CVE-2020-12525

HIGH

M&M Software fdtCONTAINER <3.5.20304.x, 3.6-3.6.20304.x - Deseriali...

Title source: llm

Description

M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage.

References (2)

[Not Applicable, Third Party Advisory] https://cert.vde.com/en-us/advisories/vde-2020-038

[Third Party Advisory, US Government Resource] https://us-cert.cisa.gov/ics/advisories/icsa-21-021-05

Scores

CVSS v3 7.3

EPSS 0.0011

EPSS Percentile 28.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-502

Status published

Affected Products (7)

emerson/rosemount_transmitter_interface_software

pepperl-fuchs/pactware < 5.0.5.31

wago/dtminspector_3

wago/fdtcontainer_application < 4.5

wago/fdtcontainer_component < 3.5

weidmueller/wi_manager < 2.5.1

pepperl-fuchs/io-link_master_firmware < 1.5.48

Timeline

Published Jan 22, 2021

Tracked Since Feb 18, 2026