CVE-2020-12499

Summary

In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an improper path sanitation vulnerability exists on import of project files.

Affected Software

VendorProductVersion RangeStatus
PHOENIX CONTACTPLCnext Engineerunspecified <= 2020.3.1affected

Weaknesses

  • CWE-22: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

ADP Enrichment

CVE Program Container

Additional References

References