CVE-2021-34597 – This vulnerability allows an attacker to write ... (How to Fix)

Q: What is the severity of CVE-2021-34597?

CVE-2021-34597 has a CVSS score of 7.8 (HIGH). This vulnerability allows an attacker to write arbitrary files outside the intended project directory by exploiting improper input validation in PC Worx Automation Suite. Attackers can achieve this by tricking users into opening a malicious project file. Systems running affected versions of PC Worx Automation Suite are vulnerable.

📋 TL;DR

This vulnerability allows an attacker to write arbitrary files outside the intended project directory by exploiting improper input validation in PC Worx Automation Suite. Attackers can achieve this by tricking users into opening a malicious project file. Systems running affected versions of PC Worx Automation Suite are vulnerable.

💻 Affected Systems

Products:

PC Worx Automation Suite

Versions: Up to version 1.88

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in the project file unpacking functionality.

📦 What is this software?

Pc Worx by Phoenixcontact

View all CVEs affecting Pc Worx →

Pc Worx Express by Phoenixcontact

View all CVEs affecting Pc Worx Express →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through arbitrary file write leading to remote code execution, data destruction, or system takeover.

🟠

Likely Case

Local file system manipulation allowing attackers to overwrite critical system files or plant malware.

🟢

If Mitigated

Limited impact if proper file integrity monitoring and user privilege restrictions are in place.

🌐 Internet-Facing: LOW - Exploitation requires user interaction with malicious project files, not directly internet-exposed.

🏢 Internal Only: MEDIUM - Internal users could be tricked into opening malicious project files, but requires social engineering.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires user interaction to open a malicious project file.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 1.89 or later

Vendor Advisory: https://cert.vde.com/en/advisories/VDE-2021-052/

Restart Required: Yes

Instructions:

1. Download PC Worx Automation Suite version 1.89 or later from Phoenix Contact. 2. Install the update following vendor instructions. 3. Restart the system.

🔧 Temporary Workarounds

Restrict project file sources

all

Only open project files from trusted sources and implement file integrity checking.

User privilege reduction

windows

Run PC Worx Automation Suite with limited user privileges to restrict file system access.

🧯 If You Can't Patch

Implement strict access controls to limit who can open project files.
Deploy application whitelisting to prevent execution of unauthorized files.

🔍 How to Verify

Check if Vulnerable:

Check PC Worx Automation Suite version in Help > About. If version is 1.88 or earlier, system is vulnerable.

Check Version:

Check Help > About in PC Worx Automation Suite GUI.

Verify Fix Applied:

Verify version is 1.89 or later in Help > About menu.

📡 Detection & Monitoring

Log Indicators:

Unusual file write operations outside project directories
Multiple failed project file load attempts

Network Indicators:

Unexpected network connections after opening project files

SIEM Query:

EventID=4663 AND ObjectName LIKE '%\..\%' AND ProcessName='PCWorx.exe'

📊 Metadata

CVE ID: CVE-2021-34597

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-20

Published: November 4, 2021

Last Updated: November 21, 2024

🔗 References

https://cert.vde.com/en/advisories/VDE-2021-052/ Mitigation,Third Party Advisory
https://cert.vde.com/en/advisories/VDE-2021-052/ Mitigation,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-34597, you might also want to check these: