CVE-2020-12517: Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS: An authenticated low privileged user could embed malicious Javascript code to gain admin rights when the admin user visits the vulnerable website (local privilege escalation).
First published: Thu Dec 17 2020(Updated: )
On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an authenticated low privileged user could embed malicious Javascript code to gain admin rights when the admin user visits the vulnerable website (local privilege escalation).
Credit: info@cert.vde.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Phoenix Contact PLCnext firmware | <2021.0 | |
| Phoenix Contact Axc F 1152 | ||
| Phoenix Contact Axioline F AXL F 2152 Firmware | ||
| Phoenix Contact AXC F 3152 Firmware | ||
| Phoenix Contact RFC 4072S | ||
| Phoenix Contact AXL F 2152 Starterkit Firmware | ||
| Phoenix Contact PLCnext Technology Starterkit Firmware |
Remedy
Phoenix Contact recommends affected users to upgrade to the current Firmware 2021.0 LTS or higher which fixes these vulnerabilities.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-12517?
CVE-2020-12517 is a vulnerability found in Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS.
What is the severity of CVE-2020-12517?
CVE-2020-12517 has a severity rating of critical.
How can an attacker exploit CVE-2020-12517?
An authenticated low privileged user could embed malicious Javascript code to gain admin rights when the admin user visits the vulnerable website.
Which software versions are affected by CVE-2020-12517?
Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS are affected by CVE-2020-12517.
Is Phoenix Contact Axc F 1152 affected by CVE-2020-12517?
No, Phoenix Contact Axc F 1152 is not vulnerable to CVE-2020-12517.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/weakness
- agent/author
- agent/title
- agent/last-modified-date
- agent/references
- agent/severity
- agent/event
- agent/first-publish-date
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/phoenixcontact
- canonical/phoenix contact plcnext firmware
- canonical/phoenix contact axc f 1152
- canonical/phoenix contact axioline f axl f 2152 firmware
- canonical/phoenix contact axc f 3152 firmware
- canonical/phoenix contact rfc 4072s
- canonical/phoenix contact axl f 2152 starterkit firmware
- canonical/phoenix contact plcnext technology starterkit firmware