CVE-2020-12518

CWE-200 — Information Exposure3 documents3 sources

Severity

5.5MEDIUM

EPSS

0.2%

top 59.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phoenix Contact AXC F 1152 (1151412)Phoenix Contact AXC F 2152 (2404267)Phoenix Contact AXC F 2152 Starterkit (1046568)+4 more

Timeline

PublishedDec 17

Latest updateMay 24

Description

On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an attacker can use the knowledge gained by reading the insufficiently protected sensitive information to plan further attacks.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages7 packages

▶NVDphoenixcontact/plcnext_firmware< 2021.0

▶CVEListV5phoenix_contact/plcnext_technology_starterkit_(1188165)unspecified — 2021.0 LTS

▶CVEListV5phoenix_contact/rfc_4072s_(1051328unspecified — 2021.0 LTS

▶CVEListV5phoenix_contact/axc_f_1152_(1151412)unspecified — 2021.0 LTS

▶CVEListV5phoenix_contact/axc_f_2152_(2404267)unspecified — 2021.0 LTS

🔴Vulnerability Details

GHSA

GHSA-2g4f-r7cc-55q9: On Phoenix Contact PLCnext Control Devices versions before 2021↗2022-05-24

▶

CVEList

Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS: An attacker can use the knowledge gained by reading the insufficiently protected sensitive information to plan further attacks.↗2020-12-17

▶