PHOENIX CONTACT Automation Worx Software Suite

Risk Summary

Successful exploitation of this vulnerability could compromise the availability, integrity, or confidentiality of an application programming workstation. Automated systems programmed using one of the affected products are not impacted.

CVEs (1)

Remediations

• Phoenix Contact is in the process of developing an updated version of this product. Prior to receiving the updated version, Phoenix Contact strongly recommends users exchange project files using only secure file exchange services, and that project files should not be exchanged via unencrypted email. Phoenix Contact expects the next version of the Automation Worx Suite to be available prior to the end of 2019, noting the upcoming release of Automation Worx Software Suite will have a more robust validation of arrays regarding dimension and the number of elements allowed during input data conversion. In addition, input data validation will be extended in order to strengthen defenses against manipulated project files. Additional preventative security measures will be enabled for the compiler settings as well.

Affected Vendors

Affected Products (3)

Affected Sectors

Communications, Critical Manufacturing, Information Technology