worx Software Suite

CVSS 7.8 HIGH

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker, with access to an original PC Worx or Config+ project file, to perform remote code execution.

CVEs (3)

CVE-2019-12870 CVE-2019-12869 CVE-2019-12871

Remediations

Phoenix Contact is currently working on the next version of the Automation Worx Software Suite. This advisory will be updated with details of the new version when it becomes available.
Phoenix Contact recommends users exchange project files using only secure file exchange services, and that project files should not be exchanged via unencrypted email.
Do not click web links or open unsolicited attachments in email messages.
Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.
Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

Affected Vendors

Phoenix Contact

Affected Products (3)

Phoenix Contact · PC Worx Automation Worx Software Suite <= 1.86

Phoenix Contact · PC Worx Express Automation Worx Software Suite <= 1.86

Phoenix Contact · Config+ Automation Worx Software Suite <= 1.86

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more