First published: Tue Jul 21 2020(Updated: )
In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an improper path sanitation vulnerability exists on import of project files.
Credit: info@cert.vde.com
Affected Software | Affected Version | How to fix |
---|---|---|
Phoenixcontact Plcnext Engineer | <=2020-3-1 |
Temporary Fix / Mitigation: We strongly recommend customers to exchange project files only using secure file exchange services. Project files should not be exchanged via unencrypted email. Users should avoid importing project files from unknown source and exchange or store project files together with a checksum to ensure their integrity.
Remediation: Phoenix Contact strongly recommends updating to the latest version PLCnext Enineer 2020.6 or higher, which fixes this vulnerability.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2020-12499.
The title of this vulnerability is 'In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an improper path sanitation vulnerability exists on import of project files.'
The affected software is PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier.
The severity of this vulnerability is high with a CVSS score of 7.3.
To fix this vulnerability, update to a version of PHOENIX CONTACT PLCnext Engineer later than 2020.3.1.