high
7.8
CWE
502
Advisory Published
Updated

CVE-2020-12525: WAGO/M&M Software Deserialization of untrusted data in fdtCONTAINER component

First published: Thu Jan 14 2021(Updated: )

M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage.

Credit: info@cert.vde.com

Affected SoftwareAffected VersionHow to fix
Emerson Rosemount Transmitter Interface Software
Pepperl-fuchs Pactware>=5.0<=5.0.5.31
Wago Dtminspector 3
Wago Fdtcontainer Application<4.5
Wago Fdtcontainer Application>=4.5.0<=4.5.20304
Wago Fdtcontainer Application>=4.6.0<=4.6.20304
Wago Fdtcontainer Component<3.5
Wago Fdtcontainer Component>=3.5.0<=3.5.20304
Wago Fdtcontainer Component>=3.6.0<=3.6.20304
Weidmueller Wi Manager<=2.5.1
Pepperl-fuchs Io-link Master Firmware<=1.5.48
Pepperl-fuchs Io-link Master 4-eip
Pepperl-fuchs Io-link Master 4-pnio
Pepperl-fuchs Io-link Master 8-eip
Pepperl-fuchs Io-link Master 8-eip-l
Pepperl-fuchs Io-link Master 8-pnio
Pepperl-fuchs Io-link Master 8-pnio-l
Pepperl-fuchs Io-link Master Dr-8-eip
Pepperl-fuchs Io-link Master Dr-8-eip-p
Pepperl-fuchs Io-link Master Dr-8-eip-t
Pepperl-fuchs Io-link Master Dr-8-pnio
Pepperl-fuchs Io-link Master Dr-8-pnio-p
Pepperl-fuchs Io-link Master Dr-8-pnio-t
M&M Software GmbH, a subsidiary of WAGO Kontakttechnik fdtCONTAINER component Versions between 3.5.0 and 3.5.20304.x Versions between 3.6.0 and 3.6.20304.x Versions older than 3.5
M&M Software GmbH, a subsidiary of WAGO Kontakttechnik Versions between 3.5.0 and 3.5.20304.x
M&M Software GmbH, a subsidiary of WAGO Kontakttechnik Versions between 3.6.0 and 3.6.20304.x
M&M Software GmbH, a subsidiary of WAGO Kontakttechnik Versions older than 3.5
M&M Software GmbH, a subsidiary of WAGO Kontakttechnik fdtCONTAINER application Versions between 4.5.0 and 4.5.20304.x Versions between 4.6.0 and 4.6.20304.x Versions older than 4.5
M&M Software GmbH, a subsidiary of WAGO Kontakttechnik Versions between 4.5.0 and 4.5.20304.x
M&M Software GmbH, a subsidiary of WAGO Kontakttechnik Versions between 4.6.0 and 4.6.20304.x
M&M Software GmbH, a subsidiary of WAGO Kontakttechnik Versions older than 4.5
M&M Software GmbH, a subsidiary of WAGO Kontakttechnik dtmINSPECTOR Version 3 (Based on FDT 1.2.x)

Remedy

M&M Software provides two updated fdtCONTAINER component trees (3.6.20304.x < 3.7 and >= 3.7) see advisory https://cert.vde.com/en-us/advisories/vde-2020-048 for details.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What is the vulnerability ID for this issue?

    The vulnerability ID for this issue is CVE-2020-12525.

  • What is the severity of CVE-2020-12525?

    The severity of CVE-2020-12525 is high with a CVSS score of 7.8.

  • Which software versions are affected by CVE-2020-12525?

    M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x are affected by CVE-2020-12525.

  • How can I fix CVE-2020-12525?

    There is no known fix or patch available for CVE-2020-12525 at this time. It is recommended to follow the guidance provided by the vendors and monitor for any updates.

  • Where can I find more information about CVE-2020-12525?

    You can find more information about CVE-2020-12525 on the official websites of VDE and US-CERT.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203