On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an authenticated low privileged user could embed malicious Javascript code to gain admin rights when the admin user visits the vulnerable website (local privilege escalation).
View Full Alert
Related Posts
CVE-2020-12496Endress+Hauser Ecograph T (Neutral/Private Label) (RSG35, ORSG35) and Memograph M (Neutral/Private Label) (RSG45, ORSG45) with Firmware version V2.0.0 and above is prone to exposure of sensitive information to an unauthorized…
CVE-2020-10936Sympa before 6.2.56 allows privilege escalation. View Full Alert
CVE-2020-10945Centreon before 19.10.7 exposes Session IDs in server responses. View Full Alert
