CVE-2020-12519

Summary

On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an attacker can use this vulnerability i.e. to open a reverse shell with root privileges.

Affected Software

VendorProductVersion RangeStatus
Phoenix ContactAXC F 1152 (1151412)unspecified < 2021.0 LTSaffected
Phoenix ContactAXC F 2152 (2404267)unspecified < 2021.0 LTSaffected
Phoenix ContactAXC F 3152 (1069208)unspecified < 2021.0 LTSaffected
Phoenix ContactRFC 4072S (1051328unspecified < 2021.0 LTSaffected
Phoenix ContactAXC F 2152 Starterkit (1046568)unspecified < 2021.0 LTSaffected
Phoenix ContactPLCnext Technology Starterkit (1188165)unspecified < 2021.0 LTSaffected

Weaknesses

  • CWE-269: CWE-269 Improper Privilege Management

Workarounds

Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note.

ADP Enrichment

CVE Program Container

Additional References

References