Vulnerabilities > CVE-2020-12525 - Deserialization of Untrusted Data vulnerability in multiple products

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

NVD

Published: 2021-01-22

Updated: 2022-02-10

Summary

M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage.

Vulnerable Configurations

Part	Description	Count
Application	Wago Wago Fdtcontainer Component * Wago Dtminspector 3 - Wago Fdtcontainer Application *	3
Application	Pepperl-Fuchs Pepperl Fuchs Pactware *	1
Application	Emerson Emerson Rosemount Transmitter Interface Software -	1
Application	Weidmueller Weidmueller WI Manager *	1
OS	Pepperl-Fuchs Pepperl Fuchs IO Link Master Firmware *	1
Hardware	Pepperl-Fuchs Pepperl Fuchs IO Link Master 4 EIP - Pepperl Fuchs IO Link Master 4 Pnio - Pepperl Fuchs IO Link Master 8 EIP - Pepperl Fuchs IO Link Master 8 EIP L - Pepperl Fuchs IO Link Master 8 Pnio - Pepperl Fuchs IO Link Master 8 Pnio L - Pepperl Fuchs IO Link Master DR 8 EIP - Pepperl Fuchs IO Link Master DR 8 EIP P - Pepperl Fuchs IO Link Master DR 8 EIP T - Pepperl Fuchs IO Link Master DR 8 Pnio - Pepperl Fuchs IO Link Master DR 8 Pnio P - Pepperl Fuchs IO Link Master DR 8 Pnio T -	12

Common Weakness Enumeration (CWE)

CWE-502 - Deserialization of Untrusted Data

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References