First published: Thu Dec 17 2020(Updated: )
On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an authenticated low privileged user could embed malicious Javascript code to gain admin rights when the admin user visits the vulnerable website (local privilege escalation).
Credit: info@cert.vde.com
Affected Software | Affected Version | How to fix |
---|---|---|
Phoenixcontact Plcnext Firmware | <2021.0 | |
Phoenixcontact Axc F 1152 | ||
Phoenixcontact Axc F 2152 | ||
Phoenixcontact Axc F 3152 | ||
Phoenixcontact Rfc 4072s | ||
Phoenixcontact Axc F 2152 Starterkit | ||
Phoenixcontact Plcnext Technology Starterkit |
Phoenix Contact recommends affected users to upgrade to the current Firmware 2021.0 LTS or higher which fixes these vulnerabilities.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-12517 is a vulnerability found in Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS.
CVE-2020-12517 has a severity rating of critical.
An authenticated low privileged user could embed malicious Javascript code to gain admin rights when the admin user visits the vulnerable website.
Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS are affected by CVE-2020-12517.
No, Phoenix Contact Axc F 1152 is not vulnerable to CVE-2020-12517.