CVE-2020-12525
7.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Summary
M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| M&M Software | fdtCONTAINER Component | unspecified < 3.5 | affected |
| M&M Software | fdtCONTAINER Component | 3.5 < 3.5.20304.x | affected |
| M&M Software | fdtCONTAINER Component | 3.6 < 3.6.20304.x | affected |
| M&M Software | fdtCONTAINER Application | unspecified < 4.5 | affected |
| M&M Software | fdtCONTAINER Application | 4.5 < 4.5.20304.x | affected |
| M&M Software | fdtCONTAINER Application | 4.6 < 4.6.20304.x | affected |
| M&M Software | dtmlINSPECTOR | 3 | affected |
| Pepperl+Fuchs/PACTware | PACTware | unspecified <= 5.0.5.31 | affected |
| Weidmüller | WI Manager | unspecified <= 2.5.1 | affected |
Weaknesses
- CWE-502: CWE-502 Deserialization of Untrusted Data
ADP Enrichment
CVE Program Container
Additional References
- https://cert.vde.com/en-us/advisories/vde-2020-038
- https://us-cert.cisa.gov/ics/advisories/icsa-21-021-05
References
- https://cert.vde.com/en-us/advisories/vde-2020-038
- https://us-cert.cisa.gov/ics/advisories/icsa-21-021-05
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.