CVE-2020-12525

EPSS 0.11%
Veröffentlicht 22.01.2021 19:15:12
Zuletzt bearbeitet 21.11.2024 04:59:52
Quelle info@cert.vde.com
Teams Watchlist Login
Unerledigt Login

M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Emerson ≫ Rosemount Transmitter Interface Software Version-

Pepperl-fuchs ≫ Pactware Version >= 5.0 <= 5.0.5.31

Wago ≫ Dtminspector 3 Version-

Wago ≫ Fdtcontainer Application Version < 4.5

Wago ≫ Fdtcontainer Application Version >= 4.5.0 <= 4.5.20304

Wago ≫ Fdtcontainer Application Version >= 4.6.0 <= 4.6.20304

Wago ≫ Fdtcontainer Component Version < 3.5

Wago ≫ Fdtcontainer Component Version >= 3.5.0 <= 3.5.20304

Wago ≫ Fdtcontainer Component Version >= 3.6.0 <= 3.6.20304

Weidmueller ≫ Wi Manager Version <= 2.5.1

Pepperl-fuchs ≫ Io-link Master Firmware Version <= 1.5.48

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.11%	0.256

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P
info@cert.vde.com	7.3	1.3	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

https://cert.vde.com/en-us/advisories/vde-2020-038

Third Party Advisory

Not Applicable

https://us-cert.cisa.gov/ics/advisories/icsa-21-021-05

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2020-12525

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-12525

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-12525

EUVD