Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS: An attacker can use the knowledge gained by reading the insufficiently protected sensitive information to plan further attacks.
CVE-2020-12518

5.5MEDIUM

Key Information:

Vendor
Phoenix Contact
Status
Axc F 1152 (1151412)
Axc F 2152 (2404267)
Axc F 3152 (1069208)
Rfc 4072s (1051328
Vendor
CVE Published:
17 December 2020

Summary

On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an attacker can use the knowledge gained by reading the insufficiently protected sensitive information to plan further attacks.

Affected Version(s)

AXC F 1152 (1151412) < 2021.0 LTS

AXC F 2152 (2404267) < 2021.0 LTS

AXC F 2152 Starterkit (1046568) < 2021.0 LTS

References

https://cert.vde.com/en-us/advisories/vde-2020-049
x_refsource_CONFIRM

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Discovered by Patrick Muench, Torsten Loebner, Maurice Rothe, Pascal Keul and Daniel Hackel of SVA Systemvertrieb Alexander GmbH, coordinated by CERT@VDE
.
CVE-2020-12518 : Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS: An attacker can use the knowledge gained by reading the insufficiently protected sensitive information to plan further attacks. | SecurityVulnerability.io