VDE-2021-002

Vulnerability from csaf_weidmuellerinterfacegmbhcokg - Published: 2021-01-20 13:32 - Updated: 2025-05-14 12:28
Summary
Weidmueller: WI Manager affected by fdtContainer vulnerability
Notes
Summary: A vulnerability has been discovered in the fdtCONTAINER component and application by M&M Software GmbH. As this software is part of the Weidmüller FDT/DTM Software with WI Manager, this Weidmueller software is affected by the above vulnerability as well. The fdtCONTAINER component exchanges binary data blobs with the WI Manager. The WI Manager saves these binary data blobs into a project file. If an attacker gets write access to the project file, the project file can be manipulated to contain malicious code.
Impact: If a manipulated project file is loaded by the WI Manager, malicious code can get executed with the user rights of the WI Manager without notice. For more information please refer to: VDE-2020-048: M&M Software (WAGO): Deserialisation of untrusted data in fdtContainer
Mitigation: - Exchange project data only via secure exchange services - Use appropriate means to protect the project storage from unauthorized manipulation - Do not open project data from an unknown source - Reduce the user rights of the WI Manager to the necessary minimum
CVE-2020-12525

499ES EtherNet/IP (ENIP) Adaptor Source Code is vulnerable to a stack-based buffer overflow, which may allow an attacker to send a specially crafted packet that may result in a denial-of-service condition or code execution.

7.3 (High)
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CWE-502 - Deserialization of Untrusted Data
Mitigation - Exchange project data only via secure exchange services - Use appropriate means to protect the project storage from unauthorized manipulation - Do not open project data from an unknown source - Reduce the user rights of the WI Manager to the necessary minimum
References
Acknowledgments
CERT@VDE certvde.com
M&M Software GmbH
To clipboard 

{
  "document": {
    "acknowledgments": [
      {
        "organization": "CERT@VDE",
        "summary": "coordination",
        "urls": [
          "https://certvde.com"
        ]
      },
      {
        "organization": "M\u0026M Software GmbH",
        "summary": "reporting this vulnerability"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "summary",
        "text": "A vulnerability has been discovered in the fdtCONTAINER component and application by M\u0026M Software GmbH.\nAs this software is part of the Weidm\u00fcller FDT/DTM Software with WI Manager, this Weidmueller software is affected by the above vulnerability as well.\n\nThe fdtCONTAINER component exchanges binary data blobs with the WI Manager. The WI Manager saves these binary data blobs into a project file.\n\nIf an attacker gets write access to the project file, the project file can be manipulated to contain malicious code.",
        "title": "Summary"
      },
      {
        "category": "description",
        "text": "If a manipulated project file is loaded by the WI Manager, malicious code can get executed with the user rights of the WI Manager without notice.\n\nFor more information please refer to:\n\nVDE-2020-048: M\u0026M Software (WAGO): Deserialisation of untrusted data in fdtContainer",
        "title": "Impact"
      },
      {
        "category": "description",
        "text": "- Exchange project data only via secure exchange services\n- Use appropriate means to protect the project storage from unauthorized manipulation\n- Do not open project data from an unknown source\n- Reduce the user rights of the WI Manager to the necessary minimum",
        "title": "Mitigation"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@weidmueller.com",
      "name": "Weidmueller Interface GmbH \u0026 Co. KG",
      "namespace": "https://www.weidmueller.com"
    },
    "references": [
      {
        "category": "external",
        "summary": "Weidmueller advisory overview at CERT@VDE",
        "url": "https://certvde.com/de/advisories/vendor/weidmueller/"
      },
      {
        "category": "self",
        "summary": "VDE-2021-002: Weidmueller: WI Manager affected by fdtContainer vulnerability - HTML",
        "url": "https://certvde.com/en/advisories/VDE-2021-002"
      },
      {
        "category": "self",
        "summary": "VDE-2021-002: Weidmueller: WI Manager affected by fdtContainer vulnerability - CSAF",
        "url": "https://weidmueller.csaf-tp.certvde.com/.well-known/csaf/white/2021/vde-2021-002.json"
      }
    ],
    "title": "Weidmueller: WI Manager affected by fdtContainer vulnerability",
    "tracking": {
      "aliases": [
        "VDE-2021-002"
      ],
      "current_release_date": "2025-05-14T12:28:19.000Z",
      "generator": {
        "date": "2024-12-09T10:12:19.583Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.16"
        }
      },
      "id": "VDE-2021-002",
      "initial_release_date": "2021-01-20T13:32:00.000Z",
      "revision_history": [
        {
          "date": "2021-01-20T13:32:00.000Z",
          "number": "1",
          "summary": "Initial revision."
        },
        {
          "date": "2025-05-14T12:28:19.000Z",
          "number": "2",
          "summary": "Fix: version space, added distribution"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "\u003c=2.5.1",
                    "product": {
                      "name": "WI Manager \u003c=2.5.1",
                      "product_id": "CSAFPID-51001"
                    }
                  }
                ],
                "category": "product_name",
                "name": "WI Manager"
              }
            ],
            "category": "product_family",
            "name": "Software"
          }
        ],
        "category": "vendor",
        "name": "Weidmueller"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-12525",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "notes": [
        {
          "category": "description",
          "text": "499ES EtherNet/IP (ENIP) Adaptor Source Code is vulnerable to a stack-based buffer overflow, which may allow an attacker to send a specially crafted packet that may result in a denial-of-service condition or code execution.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-51001"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "- Exchange project data only via secure exchange services\n- Use appropriate means to protect the project storage from unauthorized manipulation\n- Do not open project data from an unknown source\n- Reduce the user rights of the WI Manager to the necessary minimum",
          "product_ids": [
            "CSAFPID-51001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 7.3,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "temporalScore": 7.3,
            "temporalSeverity": "HIGH",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-51001"
          ]
        }
      ],
      "title": "CVE-2020-12525"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.