CVE-2020-12512

Name of the Vulnerable Software and Affected Versions Pepperl+Fuchs Comtrol IO-Link Master versions 1.5.48 and below

Description The issue is related to an authenticated reflected POST Cross-Site Scripting. This means that an attacker could potentially inject malicious scripts into the website, which would then be executed by the user's browser. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.

Recommendations For versions 1.5.48 and below, update to a version above 1.5.48 to resolve the issue. As a temporary workaround, consider restricting access to the POST endpoint to minimize the risk of exploitation. Avoid using the vulnerable IO-Link Master module in the affected version until the issue is resolved.