CVE-2020-12525
WAGO/M&M Software Deserialization of untrusted data in fdtCONTAINER component
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage.
El componente fdtCONTAINER de M&M Software en versiones por debajo de 3.5.20304.x y entre 3.6 y 3.6.20304.x, es vulnerable a una deserialización de datos que no son de confianza en el almacenamiento de su proyecto
*Credits:
Reported by a customer of the fdtCONTAINER component. Coordinated by CERT@VDE
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-04-30 CVE Reserved
- 2021-01-22 CVE Published
- 2023-10-08 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-502: Deserialization of Untrusted Data
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://cert.vde.com/en-us/advisories/vde-2020-038 | Not Applicable | |
https://us-cert.cisa.gov/ics/advisories/icsa-21-021-05 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Pepperl-fuchs Search vendor "Pepperl-fuchs" | Io-link Master Firmware Search vendor "Pepperl-fuchs" for product "Io-link Master Firmware" | <= 1.5.48 Search vendor "Pepperl-fuchs" for product "Io-link Master Firmware" and version " <= 1.5.48" | - |
Affected
| in | Pepperl-fuchs Search vendor "Pepperl-fuchs" | Io-link Master 4-eip Search vendor "Pepperl-fuchs" for product "Io-link Master 4-eip" | - | - |
Safe
|
Pepperl-fuchs Search vendor "Pepperl-fuchs" | Io-link Master Firmware Search vendor "Pepperl-fuchs" for product "Io-link Master Firmware" | <= 1.5.48 Search vendor "Pepperl-fuchs" for product "Io-link Master Firmware" and version " <= 1.5.48" | - |
Affected
| in | Pepperl-fuchs Search vendor "Pepperl-fuchs" | Io-link Master 4-pnio Search vendor "Pepperl-fuchs" for product "Io-link Master 4-pnio" | - | - |
Safe
|
Pepperl-fuchs Search vendor "Pepperl-fuchs" | Io-link Master Firmware Search vendor "Pepperl-fuchs" for product "Io-link Master Firmware" | <= 1.5.48 Search vendor "Pepperl-fuchs" for product "Io-link Master Firmware" and version " <= 1.5.48" | - |
Affected
| in | Pepperl-fuchs Search vendor "Pepperl-fuchs" | Io-link Master 8-eip Search vendor "Pepperl-fuchs" for product "Io-link Master 8-eip" | - | - |
Safe
|
Pepperl-fuchs Search vendor "Pepperl-fuchs" | Io-link Master Firmware Search vendor "Pepperl-fuchs" for product "Io-link Master Firmware" | <= 1.5.48 Search vendor "Pepperl-fuchs" for product "Io-link Master Firmware" and version " <= 1.5.48" | - |
Affected
| in | Pepperl-fuchs Search vendor "Pepperl-fuchs" | Io-link Master 8-eip-l Search vendor "Pepperl-fuchs" for product "Io-link Master 8-eip-l" | - | - |
Safe
|
Pepperl-fuchs Search vendor "Pepperl-fuchs" | Io-link Master Firmware Search vendor "Pepperl-fuchs" for product "Io-link Master Firmware" | <= 1.5.48 Search vendor "Pepperl-fuchs" for product "Io-link Master Firmware" and version " <= 1.5.48" | - |
Affected
| in | Pepperl-fuchs Search vendor "Pepperl-fuchs" | Io-link Master 8-pnio Search vendor "Pepperl-fuchs" for product "Io-link Master 8-pnio" | - | - |
Safe
|
Pepperl-fuchs Search vendor "Pepperl-fuchs" | Io-link Master Firmware Search vendor "Pepperl-fuchs" for product "Io-link Master Firmware" | <= 1.5.48 Search vendor "Pepperl-fuchs" for product "Io-link Master Firmware" and version " <= 1.5.48" | - |
Affected
| in | Pepperl-fuchs Search vendor "Pepperl-fuchs" | Io-link Master 8-pnio-l Search vendor "Pepperl-fuchs" for product "Io-link Master 8-pnio-l" | - | - |
Safe
|
Pepperl-fuchs Search vendor "Pepperl-fuchs" | Io-link Master Firmware Search vendor "Pepperl-fuchs" for product "Io-link Master Firmware" | <= 1.5.48 Search vendor "Pepperl-fuchs" for product "Io-link Master Firmware" and version " <= 1.5.48" | - |
Affected
| in | Pepperl-fuchs Search vendor "Pepperl-fuchs" | Io-link Master Dr-8-eip Search vendor "Pepperl-fuchs" for product "Io-link Master Dr-8-eip" | - | - |
Safe
|
Pepperl-fuchs Search vendor "Pepperl-fuchs" | Io-link Master Firmware Search vendor "Pepperl-fuchs" for product "Io-link Master Firmware" | <= 1.5.48 Search vendor "Pepperl-fuchs" for product "Io-link Master Firmware" and version " <= 1.5.48" | - |
Affected
| in | Pepperl-fuchs Search vendor "Pepperl-fuchs" | Io-link Master Dr-8-eip-p Search vendor "Pepperl-fuchs" for product "Io-link Master Dr-8-eip-p" | - | - |
Safe
|
Pepperl-fuchs Search vendor "Pepperl-fuchs" | Io-link Master Firmware Search vendor "Pepperl-fuchs" for product "Io-link Master Firmware" | <= 1.5.48 Search vendor "Pepperl-fuchs" for product "Io-link Master Firmware" and version " <= 1.5.48" | - |
Affected
| in | Pepperl-fuchs Search vendor "Pepperl-fuchs" | Io-link Master Dr-8-eip-t Search vendor "Pepperl-fuchs" for product "Io-link Master Dr-8-eip-t" | - | - |
Safe
|
Pepperl-fuchs Search vendor "Pepperl-fuchs" | Io-link Master Firmware Search vendor "Pepperl-fuchs" for product "Io-link Master Firmware" | <= 1.5.48 Search vendor "Pepperl-fuchs" for product "Io-link Master Firmware" and version " <= 1.5.48" | - |
Affected
| in | Pepperl-fuchs Search vendor "Pepperl-fuchs" | Io-link Master Dr-8-pnio Search vendor "Pepperl-fuchs" for product "Io-link Master Dr-8-pnio" | - | - |
Safe
|
Pepperl-fuchs Search vendor "Pepperl-fuchs" | Io-link Master Firmware Search vendor "Pepperl-fuchs" for product "Io-link Master Firmware" | <= 1.5.48 Search vendor "Pepperl-fuchs" for product "Io-link Master Firmware" and version " <= 1.5.48" | - |
Affected
| in | Pepperl-fuchs Search vendor "Pepperl-fuchs" | Io-link Master Dr-8-pnio-p Search vendor "Pepperl-fuchs" for product "Io-link Master Dr-8-pnio-p" | - | - |
Safe
|
Pepperl-fuchs Search vendor "Pepperl-fuchs" | Io-link Master Firmware Search vendor "Pepperl-fuchs" for product "Io-link Master Firmware" | <= 1.5.48 Search vendor "Pepperl-fuchs" for product "Io-link Master Firmware" and version " <= 1.5.48" | - |
Affected
| in | Pepperl-fuchs Search vendor "Pepperl-fuchs" | Io-link Master Dr-8-pnio-t Search vendor "Pepperl-fuchs" for product "Io-link Master Dr-8-pnio-t" | - | - |
Safe
|
Emerson Search vendor "Emerson" | Rosemount Transmitter Interface Software Search vendor "Emerson" for product "Rosemount Transmitter Interface Software" | - | - |
Affected
| ||||||
Pepperl-fuchs Search vendor "Pepperl-fuchs" | Pactware Search vendor "Pepperl-fuchs" for product "Pactware" | >= 5.0 <= 5.0.5.31 Search vendor "Pepperl-fuchs" for product "Pactware" and version " >= 5.0 <= 5.0.5.31" | - |
Affected
| ||||||
Wago Search vendor "Wago" | Dtminspector 3 Search vendor "Wago" for product "Dtminspector 3" | - | - |
Affected
| ||||||
Wago Search vendor "Wago" | Fdtcontainer Application Search vendor "Wago" for product "Fdtcontainer Application" | < 4.5 Search vendor "Wago" for product "Fdtcontainer Application" and version " < 4.5" | - |
Affected
| ||||||
Wago Search vendor "Wago" | Fdtcontainer Application Search vendor "Wago" for product "Fdtcontainer Application" | >= 4.5.0 <= 4.5.20304 Search vendor "Wago" for product "Fdtcontainer Application" and version " >= 4.5.0 <= 4.5.20304" | - |
Affected
| ||||||
Wago Search vendor "Wago" | Fdtcontainer Application Search vendor "Wago" for product "Fdtcontainer Application" | >= 4.6.0 <= 4.6.20304 Search vendor "Wago" for product "Fdtcontainer Application" and version " >= 4.6.0 <= 4.6.20304" | - |
Affected
| ||||||
Wago Search vendor "Wago" | Fdtcontainer Component Search vendor "Wago" for product "Fdtcontainer Component" | < 3.5 Search vendor "Wago" for product "Fdtcontainer Component" and version " < 3.5" | - |
Affected
| ||||||
Wago Search vendor "Wago" | Fdtcontainer Component Search vendor "Wago" for product "Fdtcontainer Component" | >= 3.5.0 <= 3.5.20304 Search vendor "Wago" for product "Fdtcontainer Component" and version " >= 3.5.0 <= 3.5.20304" | - |
Affected
| ||||||
Wago Search vendor "Wago" | Fdtcontainer Component Search vendor "Wago" for product "Fdtcontainer Component" | >= 3.6.0 <= 3.6.20304 Search vendor "Wago" for product "Fdtcontainer Component" and version " >= 3.6.0 <= 3.6.20304" | - |
Affected
| ||||||
Weidmueller Search vendor "Weidmueller" | Wi Manager Search vendor "Weidmueller" for product "Wi Manager" | <= 2.5.1 Search vendor "Weidmueller" for product "Wi Manager" and version " <= 2.5.1" | - |
Affected
|