github - ghsa-7wjc-2c4g-g553

GHSA-7WJC-2C4G-G553

Vulnerability from github – Published: 2022-05-24 17:24 – Updated: 2022-05-24 17:24

Details

In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an improper path sanitation vulnerability exists on import of project files.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-12499"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-07-21T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an improper path sanitation vulnerability exists on import of project files.",
  "id": "GHSA-7wjc-2c4g-g553",
  "modified": "2022-05-24T17:24:00Z",
  "published": "2022-05-24T17:24:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12499"
    },
    {
      "type": "WEB",
      "url": "https://cert.vde.com/en-us/advisories/vde-2020-025"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2020-12499 (GCVE-0-2020-12499)

Vulnerability from cvelistv5 – Published: 2020-07-21 15:09 – Updated: 2024-09-17 03:18

Title

PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier: Improper path sanitation vulnerability.

Summary

In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an improper path sanitation vulnerability exists on import of project files.

Severity ?

8.2 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Assigner

CERTVDE

References

URL

Tags

https://cert.vde.com/en-us/advisories/vde-2020-025

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	PHOENIX CONTACT	PLCnext Engineer	Affected: unspecified , ≤ 2020.3.1 (custom)

Credits

This vulnerability was discovered and reported by Amir Preminger of Claroty. PHOENIX CONTACT reported the vulnerability to CERT@VDE.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:56:52.067Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en-us/advisories/vde-2020-025"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "PLCnext Engineer",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThanOrEqual": "2020.3.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This vulnerability was discovered and reported by Amir Preminger of Claroty."
        },
        {
          "lang": "en",
          "value": "PHOENIX CONTACT reported the vulnerability to CERT@VDE."
        }
      ],
      "datePublic": "2020-07-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an improper path sanitation vulnerability exists on import of project files."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-21T15:09:40",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cert.vde.com/en-us/advisories/vde-2020-025"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Temporary Fix / Mitigation: We strongly recommend customers to exchange project files only using secure file exchange\nservices. Project files should not be exchanged via unencrypted email. Users should avoid\nimporting project files from unknown source and exchange or store project files together with a\nchecksum to ensure their integrity."
        },
        {
          "lang": "en",
          "value": "Remediation: Phoenix Contact strongly recommends updating to the latest version PLCnext Enineer 2020.6 or\nhigher, which fixes this vulnerability."
        }
      ],
      "source": {
        "advisory": "VDE-2020-025",
        "discovery": "UNKNOWN"
      },
      "title": "PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier: Improper path sanitation vulnerability.",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "info@cert.vde.com",
          "DATE_PUBLIC": "2020-07-21T09:44:00.000Z",
          "ID": "CVE-2020-12499",
          "STATE": "PUBLIC",
          "TITLE": "PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier: Improper path sanitation vulnerability."
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "PLCnext Engineer",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "2020.3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "PHOENIX CONTACT"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "This vulnerability was discovered and reported by Amir Preminger of Claroty."
          },
          {
            "lang": "eng",
            "value": "PHOENIX CONTACT reported the vulnerability to CERT@VDE."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an improper path sanitation vulnerability exists on import of project files."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert.vde.com/en-us/advisories/vde-2020-025",
              "refsource": "MISC",
              "url": "https://cert.vde.com/en-us/advisories/vde-2020-025"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Temporary Fix / Mitigation: We strongly recommend customers to exchange project files only using secure file exchange\nservices. Project files should not be exchanged via unencrypted email. Users should avoid\nimporting project files from unknown source and exchange or store project files together with a\nchecksum to ensure their integrity."
          },
          {
            "lang": "en",
            "value": "Remediation: Phoenix Contact strongly recommends updating to the latest version PLCnext Enineer 2020.6 or\nhigher, which fixes this vulnerability."
          }
        ],
        "source": {
          "advisory": "VDE-2020-025",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2020-12499",
    "datePublished": "2020-07-21T15:09:40.065169Z",
    "dateReserved": "2020-04-30T00:00:00",
    "dateUpdated": "2024-09-17T03:18:07.103Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

GHSA-7WJC-2C4G-G553

CVE-2020-12499 (GCVE-0-2020-12499)

Tags

Sightings

Nomenclature