PT-2020-13144 · Phoenix Contact · Plcnext Engineer

Amir Preminger

Published

2020-07-21

Updated

2020-08-05

CVE-2020-12499

CVSS v3.1

8.2

High

Vector

AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions PLCnext Engineer versions 2020.3.1 and earlier

Description An improper path sanitation issue exists when importing project files, which can lead to potential security issues.

Recommendations For versions 2020.3.1 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2020-12499

Affected Products

Plcnext Engineer

PT-2020-13144 · Phoenix Contact · Plcnext Engineer

CVE-2020-12499

Weakness Enumeration

Related Identifiers

Affected Products

References · 3