Lucene search

[email protected]CVE-2020-12525

HistoryJan 22, 2021 - 7:15 p.m.

CVE-2020-12525

2021-01-2219:15:12

CWE-502

[email protected]

web.nvd.nist.gov

cve-2020-12525

m&m software

fdtcontainer

deserialization

vulnerability

project storage

nvd

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

37.9%

JSON

M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage.

Affected configurations

NVD

Node

emersonrosemount_transmitter_interface_softwareMatch-

pepperl-fuchspactwareRange5.0–5.0.5.31

wagodtminspector_3Match-

wagofdtcontainer_applicationRange<4.5

wagofdtcontainer_applicationRange4.5.0–4.5.20304

wagofdtcontainer_applicationRange4.6.0–4.6.20304

wagofdtcontainer_componentRange<3.5

wagofdtcontainer_componentRange3.5.0–3.5.20304

wagofdtcontainer_componentRange3.6.0–3.6.20304

weidmuellerwi_managerRange≤2.5.1

Node

pepperl-fuchsio-link_master_firmwareRange≤1.5.48

AND

pepperl-fuchsio-link_master_4-eipMatch-

pepperl-fuchsio-link_master_4-pnioMatch-

pepperl-fuchsio-link_master_8-eipMatch-

pepperl-fuchsio-link_master_8-eip-lMatch-

pepperl-fuchsio-link_master_8-pnioMatch-

pepperl-fuchsio-link_master_8-pnio-lMatch-

pepperl-fuchsio-link_master_dr-8-eipMatch-

pepperl-fuchsio-link_master_dr-8-eip-pMatch-

pepperl-fuchsio-link_master_dr-8-eip-tMatch-

pepperl-fuchsio-link_master_dr-8-pnioMatch-

pepperl-fuchsio-link_master_dr-8-pnio-pMatch-

pepperl-fuchsio-link_master_dr-8-pnio-tMatch-

CPENameOperatorVersion
emerson:rosemount_transmitter_interface_softwareemerson rosemount transmitter interface softwareeq-
pepperl-fuchs:pactwarepepperl-fuchs pactwarele5.0.5.31
wago:dtminspector_3wago dtminspector 3eq-
wago:fdtcontainer_applicationwago fdtcontainer applicationlt4.5
wago:fdtcontainer_applicationwago fdtcontainer applicationle4.5.20304
wago:fdtcontainer_applicationwago fdtcontainer applicationle4.6.20304
wago:fdtcontainer_componentwago fdtcontainer componentlt3.5
wago:fdtcontainer_componentwago fdtcontainer componentle3.5.20304
wago:fdtcontainer_componentwago fdtcontainer componentle3.6.20304
weidmueller:wi_managerweidmueller wi managerle2.5.1

CPE	Name	Operator	Version
emerson:rosemount_transmitter_interface_software	emerson rosemount transmitter interface software	eq	-
pepperl-fuchs:pactware	pepperl-fuchs pactware	le	5.0.5.31
wago:dtminspector_3	wago dtminspector 3	eq	-
wago:fdtcontainer_application	wago fdtcontainer application	lt	4.5
wago:fdtcontainer_application	wago fdtcontainer application	le	4.5.20304
wago:fdtcontainer_application	wago fdtcontainer application	le	4.6.20304
wago:fdtcontainer_component	wago fdtcontainer component	lt	3.5
wago:fdtcontainer_component	wago fdtcontainer component	le	3.5.20304
wago:fdtcontainer_component	wago fdtcontainer component	le	3.6.20304
weidmueller:wi_manager	weidmueller wi manager	le	2.5.1

CNA Affected

[
  {
    "product": "fdtCONTAINER Component",
    "vendor": "M&M Software",
    "versions": [
      {
        "lessThan": "3.5",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "3.5.20304.x",
        "status": "affected",
        "version": "3.5",
        "versionType": "custom"
      },
      {
        "lessThan": "3.6.20304.x",
        "status": "affected",
        "version": "3.6",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "fdtCONTAINER Application",
    "vendor": "M&M Software",
    "versions": [
      {
        "lessThan": "4.5",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "4.5.20304.x",
        "status": "affected",
        "version": "4.5",
        "versionType": "custom"
      },
      {
        "lessThan": "4.6.20304.x",
        "status": "affected",
        "version": "4.6",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "dtmlINSPECTOR",
    "vendor": "M&M Software",
    "versions": [
      {
        "status": "affected",
        "version": "3"
      }
    ]
  },
  {
    "product": "PACTware",
    "vendor": "Pepperl+Fuchs/PACTware",
    "versions": [
      {
        "lessThanOrEqual": "5.0.5.31",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "WI Manager",
    "vendor": "Weidmüller",
    "versions": [
      {
        "lessThanOrEqual": "2.5.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

cert.vde.com/en-us/advisories/vde-2020-038

us-cert.cisa.gov/ics/advisories/icsa-21-021-05

Social References

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

37.9%

JSON

Related for CVE-2020-12525

nvd1 cvelist1 ics2 prion1