HIGH🇵🇱 Wersja polska

CVE-2020-12517

CVSS 8.8v3.1pub. 2020-12-17upd. 2024-11-21

On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an authenticated low privileged user could embed malicious Javascript code to gain admin rights when the admin user visits the vulnerable website (local privilege escalation).

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Phoenixcontact Axc F 1152

    HW
    Phoenixcontact
    wszystkie wersje
  • Phoenixcontact Axc F 2152

    HW
    Phoenixcontact
    wszystkie wersje
  • Phoenixcontact Axc F 2152 Starterkit

    HW
    Phoenixcontact
    wszystkie wersje
  • Phoenixcontact Axc F 3152

    HW
    Phoenixcontact
    wszystkie wersje
  • Phoenixcontact Plcnext Firmware

    OS
    Phoenixcontact
    < 2021.0
  • Phoenixcontact Plcnext Technology Starterkit

    HW
    Phoenixcontact
    wszystkie wersje
  • Phoenixcontact Rfc 4072s

    HW
    Phoenixcontact
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
LPEXSS
CWE
References

Related vulnerabilities

CVE-2023-46142HIGH8.8ten sam produkt

A incorrect permission assignment for critical resource vulnerability in PLCnext products allows an remote att...

CVE-2021-34570HIGH7.5ten sam produkt

Multiple Phoenix Contact PLCnext control devices in versions prior to 2021.0.5 LTS are prone to a DoS attack t...

CVE-2020-12519HIGH8.8ten sam produkt

On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an attacker can use this vulnerability i...

CVE-2023-46144MEDIUM6.5ten sam produkt

A download of code without integrity check vulnerability in PLCnext products allows an remote attacker with lo...

CVE-2020-12521MEDIUM6.5ten sam produkt

On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS a specially crafted LLDP packet may lead...