CVE-2020-12499

HIGH

PHOENIX CONTACT PLCnext Engineer <2020.3.1 - Path Traversal

Title source: llm
STIX 2.1

Description

In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an improper path sanitation vulnerability exists on import of project files.

References (1)

Core 1
Core References
Third Party Advisory x_refsource_misc
https://cert.vde.com/en-us/advisories/vde-2020-025

Scores

CVSS v3 8.2
EPSS 0.0040
EPSS Percentile 31.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Details

CWE
CWE-22
Status published
Products (1)
phoenixcontact/plcnext_engineer < 2020-3-1
Published Jul 21, 2020
Tracked Since Feb 18, 2026