CVE-2021-34597
Summary
| CVE | CVE-2021-34597 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-11-04 10:15:00 UTC |
| Updated | 2021-11-08 13:55:00 UTC |
| Description | Improper Input Validation vulnerability in PC Worx Automation Suite of Phoenix Contact up to version 1.88 could allow an attacker with a manipulated project file to unpack arbitrary files outside of the selected project directory. |
Risk And Classification
Problem Types: CWE-20
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Phoenixcontact | Pc Worx | All | All | All | All |
| Application | Phoenixcontact | Pc Worx Express | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| VDE-2021-052 | CERT@VDE | CONFIRM | cert.vde.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: The vulnerability was discovered by Jake Baines of Dragos Inc. We kindly appreciate the coordinated disclosure of these vulnerabilities by the finder.
LEGACY: PHOENIX CONTACT thanks CERT@VDE for the coordination and support with this publication.
There are currently no legacy QID mappings associated with this CVE.