Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-12499 (GCVE-0-2020-12499)
Vulnerability from cvelistv5 – Published: 2020-07-21 15:09 – Updated: 2024-09-17 03:18
VLAI?
EPSS
Title
PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier: Improper path sanitation vulnerability.
Summary
In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an improper path sanitation vulnerability exists on import of project files.
Severity ?
8.2 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cert.vde.com/en-us/advisories/vde-2020-025 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| PHOENIX CONTACT | PLCnext Engineer |
Affected:
unspecified , ≤ 2020.3.1
(custom)
|
Date Public ?
2020-07-21 00:00
Credits
This vulnerability was discovered and reported by Amir Preminger of Claroty.
PHOENIX CONTACT reported the vulnerability to CERT@VDE.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:56:52.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-025"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PLCnext Engineer",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"lessThanOrEqual": "2020.3.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This vulnerability was discovered and reported by Amir Preminger of Claroty."
},
{
"lang": "en",
"value": "PHOENIX CONTACT reported the vulnerability to CERT@VDE."
}
],
"datePublic": "2020-07-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an improper path sanitation vulnerability exists on import of project files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-21T15:09:40.000Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-025"
}
],
"solutions": [
{
"lang": "en",
"value": "Temporary Fix / Mitigation: We strongly recommend customers to exchange project files only using secure file exchange\nservices. Project files should not be exchanged via unencrypted email. Users should avoid\nimporting project files from unknown source and exchange or store project files together with a\nchecksum to ensure their integrity."
},
{
"lang": "en",
"value": "Remediation: Phoenix Contact strongly recommends updating to the latest version PLCnext Enineer 2020.6 or\nhigher, which fixes this vulnerability."
}
],
"source": {
"advisory": "VDE-2020-025",
"discovery": "UNKNOWN"
},
"title": "PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier: Improper path sanitation vulnerability.",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2020-07-21T09:44:00.000Z",
"ID": "CVE-2020-12499",
"STATE": "PUBLIC",
"TITLE": "PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier: Improper path sanitation vulnerability."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PLCnext Engineer",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "2020.3.1"
}
]
}
}
]
},
"vendor_name": "PHOENIX CONTACT"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This vulnerability was discovered and reported by Amir Preminger of Claroty."
},
{
"lang": "eng",
"value": "PHOENIX CONTACT reported the vulnerability to CERT@VDE."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an improper path sanitation vulnerability exists on import of project files."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en-us/advisories/vde-2020-025",
"refsource": "MISC",
"url": "https://cert.vde.com/en-us/advisories/vde-2020-025"
}
]
},
"solution": [
{
"lang": "en",
"value": "Temporary Fix / Mitigation: We strongly recommend customers to exchange project files only using secure file exchange\nservices. Project files should not be exchanged via unencrypted email. Users should avoid\nimporting project files from unknown source and exchange or store project files together with a\nchecksum to ensure their integrity."
},
{
"lang": "en",
"value": "Remediation: Phoenix Contact strongly recommends updating to the latest version PLCnext Enineer 2020.6 or\nhigher, which fixes this vulnerability."
}
],
"source": {
"advisory": "VDE-2020-025",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2020-12499",
"datePublished": "2020-07-21T15:09:40.065Z",
"dateReserved": "2020-04-30T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:18:07.103Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2020-12499",
"date": "2026-05-16",
"epss": "0.00096",
"percentile": "0.264"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phoenixcontact:plcnext_engineer:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2020-3-1\", \"matchCriteriaId\": \"B3C43096-BEA2-41C9-83CF-F4BFAFFE8BE5\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an improper path sanitation vulnerability exists on import of project files.\"}, {\"lang\": \"es\", \"value\": \"En PHOENIX CONTACT PLCnext Engineer versi\\u00f3n 2020.3.1 y anteriores, presenta una vulnerabilidad de saneamiento de ruta inapropiada en la importaci\\u00f3n de archivos de proyecto\"}]",
"id": "CVE-2020-12499",
"lastModified": "2024-11-21T04:59:48.513",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"info@cert.vde.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H\", \"baseScore\": 8.2, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.5, \"impactScore\": 6.0}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.3, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.3, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 4.4, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.4, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2020-07-21T15:15:13.677",
"references": "[{\"url\": \"https://cert.vde.com/en-us/advisories/vde-2020-025\", \"source\": \"info@cert.vde.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://cert.vde.com/en-us/advisories/vde-2020-025\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"info@cert.vde.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2020-12499\",\"sourceIdentifier\":\"info@cert.vde.com\",\"published\":\"2020-07-21T15:15:13.677\",\"lastModified\":\"2024-11-21T04:59:48.513\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an improper path sanitation vulnerability exists on import of project files.\"},{\"lang\":\"es\",\"value\":\"En PHOENIX CONTACT PLCnext Engineer versi\u00f3n 2020.3.1 y anteriores, presenta una vulnerabilidad de saneamiento de ruta inapropiada en la importaci\u00f3n de archivos de proyecto\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H\",\"baseScore\":8.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.5,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.3,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":4.4,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phoenixcontact:plcnext_engineer:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2020-3-1\",\"matchCriteriaId\":\"B3C43096-BEA2-41C9-83CF-F4BFAFFE8BE5\"}]}]}],\"references\":[{\"url\":\"https://cert.vde.com/en-us/advisories/vde-2020-025\",\"source\":\"info@cert.vde.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert.vde.com/en-us/advisories/vde-2020-025\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
FKIE_CVE-2020-12499
Vulnerability from fkie_nvd - Published: 2020-07-21 15:15 - Updated: 2024-11-21 04:59
Severity ?
8.2 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Summary
In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an improper path sanitation vulnerability exists on import of project files.
References
| URL | Tags | ||
|---|---|---|---|
| info@cert.vde.com | https://cert.vde.com/en-us/advisories/vde-2020-025 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/en-us/advisories/vde-2020-025 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phoenixcontact | plcnext_engineer | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phoenixcontact:plcnext_engineer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3C43096-BEA2-41C9-83CF-F4BFAFFE8BE5",
"versionEndIncluding": "2020-3-1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an improper path sanitation vulnerability exists on import of project files."
},
{
"lang": "es",
"value": "En PHOENIX CONTACT PLCnext Engineer versi\u00f3n 2020.3.1 y anteriores, presenta una vulnerabilidad de saneamiento de ruta inapropiada en la importaci\u00f3n de archivos de proyecto"
}
],
"id": "CVE-2020-12499",
"lastModified": "2024-11-21T04:59:48.513",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.5,
"impactScore": 6.0,
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-21T15:15:13.677",
"references": [
{
"source": "info@cert.vde.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-025"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-025"
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GSD-2020-12499
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an improper path sanitation vulnerability exists on import of project files.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-12499",
"description": "In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an improper path sanitation vulnerability exists on import of project files.",
"id": "GSD-2020-12499"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-12499"
],
"details": "In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an improper path sanitation vulnerability exists on import of project files.",
"id": "GSD-2020-12499",
"modified": "2023-12-13T01:21:49.021745Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2020-07-21T09:44:00.000Z",
"ID": "CVE-2020-12499",
"STATE": "PUBLIC",
"TITLE": "PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier: Improper path sanitation vulnerability."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PLCnext Engineer",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "2020.3.1"
}
]
}
}
]
},
"vendor_name": "PHOENIX CONTACT"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This vulnerability was discovered and reported by Amir Preminger of Claroty."
},
{
"lang": "eng",
"value": "PHOENIX CONTACT reported the vulnerability to CERT@VDE."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an improper path sanitation vulnerability exists on import of project files."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en-us/advisories/vde-2020-025",
"refsource": "MISC",
"url": "https://cert.vde.com/en-us/advisories/vde-2020-025"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Temporary Fix / Mitigation: We strongly recommend customers to exchange project files only using secure file exchange\nservices. Project files should not be exchanged via unencrypted email. Users should avoid\nimporting project files from unknown source and exchange or store project files together with a\nchecksum to ensure their integrity.\n\n"
},
{
"lang": "eng",
"value": "Remediation: Phoenix Contact strongly recommends updating to the latest version PLCnext Enineer 2020.6 or\nhigher, which fixes this vulnerability."
}
],
"source": {
"advisory": "VDE-2020-025",
"discovery": "UNKNOWN"
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:phoenixcontact:plcnext_engineer:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2020-3-1",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"ID": "CVE-2020-12499"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an improper path sanitation vulnerability exists on import of project files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "N/A",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-025"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9
}
},
"lastModifiedDate": "2020-08-05T14:35Z",
"publishedDate": "2020-07-21T15:15Z"
}
}
}
VDE-2020-025
Vulnerability from csaf_phoenixcontactgmbhcokg - Published: 2020-07-21 09:38 - Updated: 2025-05-14 12:28Summary
PHOENIX CONTACT: Improper path sanitation on import of project files in PLCnext Engineer
Notes
Summary: The build settings of a PLCnext Engineer project (.pcwex) can be manipulated in a way that can result in the execution of remote code.
The attacker needs to get access to a PLCnext Engineer project to be able to manipulate files inside. Additionally, the files of the remote code need to be transferred to a location which can be accessed by the PC that runs PLCnext Engineer. When PLCnext Engineer runs a build process of the manipulated project the remote code can be executed.
Impact: Availability, integrity, or confidentiality of an engineering workstation might be compromised by attacks using these vulnerabilities.
Remediation: Phoenix Contact strongly recommends updating to the latest version PLCnext Enineer 2020.6, which fixes this vulnerability.
Mitigation: We strongly recommend customers to exchange project files only using secure file exchange
services. Project files should not be exchanged via unencrypted email. Users should avoid
importing project files from unknown source and exchange or store project files together with a
checksum to ensure their integrity.
In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an improper path sanitation vulnerability exists on import of project files.
8.2 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Software PLCnext Engineer <=2020.3.1
PHOENIX CONTACT / Software / PLCnext Engineer
|
1046008
|
<=2020.3.1 |
Mitigation
Vendor Fix
|
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Software PLCnext Engineer 2020.6
PHOENIX CONTACT / Software / PLCnext Engineer
|
2020.6 |
References
4 references
Acknowledgments
Claroty
Amir Preminger
CERT@VDE
{
"document": {
"acknowledgments": [
{
"names": [
"Amir Preminger"
],
"organization": "Claroty",
"summary": "discovered and reported"
},
{
"organization": "CERT@VDE",
"summary": "coordination"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "The build settings of a PLCnext Engineer project (.pcwex) can be manipulated in a way that can result in the execution of remote code.\nThe attacker needs to get access to a PLCnext Engineer project to be able to manipulate files inside. Additionally, the files of the remote code need to be transferred to a location which can be accessed by the PC that runs PLCnext Engineer. When PLCnext Engineer runs a build process of the manipulated project the remote code can be executed.",
"title": "Summary"
},
{
"category": "description",
"text": "Availability, integrity, or confidentiality of an engineering workstation might be compromised by attacks using these vulnerabilities.",
"title": "Impact"
},
{
"category": "description",
"text": "Phoenix Contact strongly recommends updating to the latest version PLCnext Enineer 2020.6, which fixes this vulnerability.",
"title": "Remediation"
},
{
"category": "description",
"text": "We strongly recommend customers to exchange project files only using secure file exchange\nservices. Project files should not be exchanged via unencrypted email. Users should avoid\nimporting project files from unknown source and exchange or store project files together with a\nchecksum to ensure their integrity.",
"title": "Mitigation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@phoenixcontact.com",
"name": "Phoenix Contact GmbH \u0026 Co. KG",
"namespace": "https://phoenixcontact.com/psirt"
},
"references": [
{
"category": "external",
"summary": "Phoenix Contact PSIRT ",
"url": "https://www.phoenixcontact.com/de-de/service-und-support/psirt"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for Phoenix Contact GmbH \u0026 Co. KG",
"url": "https://certvde.com/en/advisories/vendor/phoenixcontact"
},
{
"category": "self",
"summary": "VDE-2020-025: PHOENIX CONTACT: Improper path sanitation on import of project files in PLCnext Engineer - HTML",
"url": "https://certvde.com/de/advisories/VDE-2020-025/"
},
{
"category": "self",
"summary": "VDE-2020-025: PHOENIX CONTACT: Improper path sanitation on import of project files in PLCnext Engineer - CSAF",
"url": "https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2020/vde-2020-025.json"
}
],
"title": "PHOENIX CONTACT: Improper path sanitation on import of project files in PLCnext Engineer",
"tracking": {
"aliases": [
"VDE-2020-025"
],
"current_release_date": "2025-05-14T12:28:19.000Z",
"generator": {
"date": "2024-10-02T08:44:15.962Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.12"
}
},
"id": "VDE-2020-025",
"initial_release_date": "2020-07-21T09:38:00.000Z",
"revision_history": [
{
"date": "2020-07-21T09:38:00.000Z",
"number": "1",
"summary": "Initial revision."
},
{
"date": "2024-11-06T11:27:01.000Z",
"number": "2",
"summary": "Fix: correct certvde domain, added self-reference"
},
{
"date": "2025-05-14T12:28:19.000Z",
"number": "3",
"summary": "Fix: version space, removed ia, firmware category, added distribution"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=2020.3.1",
"product": {
"name": "Software PLCnext Engineer \u003c=2020.3.1",
"product_id": "CSAFPID-51001",
"product_identification_helper": {
"model_numbers": [
"1046008"
]
}
}
},
{
"category": "product_version",
"name": "2020.6",
"product": {
"name": "Software PLCnext Engineer 2020.6",
"product_id": "CSAFPID-52002"
}
}
],
"category": "product_name",
"name": "PLCnext Engineer"
}
],
"category": "product_family",
"name": "Software"
}
],
"category": "vendor",
"name": "PHOENIX CONTACT"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-12499",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an improper path sanitation vulnerability exists on import of project files.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52002"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "We strongly recommend customers to exchange project files only using secure file exchange\nservices. Project files should not be exchanged via unencrypted email. Users should avoid\nimporting project files from unknown source and exchange or store project files together with a\nchecksum to ensure their integrity.",
"product_ids": [
"CSAFPID-51001"
]
},
{
"category": "vendor_fix",
"details": "Phoenix Contact strongly recommends updating to the latest version PLCnext Enineer 2020.6, which fixes this vulnerability.",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.3,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"temporalScore": 8.2,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2020-12499"
}
]
}
CNVD-2020-42938
Vulnerability from cnvd - Published: 2020-07-28
VLAI Severity ?
Title
Phoenix Contact PLCnext Engineer路径遍历漏洞
Description
Phoenix Contact PLCnext Engineer是德国菲尼克斯电气(Phoenix Contact)公司的一套用于自动化控制器的工程软件平台。
PHOENIX CONTACT PLCnext Engineer 2020.3.1及之前版本中存在路径遍历漏洞。该漏洞源于网络系统或产品未能正确地过滤资源或文件路径中的特殊元素。攻击者可利用该漏洞访问受限目录之外的位置。
Severity
低
Patch Name
Phoenix Contact PLCnext Engineer路径遍历漏洞的补丁
Patch Description
Phoenix Contact PLCnext Engineer是德国菲尼克斯电气(Phoenix Contact)公司的一套用于自动化控制器的工程软件平台。
PHOENIX CONTACT PLCnext Engineer 2020.3.1及之前版本中存在路径遍历漏洞。该漏洞源于网络系统或产品未能正确地过滤资源或文件路径中的特殊元素。攻击者可利用该漏洞访问受限目录之外的位置。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,详情请关注厂商主页: https://www.phoenixcontact.com
Reference
https://cert.vde.com/en-us/advisories/vde-2020-025
Impacted products
| Name | PHOENIX CONTACT PLCnext Engineer <=2020.3.1 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2020-12499",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-12499"
}
},
"description": "Phoenix Contact PLCnext Engineer\u662f\u5fb7\u56fd\u83f2\u5c3c\u514b\u65af\u7535\u6c14\uff08Phoenix Contact\uff09\u516c\u53f8\u7684\u4e00\u5957\u7528\u4e8e\u81ea\u52a8\u5316\u63a7\u5236\u5668\u7684\u5de5\u7a0b\u8f6f\u4ef6\u5e73\u53f0\u3002\n\nPHOENIX CONTACT PLCnext Engineer 2020.3.1\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u672a\u80fd\u6b63\u786e\u5730\u8fc7\u6ee4\u8d44\u6e90\u6216\u6587\u4ef6\u8def\u5f84\u4e2d\u7684\u7279\u6b8a\u5143\u7d20\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bbf\u95ee\u53d7\u9650\u76ee\u5f55\u4e4b\u5916\u7684\u4f4d\u7f6e\u3002",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://www.phoenixcontact.com",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2020-42938",
"openTime": "2020-07-28",
"patchDescription": "Phoenix Contact PLCnext Engineer\u662f\u5fb7\u56fd\u83f2\u5c3c\u514b\u65af\u7535\u6c14\uff08Phoenix Contact\uff09\u516c\u53f8\u7684\u4e00\u5957\u7528\u4e8e\u81ea\u52a8\u5316\u63a7\u5236\u5668\u7684\u5de5\u7a0b\u8f6f\u4ef6\u5e73\u53f0\u3002\r\n\r\nPHOENIX CONTACT PLCnext Engineer 2020.3.1\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u672a\u80fd\u6b63\u786e\u5730\u8fc7\u6ee4\u8d44\u6e90\u6216\u6587\u4ef6\u8def\u5f84\u4e2d\u7684\u7279\u6b8a\u5143\u7d20\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bbf\u95ee\u53d7\u9650\u76ee\u5f55\u4e4b\u5916\u7684\u4f4d\u7f6e\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Phoenix Contact PLCnext Engineer\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "PHOENIX CONTACT PLCnext Engineer \u003c=2020.3.1"
},
"referenceLink": "https://cert.vde.com/en-us/advisories/vde-2020-025",
"serverity": "\u4f4e",
"submitTime": "2020-07-27",
"title": "Phoenix Contact PLCnext Engineer\u8def\u5f84\u904d\u5386\u6f0f\u6d1e"
}
VDE-2020-033
Vulnerability from csaf_pilzgmbhcokg - Published: 2020-09-10 13:18 - Updated: 2025-05-14 12:28Summary
Pilz: Multiple products prone to WIBU-SYSTEMS CodeMeter vulnerabilities
Notes
Summary: A number of Pilz software tools use the Software CodeMeter Runtime application from WIBU-SYSTEMS AG to manage licences. This application contains a number of vulnerabilities, which enable an attacker to change and falsify a licence file, prevent normal operation of Code- Meter (Denial-of-Service) and potentially execute arbitrary code.
Impact: The stated Pilz products are supplied with the WIBU Software CodeMeter Runtime Software in Ver- sions lower than v6.90, which contain a number of vulnerabilities. One of the vulnerabilities enables further vulnerabilities to be exploited via the network.
Remediation: Use the current Version 7.10 of the Software CodeMeter Runtime, available via the manufacturer's website. https://www.wibu.com/de/support/anwendersoftware/anwendersoftware.html
Only use the Software CodeMeter Runtime as Client. The software tools named under affected products use the Software CodeMeter Runtime as Client in their default setting.
Pilz also recommends using a local firewall to limit unwanted access to the network ser- vices of the device with Software CodeMeter Runtime installed.
Multiple memory corruption vulnerabilities exist in CodeMeter (All versions prior to 7.10) where the packet parser mechanism does not verify length fields. An attacker could send specially crafted packets to exploit these vulnerabilities.
9.8 (Critical)
Vendor Fix
Use the current Version 7.10 of the Software CodeMeter Runtime, available via the manufacturer's website. https://www.wibu.com/de/support/anwendersoftware/anwendersoftware.html
Only use the Software CodeMeter Runtime as Client. The software tools named under affected products use the Software CodeMeter Runtime as Client in their default setting.
Pilz also recommends using a local firewall to limit unwanted access to the network ser- vices of the device with Software CodeMeter Runtime installed.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — |
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — |
Protocol encryption can be easily broken for CodeMeter (All versions prior to 6.90 are affected, including Version 6.90 or newer only if Software CodeMeter Runtime is running as server) and the server accepts external connections, which may allow an attacker to remotely communicate with the CodeMeter API.
9.8 (Critical)
Vendor Fix
Use the current Version 7.10 of the Software CodeMeter Runtime, available via the manufacturer's website. https://www.wibu.com/de/support/anwendersoftware/anwendersoftware.html
Only use the Software CodeMeter Runtime as Client. The software tools named under affected products use the Software CodeMeter Runtime as Client in their default setting.
Pilz also recommends using a local firewall to limit unwanted access to the network ser- vices of the device with Software CodeMeter Runtime installed.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — |
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — |
An attacker could send a specially crafted packet that could have CodeMeter (All versions prior to 7.10) send back packets containing data from the heap.
7.5 (High)
Vendor Fix
Use the current Version 7.10 of the Software CodeMeter Runtime, available via the manufacturer's website. https://www.wibu.com/de/support/anwendersoftware/anwendersoftware.html
Only use the Software CodeMeter Runtime as Client. The software tools named under affected products use the Software CodeMeter Runtime as Client in their default setting.
Pilz also recommends using a local firewall to limit unwanted access to the network ser- vices of the device with Software CodeMeter Runtime installed.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — |
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — |
This vulnerability allows an attacker to use the internal WebSockets API for CodeMeter (All versions prior to 7.00 are affected, including Version 7.0 or newer with the affected WebSockets API still enabled. This is especially relevant for systems or devices where a web browser is used to access a web server) via a specifically crafted Java Script payload, which may allow alteration or creation of license files for when combined with CVE-2020-14515.
7.5 (High)
Vendor Fix
Use the current Version 7.10 of the Software CodeMeter Runtime, available via the manufacturer's website. https://www.wibu.com/de/support/anwendersoftware/anwendersoftware.html
Only use the Software CodeMeter Runtime as Client. The software tools named under affected products use the Software CodeMeter Runtime as Client in their default setting.
Pilz also recommends using a local firewall to limit unwanted access to the network ser- vices of the device with Software CodeMeter Runtime installed.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — |
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — |
CodeMeter (All versions prior to 6.81) and the software using it may crash while processing a specifically crafted license file due to unverified length fields.
7.5 (High)
Vendor Fix
Use the current Version 7.10 of the Software CodeMeter Runtime, available via the manufacturer's website. https://www.wibu.com/de/support/anwendersoftware/anwendersoftware.html
Only use the Software CodeMeter Runtime as Client. The software tools named under affected products use the Software CodeMeter Runtime as Client in their default setting.
Pilz also recommends using a local firewall to limit unwanted access to the network ser- vices of the device with Software CodeMeter Runtime installed.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — |
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — |
Multiple memory corruption vulnerabilities exist in CodeMeter (All versions prior to 7.10) where the packet parser mechanism does not verify length fields. An attacker could send specially crafted packets to exploit these vulnerabilities.
7.5 (High)
Vendor Fix
Use the current Version 7.10 of the Software CodeMeter Runtime, available via the manufacturer's website. https://www.wibu.com/de/support/anwendersoftware/anwendersoftware.html
Only use the Software CodeMeter Runtime as Client. The software tools named under affected products use the Software CodeMeter Runtime as Client in their default setting.
Pilz also recommends using a local firewall to limit unwanted access to the network ser- vices of the device with Software CodeMeter Runtime installed.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — |
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — |
References
3 references
Acknowledgments
Claroty
Sharon Brizinov
Tal Keren
CERT@VDE
CISA
BSI
WIBU-Systems
{
"document": {
"acknowledgments": [
{
"names": [
"Sharon Brizinov",
"Tal Keren"
],
"organization": "Claroty",
"summary": "discovered and reported"
},
{
"organization": "CERT@VDE",
"summary": "coordination"
},
{
"organization": "CISA",
"summary": "coordination"
},
{
"organization": "BSI",
"summary": "coordination"
},
{
"organization": "WIBU-Systems"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "A number of Pilz software tools use the Software CodeMeter Runtime application from WIBU-SYSTEMS AG to manage licences. This application contains a number of vulnerabilities, which enable an attacker to change and falsify a licence file, prevent normal operation of Code- Meter (Denial-of-Service) and potentially execute arbitrary code.",
"title": "Summary"
},
{
"category": "description",
"text": "The stated Pilz products are supplied with the WIBU Software CodeMeter Runtime Software in Ver- sions lower than v6.90, which contain a number of vulnerabilities. One of the vulnerabilities enables further vulnerabilities to be exploited via the network.",
"title": "Impact"
},
{
"category": "description",
"text": "Use the current Version 7.10 of the Software CodeMeter Runtime, available via the manufacturer\u0027s website. https://www.wibu.com/de/support/anwendersoftware/anwendersoftware.html \nOnly use the Software CodeMeter Runtime as Client. The software tools named under affected products use the Software CodeMeter Runtime as Client in their default setting.\nPilz also recommends using a local firewall to limit unwanted access to the network ser- vices of the device with Software CodeMeter Runtime installed.",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "security@pilz.com",
"name": "Pilz GmbH \u0026 Co. KG",
"namespace": "https://www.pilz.com"
},
"references": [
{
"category": "external",
"summary": "CERT@VDE Security Advisories for Pilz GmbH \u0026 Co. KG",
"url": "https://certvde.com/en/advisories/vendor/pilz"
},
{
"category": "self",
"summary": "VDE-2020-033: Pilz: Multiple products prone to WIBU-SYSTEMS CodeMeter vulnerabilities - HTML",
"url": "https://certvde.com/de/advisories/VDE-2020-033/"
},
{
"category": "self",
"summary": "VDE-2020-033: Pilz: Multiple products prone to WIBU-SYSTEMS CodeMeter vulnerabilities - CSAF",
"url": "https://pilz.csaf-tp.certvde.com/.well-known/csaf/white/2020/vde-2020-033.json"
}
],
"title": "Pilz: Multiple products prone to WIBU-SYSTEMS CodeMeter vulnerabilities",
"tracking": {
"aliases": [
"VDE-2020-033"
],
"current_release_date": "2025-05-14T12:28:19.000Z",
"generator": {
"date": "2024-09-30T11:36:52.290Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.12"
}
},
"id": "VDE-2020-033",
"initial_release_date": "2020-09-10T13:18:00.000Z",
"revision_history": [
{
"date": "2020-09-10T13:18:00.000Z",
"number": "1",
"summary": "Initial revision."
},
{
"date": "2024-11-06T11:27:01.000Z",
"number": "2",
"summary": "Fix: correct certvde domain, added self-reference"
},
{
"date": "2025-05-14T12:28:19.000Z",
"number": "3",
"summary": "Fix: version space, removed ia, firmware category, added distribution"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=V3 3.5.12",
"product": {
"name": "Software CODESYS DevSys \u003c=V3 3.5.12",
"product_id": "CSAFPID-51001"
}
}
],
"category": "product_name",
"name": "CODESYS DevSys"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.1.0",
"product": {
"name": "Software Live Video Server \u003c=1.1.0",
"product_id": "CSAFPID-51002"
}
}
],
"category": "product_name",
"name": "Live Video Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.21.1",
"product": {
"name": "Software PAS4000 \u003c=1.21.1",
"product_id": "CSAFPID-51003"
}
}
],
"category": "product_name",
"name": "PAS4000"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.1.3",
"product": {
"name": "Software PASloto \u003c=1.1.3",
"product_id": "CSAFPID-51004"
}
}
],
"category": "product_name",
"name": "PASloto"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.9.0",
"product": {
"name": "Software PASvisu \u003c=1.9.0",
"product_id": "CSAFPID-51005"
}
}
],
"category": "product_name",
"name": "PASvisu"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.3.0",
"product": {
"name": "Software PNOZsigma \u003c=1.3.0",
"product_id": "CSAFPID-51006"
}
}
],
"category": "product_name",
"name": "PNOZsigma"
},
{
"branches": [
{
"category": "product_version_range",
"name": "3.0.0\u003c=3.0.1",
"product": {
"name": "Software SafetyEYE 3.0.0\u003c=3.0.1",
"product_id": "CSAFPID-51007"
}
}
],
"category": "product_name",
"name": "SafetyEYE"
}
],
"category": "product_family",
"name": "Software"
}
],
"category": "vendor",
"name": "PILZ"
},
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.90",
"product": {
"name": "Software CodeMeter Runtime \u003c6.90",
"product_id": "CSAFPID-51008"
}
},
{
"category": "product_version",
"name": "7.10",
"product": {
"name": "Software CodeMeter Runtime 7.10",
"product_id": "CSAFPID-52001"
}
}
],
"category": "product_name",
"name": "CodeMeter Runtime"
}
],
"category": "product_family",
"name": "Software"
}
],
"category": "vendor",
"name": "WIBU"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007"
],
"summary": "Affected products."
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007"
],
"summary": "Fixed products."
}
],
"relationships": [
{
"category": "external_component_of",
"full_product_name": {
"name": "Software CodeMeter Runtime \u003c6.90 external component of Software CODESYS DevSys \u003c=V3 3.5.12",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-51008",
"relates_to_product_reference": "CSAFPID-51001"
},
{
"category": "external_component_of",
"full_product_name": {
"name": "Software CodeMeter Runtime \u003c6.90 external component of Software Live Video Server \u003c=1.1.0",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-51008",
"relates_to_product_reference": "CSAFPID-51002"
},
{
"category": "external_component_of",
"full_product_name": {
"name": "Software CodeMeter Runtime \u003c6.90 external component of Software PAS4000 \u003c=1.21.1",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-51008",
"relates_to_product_reference": "CSAFPID-51003"
},
{
"category": "external_component_of",
"full_product_name": {
"name": "Software CodeMeter Runtime \u003c6.90 external component of Software CodeMeter Runtime \u003c6.90",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-51008",
"relates_to_product_reference": "CSAFPID-51008"
},
{
"category": "external_component_of",
"full_product_name": {
"name": "Software CodeMeter Runtime \u003c6.90 external component of Software PASvisu \u003c=1.9.0",
"product_id": "CSAFPID-31005"
},
"product_reference": "CSAFPID-51008",
"relates_to_product_reference": "CSAFPID-51005"
},
{
"category": "external_component_of",
"full_product_name": {
"name": "Software CodeMeter Runtime \u003c6.90 external component of Software PNOZsigma \u003c=1.3.0",
"product_id": "CSAFPID-31006"
},
"product_reference": "CSAFPID-51008",
"relates_to_product_reference": "CSAFPID-51006"
},
{
"category": "external_component_of",
"full_product_name": {
"name": "Software CodeMeter Runtime \u003c6.90 external component of Software SafetyEYE 3.0.0\u003c=3.0.1",
"product_id": "CSAFPID-31007"
},
"product_reference": "CSAFPID-51008",
"relates_to_product_reference": "CSAFPID-51007"
},
{
"category": "external_component_of",
"full_product_name": {
"name": "Software CodeMeter Runtime 7.10 external component of Software CODESYS DevSys \u003c=V3 3.5.12",
"product_id": "CSAFPID-32001"
},
"product_reference": "CSAFPID-52001",
"relates_to_product_reference": "CSAFPID-51001"
},
{
"category": "external_component_of",
"full_product_name": {
"name": "Software CodeMeter Runtime 7.10 external component of Software Live Video Server \u003c=1.1.0",
"product_id": "CSAFPID-32002"
},
"product_reference": "CSAFPID-52001",
"relates_to_product_reference": "CSAFPID-51002"
},
{
"category": "external_component_of",
"full_product_name": {
"name": "Software CodeMeter Runtime 7.10 external component of Software PAS4000 \u003c=1.21.1",
"product_id": "CSAFPID-32003"
},
"product_reference": "CSAFPID-52001",
"relates_to_product_reference": "CSAFPID-51003"
},
{
"category": "external_component_of",
"full_product_name": {
"name": "Software CodeMeter Runtime 7.10 external component of Software PASloto \u003c=1.1.3",
"product_id": "CSAFPID-32004"
},
"product_reference": "CSAFPID-52001",
"relates_to_product_reference": "CSAFPID-51004"
},
{
"category": "external_component_of",
"full_product_name": {
"name": "Software CodeMeter Runtime 7.10 external component of Software PASvisu \u003c=1.9.0",
"product_id": "CSAFPID-32005"
},
"product_reference": "CSAFPID-52001",
"relates_to_product_reference": "CSAFPID-51005"
},
{
"category": "external_component_of",
"full_product_name": {
"name": "Software CodeMeter Runtime 7.10 external component of Software PNOZsigma \u003c=1.3.0",
"product_id": "CSAFPID-32006"
},
"product_reference": "CSAFPID-52001",
"relates_to_product_reference": "CSAFPID-51006"
},
{
"category": "external_component_of",
"full_product_name": {
"name": "Software CodeMeter Runtime 7.10 external component of Software SafetyEYE 3.0.0\u003c=3.0.1",
"product_id": "CSAFPID-32007"
},
"product_reference": "CSAFPID-52001",
"relates_to_product_reference": "CSAFPID-51007"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-12499",
"cwe": {
"id": "CWE-805",
"name": "Buffer Access with Incorrect Length Value"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "Multiple memory corruption vulnerabilities exist in CodeMeter (All versions prior to 7.10) where the packet parser mechanism does not verify length fields. An attacker could send specially crafted packets to exploit these vulnerabilities.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Use the current Version 7.10 of the Software CodeMeter Runtime, available via the manufacturer\u0027s website. https://www.wibu.com/de/support/anwendersoftware/anwendersoftware.html \nOnly use the Software CodeMeter Runtime as Client. The software tools named under affected products use the Software CodeMeter Runtime as Client in their default setting.\nPilz also recommends using a local firewall to limit unwanted access to the network ser- vices of the device with Software CodeMeter Runtime installed.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007"
]
}
],
"title": "CVE-2020-12499"
},
{
"cve": "CVE-2020-14517",
"cwe": {
"id": "CWE-326",
"name": "Inadequate Encryption Strength"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "Protocol encryption can be easily broken for CodeMeter (All versions prior to 6.90 are affected, including Version 6.90 or newer only if Software CodeMeter Runtime is running as server) and the server accepts external connections, which may allow an attacker to remotely communicate with the CodeMeter API.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Use the current Version 7.10 of the Software CodeMeter Runtime, available via the manufacturer\u0027s website. https://www.wibu.com/de/support/anwendersoftware/anwendersoftware.html \nOnly use the Software CodeMeter Runtime as Client. The software tools named under affected products use the Software CodeMeter Runtime as Client in their default setting.\nPilz also recommends using a local firewall to limit unwanted access to the network ser- vices of the device with Software CodeMeter Runtime installed.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007"
]
}
],
"title": "CVE-2020-14517"
},
{
"cve": "CVE-2020-16233",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "An attacker could send a specially crafted packet that could have CodeMeter (All versions prior to 7.10) send back packets containing data from the heap.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Use the current Version 7.10 of the Software CodeMeter Runtime, available via the manufacturer\u0027s website. https://www.wibu.com/de/support/anwendersoftware/anwendersoftware.html \nOnly use the Software CodeMeter Runtime as Client. The software tools named under affected products use the Software CodeMeter Runtime as Client in their default setting.\nPilz also recommends using a local firewall to limit unwanted access to the network ser- vices of the device with Software CodeMeter Runtime installed.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007"
]
}
],
"title": "CVE-2020-16233"
},
{
"cve": "CVE-2020-14519",
"cwe": {
"id": "CWE-346",
"name": "Origin Validation Error"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "This vulnerability allows an attacker to use the internal WebSockets API for CodeMeter (All versions prior to 7.00 are affected, including Version 7.0 or newer with the affected WebSockets API still enabled. This is especially relevant for systems or devices where a web browser is used to access a web server) via a specifically crafted Java Script payload, which may allow alteration or creation of license files for when combined with CVE-2020-14515.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Use the current Version 7.10 of the Software CodeMeter Runtime, available via the manufacturer\u0027s website. https://www.wibu.com/de/support/anwendersoftware/anwendersoftware.html \nOnly use the Software CodeMeter Runtime as Client. The software tools named under affected products use the Software CodeMeter Runtime as Client in their default setting.\nPilz also recommends using a local firewall to limit unwanted access to the network ser- vices of the device with Software CodeMeter Runtime installed.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007"
]
}
],
"title": "CVE-2020-14519"
},
{
"cve": "CVE-2020-14513",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "CodeMeter (All versions prior to 6.81) and the software using it may crash while processing a specifically crafted license file due to unverified length fields.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Use the current Version 7.10 of the Software CodeMeter Runtime, available via the manufacturer\u0027s website. https://www.wibu.com/de/support/anwendersoftware/anwendersoftware.html \nOnly use the Software CodeMeter Runtime as Client. The software tools named under affected products use the Software CodeMeter Runtime as Client in their default setting.\nPilz also recommends using a local firewall to limit unwanted access to the network ser- vices of the device with Software CodeMeter Runtime installed.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007"
]
}
],
"title": "CVE-2020-14513"
},
{
"cve": "CVE-2020-14515",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "Multiple memory corruption vulnerabilities exist in CodeMeter (All versions prior to 7.10) where the packet parser mechanism does not verify length fields. An attacker could send specially crafted packets to exploit these vulnerabilities.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Use the current Version 7.10 of the Software CodeMeter Runtime, available via the manufacturer\u0027s website. https://www.wibu.com/de/support/anwendersoftware/anwendersoftware.html \nOnly use the Software CodeMeter Runtime as Client. The software tools named under affected products use the Software CodeMeter Runtime as Client in their default setting.\nPilz also recommends using a local firewall to limit unwanted access to the network ser- vices of the device with Software CodeMeter Runtime installed.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007"
]
}
],
"title": "CVE-2020-14515"
}
]
}
GHSA-7WJC-2C4G-G553
Vulnerability from github – Published: 2022-05-24 17:24 – Updated: 2022-05-24 17:24
VLAI?
Details
In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an improper path sanitation vulnerability exists on import of project files.
{
"affected": [],
"aliases": [
"CVE-2020-12499"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-07-21T15:15:00Z",
"severity": "MODERATE"
},
"details": "In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an improper path sanitation vulnerability exists on import of project files.",
"id": "GHSA-7wjc-2c4g-g553",
"modified": "2022-05-24T17:24:00Z",
"published": "2022-05-24T17:24:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12499"
},
{
"type": "WEB",
"url": "https://cert.vde.com/en-us/advisories/vde-2020-025"
}
],
"schema_version": "1.4.0",
"severity": []
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…