CVE-2020-12499Path Traversal in Contact Plcnext Engineer

CWE-22Path Traversal3 documents3 sources
Severity
7.3HIGHNVD
CNA8.2
EPSS
0.1%
top 73.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Phoenix Contact Plcnext EngineerPhoenixcontact Plcnext Engineer
Timeline
PublishedJul 21
Latest updateMay 24

Description

In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an improper path sanitation vulnerability exists on import of project files.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 1.3 | Impact: 5.9

Affected Packages2 packages

CVEListV5phoenix_contact/plcnext_engineerunspecified2020.3.1

🔴Vulnerability Details

2
GHSA
GHSA-7wjc-2c4g-g553: In PHOENIX CONTACT PLCnext Engineer version 20202022-05-24
CVEList
PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier: Improper path sanitation vulnerability.2020-07-21
CVE-2020-12499 — Path Traversal | cvebase