CVE-2020-12525 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.3 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CERTVDE	CNA	7.3 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 28%

Affected Products (NVD)

Vendor	Product	Version
emerson	rosemount_transmitter_interface_software	-
pepperl-fuchs	pactware	5.0 ≤ 𝑥 ≤ 5.0.5.31
wago	dtminspector_3	-
wago	fdtcontainer_application	𝑥 < 4.5
wago	fdtcontainer_application	4.5.0 ≤ 𝑥 ≤ 4.5.20304
wago	fdtcontainer_application	4.6.0 ≤ 𝑥 ≤ 4.6.20304
wago	fdtcontainer_component	𝑥 < 3.5
wago	fdtcontainer_component	3.5.0 ≤ 𝑥 ≤ 3.5.20304
wago	fdtcontainer_component	3.6.0 ≤ 𝑥 ≤ 3.6.20304
weidmueller	wi_manager	𝑥 ≤ 2.5.1
pepperl-fuchs	io-link_master_firmware	𝑥 ≤ 1.5.48

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-502 - Deserialization of Untrusted Data
The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References

https://cert.vde.com/en-us/advisories/vde-2020-038

https://us-cert.cisa.gov/ics/advisories/icsa-21-021-05

https://cert.vde.com/en-us/advisories/vde-2020-038

https://us-cert.cisa.gov/ics/advisories/icsa-21-021-05