CVE-2020-12519

CWE-269 — Improper Privilege Management3 documents3 sources

Severity

9.8CRITICAL

EPSS

0.2%

top 64.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phoenix Contact AXC F 1152 (1151412)Phoenix Contact AXC F 2152 (2404267)Phoenix Contact AXC F 2152 Starterkit (1046568)+4 more

Timeline

PublishedDec 17

Latest updateMay 24

Description

On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an attacker can use this vulnerability i.e. to open a reverse shell with root privileges.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages7 packages

▶NVDphoenixcontact/plcnext_firmware< 2021.0

▶CVEListV5phoenix_contact/plcnext_technology_starterkit_(1188165)unspecified — 2021.0 LTS

▶CVEListV5phoenix_contact/rfc_4072s_(1051328unspecified — 2021.0 LTS

▶CVEListV5phoenix_contact/axc_f_1152_(1151412)unspecified — 2021.0 LTS

▶CVEListV5phoenix_contact/axc_f_2152_(2404267)unspecified — 2021.0 LTS

🔴Vulnerability Details

GHSA

GHSA-26hg-qjgg-2868: On Phoenix Contact PLCnext Control Devices versions before 2021↗2022-05-24

▶

CVEList

Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS: An attacker can use this vulnerability i.e. to open a reverse shell with root privileges.↗2020-12-17

▶