PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier can lead to a stack-based overflow. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation.
Credits
reported by Natnael Samson working with Trend Micro Zero Day Initiative, Phoenix Contact reported to CERT@VDE
