CVE-2020-12525 — HIGH (7.3)

Q: What is CVE-2020-12525?

CVE-2020-12525 is a vulnerability with a CVSS score of 7.3 (HIGH). M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage.

Q: How severe is CVE-2020-12525?

CVE-2020-12525 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-12525?

Check the references section above for vendor advisories and patch information. Affected products include: Emerson Rosemount Transmitter Interface Software, Pepperl-Fuchs Pactware, Wago Dtminspector 3, Wago Fdtcontainer Application, Wago Fdtcontainer Component.

Vulnerability Description

M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage.

CVSS Score

7.3

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Emerson	Rosemount Transmitter Interface Software	-
Pepperl-Fuchs	Pactware	>= 5.0, <= 5.0.5.31
Wago	Dtminspector 3	-
Wago	Fdtcontainer Application	< 4.5
Wago	Fdtcontainer Component	< 3.5
Weidmueller	Wi Manager	<= 2.5.1
Pepperl-Fuchs	Io-Link Master Firmware	<= 1.5.48
Pepperl-Fuchs	Io-Link Master 4-Eip	-
Pepperl-Fuchs	Io-Link Master 4-Pnio	-
Pepperl-Fuchs	Io-Link Master 8-Eip	-
Pepperl-Fuchs	Io-Link Master 8-Eip-L	-
Pepperl-Fuchs	Io-Link Master 8-Pnio	-
Pepperl-Fuchs	Io-Link Master 8-Pnio-L	-
Pepperl-Fuchs	Io-Link Master Dr-8-Eip	-
Pepperl-Fuchs	Io-Link Master Dr-8-Eip-P	-
Pepperl-Fuchs	Io-Link Master Dr-8-Eip-T	-
Pepperl-Fuchs	Io-Link Master Dr-8-Pnio	-
Pepperl-Fuchs	Io-Link Master Dr-8-Pnio-P	-
Pepperl-Fuchs	Io-Link Master Dr-8-Pnio-T	-

Related Weaknesses (CWE)

CWE-502

References

https://cert.vde.com/en-us/advisories/vde-2020-038Not ApplicableThird Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-021-05Third Party AdvisoryUS Government Resource
https://cert.vde.com/en-us/advisories/vde-2020-038Not ApplicableThird Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-021-05Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2020-12525?

CVE-2020-12525 is a vulnerability with a CVSS score of 7.3 (HIGH). M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage.

How severe is CVE-2020-12525?

CVE-2020-12525 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-12525?

Check the references section above for vendor advisories and patch information. Affected products include: Emerson Rosemount Transmitter Interface Software, Pepperl-Fuchs Pactware, Wago Dtminspector 3, Wago Fdtcontainer Application, Wago Fdtcontainer Component.