Lucene search

CERTVDECVELIST:CVE-2020-12499

HistoryJul 21, 2020 - 3:09 p.m.

CVE-2020-12499 PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier: Improper path sanitation vulnerability.

2020-07-2115:09:40

CWE-22

CERTVDE

www.cve.org

phoenix contact

plcnext engineer

vulnerability

file import

path sanitation

CVSS3

8.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

AI Score

8.3

Confidence

High

EPSS

Percentile

9.9%

JSON

In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an improper path sanitation vulnerability exists on import of project files.

CNA Affected

[
  {
    "product": "PLCnext Engineer",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThanOrEqual": "2020.3.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

cert.vde.com/en-us/advisories/vde-2020-025

CVSS3

8.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

AI Score

8.3

Confidence

High

EPSS

Percentile

9.9%

JSON

Related for CVELIST:CVE-2020-12499