CVE-2020-12518

On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an attacker can use the knowledge gained by reading the insufficiently protected sensitive information to plan further attacks.

CVSS v3.0 5.5 MEDIUM
CVSS v2.0 5.0 MEDIUM

5.5^/10

CVSS v3.0 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://cert.vde.com/en-us/advisories/vde-2020-049	Third Party Advisory

Advertisement

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:phoenixcontact:plcnext_firmware:*:*:*:*:long_term_support:*:*:*

cpe:2.3:h:phoenixcontact:axc_f_1152:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:phoenixcontact:plcnext_firmware:*:*:*:*:long_term_support:*:*:*

cpe:2.3:h:phoenixcontact:axc_f_2152:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:phoenixcontact:plcnext_firmware:*:*:*:*:long_term_support:*:*:*

cpe:2.3:h:phoenixcontact:axc_f_3152:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:phoenixcontact:plcnext_firmware:*:*:*:*:long_term_support:*:*:*

cpe:2.3:h:phoenixcontact:rfc_4072s:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:phoenixcontact:plcnext_firmware:*:*:*:*:long_term_support:*:*:*

cpe:2.3:h:phoenixcontact:axc_f_2152_starterkit:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:phoenixcontact:plcnext_firmware:*:*:*:*:long_term_support:*:*:*

cpe:2.3:h:phoenixcontact:plcnext_technology_starterkit:-:*:*:*:*:*:*:*

Information

Published : 2020-12-17 15:15

Updated : 2020-12-21 10:30

NVD link : CVE-2020-12518

Mitre link : CVE-2020-12518

JSON object : View

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

Advertisement

Products Affected

phoenixcontact

axc_f_3152
rfc_4072s
axc_f_1152
axc_f_2152
axc_f_2152_starterkit
plcnext_firmware
plcnext_technology_starterkit

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://cert.vde.com/en-us/advisories/vde-2020-049", "name": "https://cert.vde.com/en-us/advisories/vde-2020-049", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an attacker can use the knowledge gained by reading the insufficiently protected sensitive information to plan further attacks."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-200"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2020-12518", "ASSIGNER": "info@cert.vde.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "acInsufInfo": false, "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}}, "publishedDate": "2020-12-17T23:15Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:phoenixcontact:plcnext_firmware:*:*:*:*:long_term_support:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2021.0"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:phoenixcontact:axc_f_1152:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:phoenixcontact:plcnext_firmware:*:*:*:*:long_term_support:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2021.0"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:phoenixcontact:axc_f_2152:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:phoenixcontact:plcnext_firmware:*:*:*:*:long_term_support:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2021.0"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:phoenixcontact:axc_f_3152:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:phoenixcontact:plcnext_firmware:*:*:*:*:long_term_support:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2021.0"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:phoenixcontact:rfc_4072s:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:phoenixcontact:plcnext_firmware:*:*:*:*:long_term_support:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2021.0"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:phoenixcontact:axc_f_2152_starterkit:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:phoenixcontact:plcnext_firmware:*:*:*:*:long_term_support:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2021.0"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:phoenixcontact:plcnext_technology_starterkit:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2020-12-21T18:30Z"}