On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an authenticated low privileged user could embed malicious Javascript code to gain admin rights when the admin user visits the vulnerable website (local privilege escalation).
Advisories
Source ID Title
EUVD EUVD EUVD-2020-4819 On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an authenticated low privileged user could embed malicious Javascript code to gain admin rights when the admin user visits the vulnerable website (local privilege escalation).
Fixes

Solution

Phoenix Contact recommends affected users to upgrade to the current Firmware 2021.0 LTS or higher which fixes these vulnerabilities.


Workaround

Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published:

Updated: 2024-09-16T22:10:20.898Z

Reserved: 2020-04-30T00:00:00

Link: CVE-2020-12517

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-12-17T23:15:12.873

Modified: 2024-11-21T04:59:51.010

Link: CVE-2020-12517

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.