CVE-2020-12517: PLCnext AXC F 2152 Exposure of Sensitive Information

Patrick Münch
, in 18 December 2020

Overview

Background

From the vendor’s website: “PLCnext Control devices enable you to work flexibly with your preferred programming languages, whether IEC 61131-3 or high-level languages. Unlimited flexibility with the quick and easy integration of open-source software and apps, current and future communication standards, and intelligent networking through connection to the cloud afford maximum freedom for your transition into the digital age.”

About the Vendor

PHOENIX CONTACT immediately took care of the vulnerability and provided appropriate firmware very promptly. This is how we imagine vendors should deal with vulnerabilities.

Thank you at PHOENIX CONTACT!!!

Issue Description

While analyzing the the Linux operating system of PLCnext it is possible to read sensitive information. Some files are readable by all users and an attacker can extract passwords and keys.

CVE

CVE-2020-12518

VDE CERT

NVD

CVSSv3.1 Base Score

CVSS Base Score: 5.5

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Credit

Patrick Muench of SVA System Vertrieb Alexander GmbH

Torsten Loebner of SVA System Vertrieb Alexander GmbH

Pascal Keul of SVA System Vertrieb Alexander GmbH

Maurice Rothe of SVA System Vertrieb Alexander GmbH

Daniel Hackel ofSVA System Vertrieb Alexander GmbH

Disclaimer

The information provided is released “as is” without warranty of any kind. The publisher disclaims all warranties, either express or implied, including all warranties of merchantability. No responsibility is taken for the correctness of this information. In no event shall the publisher be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if the publisher has been advised of the possibility of such damages.

The contents of this advisory are copyright (c) 2020 SVA System Vertrieb Alexander GmbH and may be distributed freely provided that no fee is charged for this distribution and proper credit is given.