Cyber Resilience

CVE-2021-33542

High

Published: 25 June 2021

Published
25 June 2021
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0053 67.6th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-33542 is a high-severity Access of Uninitialized Pointer (CWE-824) vulnerability in Phoenixcontact Config\+. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 32.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Phoenix Contact Classic Automation Worx Software Suite in Version 1.87 and below is affected by a remote code execution vulnerability. Manipulated PC Worx or Config+ projects could lead to a remote code execution when unallocated memory is freed because of…

more

incompletely initialized data. The attacker needs to get access to an original bus configuration file (*.bcp) to be able to manipulate data inside. After manipulation the attacker needs to exchange the original file by the manipulated one on the application programming workstation. Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities. Automated systems in operation which were programmed with one of the above-mentioned products are not affected.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

phoenixcontact
config\+
≤ 1.87
phoenixcontact
pc worx
≤ 1.87
phoenixcontact
pc worx express
≤ 1.87

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References