Rewterz Threat Advisory – CVE-2020-2034 – Palo Alto OS command injection vulnerability in GlobalProtect portal
July 10, 2020Rewterz Threat Advisory – CVE-2020-12025 – ICS: Rockwell Automation Logix Designer Studio 5000
July 10, 2020Rewterz Threat Advisory – CVE-2020-2034 – Palo Alto OS command injection vulnerability in GlobalProtect portal
July 10, 2020Rewterz Threat Advisory – CVE-2020-12025 – ICS: Rockwell Automation Logix Designer Studio 5000
July 10, 2020Severity
Medium
Analysis Summary
CVE-2020-12497
Due to insufficient input data validation while processing project files the buffer could be overflown. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.
CVE-2020-12498
Insufficient input data validation while processing project files could result in an out-of-bounds read. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.
Impact
- Stack-based Buffer Overflow
- Out-of-Bounds Read
Affected Vendors
Phoenix Contact
Affected Products
- PC Worx version 1.87 and prior
- PC Worx Express version 1.87 and prior
Remediation
Refer to ICS advisory for the complete list of affected products and respective patches.