Vulnerability Description
On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an attacker can use the knowledge gained by reading the insufficiently protected sensitive information to plan further attacks.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Phoenixcontact | Plcnext Firmware | < 2021.0 |
| Phoenixcontact | Axc F 1152 | - |
| Phoenixcontact | Axc F 2152 | - |
| Phoenixcontact | Axc F 3152 | - |
| Phoenixcontact | Rfc 4072S | - |
| Phoenixcontact | Axc F 2152 Starterkit | - |
| Phoenixcontact | Plcnext Technology Starterkit | - |
Related Weaknesses (CWE)
References
- https://cert.vde.com/en-us/advisories/vde-2020-049Third Party Advisory
- https://cert.vde.com/en-us/advisories/vde-2020-049Third Party Advisory
FAQ
What is CVE-2020-12518?
CVE-2020-12518 is a vulnerability with a CVSS score of 5.5 (MEDIUM). On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an attacker can use the knowledge gained by reading the insufficiently protected sensitive information to plan further attacks.
How severe is CVE-2020-12518?
CVE-2020-12518 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-12518?
Check the references section above for vendor advisories and patch information. Affected products include: Phoenixcontact Plcnext Firmware, Phoenixcontact Axc F 1152, Phoenixcontact Axc F 2152, Phoenixcontact Axc F 3152, Phoenixcontact Rfc 4072S.