Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS: An attacker can use this vulnerability i.e. to open a reverse shell with root privileges.
CVE-2020-12519

8.8HIGH

Key Information:

Vendor
Phoenix Contact
Status
Axc F 1152 (1151412)
Axc F 2152 (2404267)
Axc F 3152 (1069208)
Rfc 4072s (1051328
Vendor
CVE Published:
17 December 2020

Summary

On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an attacker can use this vulnerability i.e. to open a reverse shell with root privileges.

Affected Version(s)

AXC F 1152 (1151412) < 2021.0 LTS

AXC F 2152 (2404267) < 2021.0 LTS

AXC F 2152 Starterkit (1046568) < 2021.0 LTS

References

https://cert.vde.com/en-us/advisories/vde-2020-049
x_refsource_CONFIRM

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Discovered by Patrick Muench, Torsten Loebner, Maurice Rothe, Pascal Keul and Daniel Hackel of SVA Systemvertrieb Alexander GmbH, coordinated by CERT@VDE
.
CVE-2020-12519 : Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS: An attacker can use this vulnerability i.e. to open a reverse shell with root privileges. | SecurityVulnerability.io