CVE-2020-12518

Summary

On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an attacker can use the knowledge gained by reading the insufficiently protected sensitive information to plan further attacks.

Affected Software

VendorProductVersion RangeStatus
Phoenix ContactAXC F 1152 (1151412)unspecified < 2021.0 LTSaffected
Phoenix ContactAXC F 2152 (2404267)unspecified < 2021.0 LTSaffected
Phoenix ContactAXC F 3152 (1069208)unspecified < 2021.0 LTSaffected
Phoenix ContactRFC 4072S (1051328unspecified < 2021.0 LTSaffected
Phoenix ContactAXC F 2152 Starterkit (1046568)unspecified < 2021.0 LTSaffected
Phoenix ContactPLCnext Technology Starterkit (1188165)unspecified < 2021.0 LTSaffected

Weaknesses

  • CWE-200: CWE-200 Information Exposure

Workarounds

Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note.

ADP Enrichment

CVE Program Container

Additional References

References