CVE-2020-12517

Name of the Vulnerable Software and Affected Versions Phoenix Contact PLCnext Control Devices versions prior to 2021.0 LTS

Description The issue allows an authenticated low-privileged user to embed malicious Javascript code, potentially gaining admin rights when an admin user visits the vulnerable website. This is a case of local privilege escalation.

Recommendations For versions prior to 2021.0 LTS, update to version 2021.0 LTS or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable website to minimize the risk of exploitation.