Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2020-12525
PUBLISHED
More InfoOfficial Page
Assigner-CERTVDE
Assigner Org ID-270ccfa6-a436-4e77-922e-914ec3a9685c
View Known Exploited Vulnerability (KEV) details
Published At-22 Jan, 2021 | 19:01
Updated At-16 Sep, 2024 | 23:11
Rejected At-
▼CVE Numbering Authority (CNA)
WAGO/M&M Software Deserialization of untrusted data in fdtCONTAINER component

M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage.

Affected Products
Vendor
M&M Software
Product
fdtCONTAINER Component
Versions
Affected
  • From unspecified before 3.5 (custom)
  • From 3.5 before 3.5.20304.x (custom)
  • From 3.6 before 3.6.20304.x (custom)
Vendor
M&M Software
Product
fdtCONTAINER Application
Versions
Affected
  • From unspecified before 4.5 (custom)
  • From 4.5 before 4.5.20304.x (custom)
  • From 4.6 before 4.6.20304.x (custom)
Vendor
M&M Software
Product
dtmlINSPECTOR
Versions
Affected
  • 3
Vendor
Pepperl+Fuchs/PACTware
Product
PACTware
Versions
Affected
  • From unspecified through 5.0.5.31 (custom)
Vendor
Weidmüller
Product
WI Manager
Versions
Affected
  • From unspecified through 2.5.1 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-502CWE-502 Deserialization of Untrusted Data
Type: CWE
CWE ID: CWE-502
Description: CWE-502 Deserialization of Untrusted Data
Metrics
VersionBase scoreBase severityVector
3.17.3HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

M&M Software provides two updated fdtCONTAINER component trees (3.6.20304.x < 3.7 and >= 3.7) see advisory https://cert.vde.com/en-us/advisories/vde-2020-048 for details.

Configurations
Workarounds
Exploits
Credits
Reported by a customer of the fdtCONTAINER component. Coordinated by CERT@VDE
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://cert.vde.com/en-us/advisories/vde-2020-038
x_refsource_CONFIRM
https://us-cert.cisa.gov/ics/advisories/icsa-21-021-05
x_refsource_MISC
Hyperlink: https://cert.vde.com/en-us/advisories/vde-2020-038
Resource:
x_refsource_CONFIRM
Hyperlink: https://us-cert.cisa.gov/ics/advisories/icsa-21-021-05
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://cert.vde.com/en-us/advisories/vde-2020-038
x_refsource_CONFIRM
x_transferred
https://us-cert.cisa.gov/ics/advisories/icsa-21-021-05
x_refsource_MISC
x_transferred
Hyperlink: https://cert.vde.com/en-us/advisories/vde-2020-038
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://us-cert.cisa.gov/ics/advisories/icsa-21-021-05
Resource:
x_refsource_MISC
x_transferred
Details not found