{ "document": { "category": "csaf_security_advisory", "csaf_version": "2.0", "tracking": { "generator": { "date": "2025-03-11T16:16:41.541Z", "engine": { "version": "2.5.20", "name": "Secvisogram" } }, "id": "VDE-2021-052", "version": "2", "status": "final", "aliases": [ "VDE-2021-052" ], "revision_history": [ { "number": "1", "summary": "initial revision", "date": "2021-11-03T09:45:00.000Z" }, { "number": "2", "summary": "Fix: quotation mark", "date": "2025-05-22T13:03:10.000Z" } ], "current_release_date": "2025-05-22T13:03:10.000Z", "initial_release_date": "2021-11-03T09:45:00.000Z" }, "lang": "en-GB", "title": "PHOENIX CONTACT: PC Worx/-Express prone to improper input validation vulnerability", "acknowledgments": [ { "organization": "CERTVDE", "urls": [ "https://certvde.com" ], "summary": "coordination" }, { "organization": "Dragos Inc.", "summary": "reporting", "names": [ "Jake Baines" ], "urls": [ "https://www.dragos.com" ] } ], "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "notes": [ { "category": "summary", "title": "Summary", "text": "PC Worx / -Express is vulnerable to a 'zip slip' style vulnerability when loading a project file." }, { "category": "description", "title": "Impact", "text": "Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities.\nAutomated systems in operation which were programmed with one of the above-mentioned products are not affected." }, { "category": "description", "title": "Mitigation", "text": "We strongly recommend customers to exchange project files only using secure file exchange services. Project files should not be exchanged via unencrypted email.\nIn addition, we recommend exchanging or storing project files together with a checksum to ensure their integrity." }, { "category": "description", "title": "Remediation", "text": "With the next version of Automation Worx Software Suite additional plausibility checks for archive content will be implemented." } ], "publisher": { "category": "vendor", "contact_details": "psirt@phoenixcontact.com", "name": "Phoenix Contact GmbH & Co. KG", "namespace": "https://phoenixcontact.com/psirt" }, "references": [ { "category": "external", "summary": "PHOENIX CONTACT advisory overview at CERT@VDE", "url": "https://certvde.com/en/advisories/vendor/phoenixcontact/" }, { "category": "self", "summary": "VDE-2021-052: PHOENIX CONTACT: PC Worx/-Express prone to improper input validation vulnerability - HTML", "url": "https://certvde.com/en/advisories/VDE-2021-052" }, { "summary": "VDE-2021-052: PHOENIX CONTACT: PC Worx/-Express prone to improper input validation vulnerability - CSAF", "url": "https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2021/vde-2021-052.json", "category": "self" } ] }, "product_tree": { "branches": [ { "category": "vendor", "name": "PHOENIX CONTACT GmbH & Co. KG", "branches": [ { "category": "product_family", "name": "Hardware", "branches": [ { "category": "product_name", "name": "PC Worx", "product": { "name": "PHOENIX CONTACT PC Worx", "product_id": "CSAFPID-11001" } }, { "category": "product_name", "name": "PC Worx Express", "product": { "name": "PHOENIX CONTACT PC Worx Express", "product_id": "CSAFPID-11002" } } ] }, { "category": "product_family", "name": "Firmware", "branches": [ { "category": "product_version_range", "name": "<=1.88", "product": { "name": "Firmware <=1.88", "product_id": "CSAFPID-21001" } } ] } ] } ], "relationships": [ { "category": "installed_on", "product_reference": "CSAFPID-21001", "relates_to_product_reference": "CSAFPID-11001", "full_product_name": { "name": "Firmware <=1.88 installed on PHOENIX CONTACT PC Worx", "product_id": "CSAFPID-31001" } }, { "category": "installed_on", "product_reference": "CSAFPID-21001", "relates_to_product_reference": "CSAFPID-11002", "full_product_name": { "name": "Firmware <=1.88 installed on PHOENIX CONTACT PC Worx Express", "product_id": "CSAFPID-31002" } } ], "product_groups": [ { "group_id": "CSAFGID-0001", "summary": "affected products", "product_ids": [ "CSAFPID-31001", "CSAFPID-31002" ] } ] }, "vulnerabilities": [ { "cve": "CVE-2021-34597", "title": "CVE-2021-34597", "product_status": { "known_affected": [ "CSAFPID-31001", "CSAFPID-31002" ] }, "scores": [ { "cvss_v3": { "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "temporalScore": 7.8, "temporalSeverity": "HIGH", "environmentalScore": 7.8, "environmentalSeverity": "HIGH" }, "products": [ "CSAFPID-31001", "CSAFPID-31002" ] } ], "notes": [ { "category": "summary", "text": "Improper Input Validation vulnerability in PC Worx Automation Suite of Phoenix Contact up to version 1.88 could allow an attacker with a manipulated project file to unpack arbitrary files outside of the selected project directory." } ], "remediations": [ { "category": "mitigation", "details": "We strongly recommend customers to exchange project files only using secure file exchange services. Project files should not be exchanged via unencrypted email.\nIn addition, we recommend exchanging or storing project files together with a checksum to ensure their integrity.", "group_ids": [ "CSAFGID-0001" ] }, { "category": "vendor_fix", "details": "With the next version of Automation Worx Software Suite additional plausibility checks for archive content will be implemented.", "group_ids": [ "CSAFGID-0001" ] } ], "cwe": { "id": "CWE-20", "name": "Improper Input Validation" } } ] }