CVE-2020-12525 – WAGO/M&M Software Deserialization of untrusted data in fdtCONTAINER component
https://notcve.org/view.php?id=CVE-2020-12525
M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage. El componente fdtCONTAINER de M&M Software en versiones por debajo de 3.5.20304.x y entre 3.6 y 3.6.20304.x, es vulnerable a una deserialización de datos que no son de confianza en el almacenamiento de su proyecto • https://cert.vde.com/en-us/advisories/vde-2020-038 https://us-cert.cisa.gov/ics/advisories/icsa-21-021-05 • CWE-502: Deserialization of Untrusted Data •
CVE-2020-12511 – Pepper+Fuchs Comtrol IO-Link Master Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2020-12511
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web interface. Pepperl + Fuchs Comtrol IO-Link Master en la versión 1.5.48 y anteriores, es propenso a una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en la interfaz web Pepperl+Fuchs IO-Link Master Series with system version 1.36 and application version 1.5.28 suffers from command injection, cross site request forgery, cross site scripting, denial of service, and null pointer vulnerabilities. • https://cert.vde.com/en-us/advisories/vde-2020-038 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2020-12513 – Pepper+Fuchs Comtrol IO-Link Master OS Command Injection
https://notcve.org/view.php?id=CVE-2020-12513
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection. Pepperl + Fuchs Comtrol IO-Link Master en la versión 1.5.48 y anteriores, es propenso a una inyección de comandos de Sistema Operativo ciega autenticada Pepperl+Fuchs IO-Link Master Series with system version 1.36 and application version 1.5.28 suffers from command injection, cross site request forgery, cross site scripting, denial of service, and null pointer vulnerabilities. • https://cert.vde.com/en-us/advisories/vde-2020-038 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2020-12514 – Pepper+Fuchs Comtrol IO-Link Master NULL Pointer Dereference
https://notcve.org/view.php?id=CVE-2020-12514
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd Pepperl + Fuchs Comtrol IO-Link Master en la versión 1.5.48 y anteriores, es propenso a una desreferencia del puntero NULL que conduce a una DoS en discoveryd Pepperl+Fuchs IO-Link Master Series with system version 1.36 and application version 1.5.28 suffers from command injection, cross site request forgery, cross site scripting, denial of service, and null pointer vulnerabilities. • https://cert.vde.com/en-us/advisories/vde-2020-038 • CWE-476: NULL Pointer Dereference •
CVE-2020-12512 – Pepper+Fuchs Comtrol IO-Link Master Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-12512
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting Pepperl + Fuchs Comtrol IO-Link Master en la versión 1.5.48 y anteriores, es propenso a un ataque de tipo Cross-Site Scripting reflejado autenticado de una POST Pepperl+Fuchs IO-Link Master Series with system version 1.36 and application version 1.5.28 suffers from command injection, cross site request forgery, cross site scripting, denial of service, and null pointer vulnerabilities. • https://cert.vde.com/en-us/advisories/vde-2020-038 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •