CVE-2020-12525

HIGH

M&M Software fdtCONTAINER <3.5.20304.x, 3.6-3.6.20304.x - Deseriali...

Title source: llm
STIX 2.1

Description

M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage.

References (2)

Core 2
Core References
Not Applicable, Third Party Advisory x_refsource_confirm
https://cert.vde.com/en-us/advisories/vde-2020-038
Third Party Advisory, US Government Resource x_refsource_misc
https://us-cert.cisa.gov/ics/advisories/icsa-21-021-05

Scores

CVSS v3 7.3
EPSS 0.0134
EPSS Percentile 67.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-502
Status published
Products (7)
emerson/rosemount_transmitter_interface_software
pepperl-fuchs/io-link_master_firmware < 1.5.48
pepperl-fuchs/pactware 5.0 - 5.0.5.31
wago/dtminspector_3
wago/fdtcontainer_application < 4.5
wago/fdtcontainer_component < 3.5
weidmueller/wi_manager < 2.5.1
Published Jan 22, 2021
Tracked Since Feb 18, 2026