U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Vulnerability Change Records for CVE-2020-12525

Change History

Initial Analysis 2/09/2021 10:39:11 AM

Action Type Old Value New Value
Added CPE Configuration

								
							
							
						
AND
     OR
          *cpe:2.3:o:pepperl-fuchs:io-link_master_firmware:*:*:*:*:*:*:*:* versions up to (including) 1.5.48
     OR
          cpe:2.3:h:pepperl-fuchs:io-link_master_4-eip:-:*:*:*:*:*:*:*
          cpe:2.3:h:pepperl-fuchs:io-link_master_4-pnio:-:*:*:*:*:*:*:*
          cpe:2.3:h:pepperl-fuchs:io-link_master_8-eip:-:*:*:*:*:*:*:*
          cpe:2.3:h:pepperl-fuchs:io-link_master_8-eip-l:-:*:*:*:*:*:*:*
          cpe:2.3:h:pepperl-fuchs:io-link_master_8-pnio:-:*:*:*:*:*:*:*
          cpe:2.3:h:pepperl-fuchs:io-link_master_8-pnio-l:-:*:*:*:*:*:*:*
          cpe:2.3:h:pepperl-fuchs:io-link_master_dr-8-eip:-:*:*:*:*:*:*:*
          cpe:2.3:h:pepperl-fuchs:io-link_master_dr-8-eip-p:-:*:*:*:*:*:*:*
          cpe:2.3:h:pepperl-fuchs:io-link_master_dr-8-eip-t:-:*:*:*:*:*:*:*
          cpe:2.3:h:pepperl-fuchs:io-link_master_dr-8-pnio:-:*:*:*:*:*:*:*
          cpe:2.3:h:pepperl-fuchs:io-link_master_dr-8-pnio-p:-:*:*:*:*:*:*:*
          cpe:2.3:h:pepperl-fuchs:io-link_master_dr-8-pnio-t:-:*:*:*:*:*:*:*
Added CPE Configuration

								
							
							
						
OR
     *cpe:2.3:a:emerson:rosemount_transmitter_interface_software:-:*:*:*:*:*:*:*
     *cpe:2.3:a:pepperl-fuchs:pactware:*:*:*:*:*:*:*:* versions from (including) 5.0 up to (including) 5.0.5.31
     *cpe:2.3:a:wago:dtminspector_3:-:*:*:*:*:*:*:*
     *cpe:2.3:a:wago:fdtcontainer_application:*:*:*:*:*:*:*:* versions up to (excluding) 4.5
     *cpe:2.3:a:wago:fdtcontainer_application:*:*:*:*:*:*:*:* versions from (including) 4.5.0 up to (including) 4.5.20304
     *cpe:2.3:a:wago:fdtcontainer_application:*:*:*:*:*:*:*:* versions from (including) 4.6.0 up to (including) 4.6.20304
     *cpe:2.3:a:wago:fdtcontainer_component:*:*:*:*:*:*:*:* versions up to (excluding) 3.5
     *cpe:2.3:a:wago:fdtcontainer_component:*:*:*:*:*:*:*:* versions from (including) 3.5.0 up to (including) 3.5.20304
     *cpe:2.3:a:wago:fdtcontainer_component:*:*:*:*:*:*:*:* versions from (including) 3.6.0 up to (including) 3.6.20304
     *cpe:2.3:a:weidmuller:wi_manager:*:*:*:*:*:*:*:* versions up to (including) 2.5.1
Added CVSS V2

								
							
							
						
NIST (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Added CVSS V2 Metadata

								
							
							
						
Victim must voluntarily interact with attack mechanism
Added CVSS V3.1

								
							
							
						
NIST AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Added CWE

								
							
							
						
NIST CWE-502
Changed Reference Type
https://cert.vde.com/en-us/advisories/vde-2020-038 No Types Assigned
https://cert.vde.com/en-us/advisories/vde-2020-038 Not Applicable, Third Party Advisory
Changed Reference Type
https://us-cert.cisa.gov/ics/advisories/icsa-21-021-05 No Types Assigned
https://us-cert.cisa.gov/ics/advisories/icsa-21-021-05 Third Party Advisory