HIGH🇵🇱 Wersja polska

CVE-2020-12499

CVSS 8.2v3.1pub. 2020-07-21upd. 2024-11-21

In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an improper path sanitation vulnerability exists on import of project files.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
  • Phoenixcontact Plcnext Engineer

    APP
    Phoenixcontact
    ≤ 2020-3-1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Path Traversal
CWE
References

Related vulnerabilities

CVE-2023-3935CRITICAL9.8ten sam produkt

A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an u...

CVE-2023-46142HIGH8.8ten sam produkt

A incorrect permission assignment for critical resource vulnerability in PLCnext products allows an remote att...

CVE-2023-46144MEDIUM6.5ten sam produkt

A download of code without integrity check vulnerability in PLCnext products allows an remote attacker with lo...

CVE-2025-25270CRITICAL9.8PL ✓ten sam vendor

RCE jako root w sterownikach ładowania Phoenix Contact CHARX SEC-3x00

CVE-2024-25995CRITICAL9.8PL ✓ten sam vendor

RCE i eskalacja uprawnień w Phoenix Contact CHARX SEC — brak walidacji danych wejściowych