CVE-2020-12517: PLCnext AXC F 2152 Improper Privilege Management

Overview Vendor: PHOENIX CONTACT Product: PLCnext AXC F 2152 Version: 2020.01 LTS Vulnerability: Improper Privilege Management Fixed Version: 2021.0 LTS Background From the vendor’s website: “PLCnext Control devices enable you to work flexibly with your preferred programming languages, whether IEC 61131-3 or high-level languages. Unlimited flexibility with the quick and...


CVE-2020-12517: PLCnext AXC F 2152 Exposure of Sensitive Information

Overview Vendor: PHOENIX CONTACT Product: PLCnext AXC F 2152 Version: 2020.01 LTS Vulnerability: Exposure of Sensitive Information Fixed Version: 2021.0 LTS Background From the vendor’s website: “PLCnext Control devices enable you to work flexibly with your preferred programming languages, whether IEC 61131-3 or high-level languages. Unlimited flexibility with the quick...


CVE-2020-12517: PLCnext AXC F 2152 Stored Cross-Site-Scripting (Authenticated)

Overview Vendor: PHOENIX CONTACT Product: PLCnext AXC F 2152 Version: 2020.01 LTS Vulnerability: Stored Cross-Site-Scripting (Authenticated) Fixed Version: 2021.0 LTS Background From the vendor’s website: “PLCnext Control devices enable you to work flexibly with your preferred programming languages, whether IEC 61131-3 or high-level languages. Unlimited flexibility with the quick and...


CVE-2019-12825: Unauthorized Access to Container Registry of other groups

Overview Vendor: GitLab Inc. Product: Gitlab Enterprise (gitlab.com) Version: 12.0.0-pre Vulnerability: Relected Cross-Site Scripting Fixed Version: 12.5 Background GitLab provides a Git-repository manager with on top services and tools like a web-based DevOps lifecycle tool, wiki, issue-tracking and CI/CD pipeline features. GitLab is using an open-source license and developed by...


CVE-2019-18664: Reflected XSS in DOMOS

Overview Vendor: SECUDOS GmbH Product: DOMOS Version: 5.5 Vulnerability: Relected Cross-Site Scripting Fixed Version: 5.6 Background DOMOS is an own and hardened operating system of SECUDOS GmbH. The operating system is used as a platform by several applications. It also offers a web interface for the administration of operating system...