CVE-2020-12517

On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an authenticated low privileged user could embed malicious Javascript code to gain admin rights when the admin user visits the vulnerable website (local privilege escalation).
References
Link Resource
https://cert.vde.com/en-us/advisories/vde-2020-049 Third Party Advisory
Configurations

Configuration 1


Information

Published : 2020-12-17 11:15

Updated : 2020-12-21 05:07


NVD link : CVE-2020-12517

Mitre link : CVE-2020-12517

CWE