From 90e8472b91fd110149af06c12f0b2ca032f0c5eb Mon Sep 17 00:00:00 2001
From: Jochen Becker <jochen@cert.vde.com>
Date: Tue, 21 Jul 2020 11:53:04 +0200
Subject: [PATCH 1/2] add cve-2020-12499

---
 2020/12xxx/CVE-2020-12499.json | 97 +++++++++++++++++++++++++++++++---
 1 file changed, 91 insertions(+), 6 deletions(-)

diff --git a/2020/12xxx/CVE-2020-12499.json b/2020/12xxx/CVE-2020-12499.json
index 242727ae0fd..f16a4d6561d 100644
--- a/2020/12xxx/CVE-2020-12499.json
+++ b/2020/12xxx/CVE-2020-12499.json
@@ -1,18 +1,103 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
     "CVE_data_meta": {
+        "ASSIGNER": "info@cert.vde.com",
+        "DATE_PUBLIC": "2020-07-21T09:44:00.000Z",
         "ID": "CVE-2020-12499",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC",
+        "TITLE": "In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an improper path sanitation vulnerability exists on import of project files."
     },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "PLCnext Engineer",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": "<=",
+                                            "version_value": "2020.3.1"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "PHOENIX CONTACT"
+                }
+            ]
+        }
+    },
+    "credit": [
+        {
+            "lang": "eng",
+            "value": "This vulnerability was discovered and reported by Amir Preminger of Claroty."
+        },
+        {
+            "lang": "eng",
+            "value": "PHOENIX CONTACT reported the vulnerability to CERT@VDE."
+        }
+    ],
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
     "description": {
         "description_data": [
             {
                 "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "The build settings of a PLCnext Engineer project (.pcwex) can be manipulated in a way that can result in the execution of remote code.\nThe attacker needs to get access to a PLCnext Engineer project to be able to manipulate files inside. Additionally, the files of the remote code need to be transferred to a location which can be accessed by the PC that runs PLCnext Engineer. When PLCnext Engineer runs a build process of the manipulated project the remote code can be executed."
             }
         ]
+    },
+    "generator": {
+        "engine": "Vulnogram 0.0.9"
+    },
+    "impact": {
+        "cvss": {
+            "attackComplexity": "LOW",
+            "attackVector": "LOCAL",
+            "availabilityImpact": "HIGH",
+            "baseScore": 8.2,
+            "baseSeverity": "HIGH",
+            "confidentialityImpact": "HIGH",
+            "integrityImpact": "HIGH",
+            "privilegesRequired": "LOW",
+            "scope": "CHANGED",
+            "userInteraction": "REQUIRED",
+            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
+            "version": "3.1"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "CONFIRM",
+                "url": "https://cert.vde.com/en-us/advisories/vde-2020-025"
+            }
+        ]
+    },
+    "solution": [
+        {
+            "lang": "eng",
+            "value": "Temporary Fix / Mitigation\nWe strongly recommend customers to exchange project files only using secure file exchange\nservices. Project files should not be exchanged via unencrypted email. Users should avoid\nimporting project files from unknown source and exchange or store project files together with a\nchecksum to ensure their integrity.\n\nRemediation\nPhoenix Contact strongly recommends updating to the latest version PLCnext Enineer 2020.6 or\nhigher, which fixes this vulnerability."
+        }
+    ],
+    "source": {
+        "advisory": "VDE-2020-025",
+        "discovery": "UNKNOWN"
     }
 }
\ No newline at end of file

From a227f49efbed9a66ee9a41ad344a5bcf14b0d04f Mon Sep 17 00:00:00 2001
From: Jochen Becker <jochen@cert.vde.com>
Date: Tue, 21 Jul 2020 16:15:13 +0200
Subject: [PATCH 2/2] fixed description

---
 2020/12xxx/CVE-2020-12499.json | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/2020/12xxx/CVE-2020-12499.json b/2020/12xxx/CVE-2020-12499.json
index f16a4d6561d..49cf7acec15 100644
--- a/2020/12xxx/CVE-2020-12499.json
+++ b/2020/12xxx/CVE-2020-12499.json
@@ -4,7 +4,7 @@
         "DATE_PUBLIC": "2020-07-21T09:44:00.000Z",
         "ID": "CVE-2020-12499",
         "STATE": "PUBLIC",
-        "TITLE": "In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an improper path sanitation vulnerability exists on import of project files."
+        "TITLE": "PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier: Improper path sanitation vulnerability."
     },
     "affects": {
         "vendor": {
@@ -47,7 +47,7 @@
         "description_data": [
             {
                 "lang": "eng",
-                "value": "The build settings of a PLCnext Engineer project (.pcwex) can be manipulated in a way that can result in the execution of remote code.\nThe attacker needs to get access to a PLCnext Engineer project to be able to manipulate files inside. Additionally, the files of the remote code need to be transferred to a location which can be accessed by the PC that runs PLCnext Engineer. When PLCnext Engineer runs a build process of the manipulated project the remote code can be executed."
+                "value": "In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an improper path sanitation vulnerability exists on import of project files."
             }
         ]
     },
@@ -93,7 +93,11 @@
     "solution": [
         {
             "lang": "eng",
-            "value": "Temporary Fix / Mitigation\nWe strongly recommend customers to exchange project files only using secure file exchange\nservices. Project files should not be exchanged via unencrypted email. Users should avoid\nimporting project files from unknown source and exchange or store project files together with a\nchecksum to ensure their integrity.\n\nRemediation\nPhoenix Contact strongly recommends updating to the latest version PLCnext Enineer 2020.6 or\nhigher, which fixes this vulnerability."
+            "value": "Temporary Fix / Mitigation: We strongly recommend customers to exchange project files only using secure file exchange\nservices. Project files should not be exchanged via unencrypted email. Users should avoid\nimporting project files from unknown source and exchange or store project files together with a\nchecksum to ensure their integrity.\n\n"
+        },
+        {
+            "lang": "eng",
+            "value": "Remediation: Phoenix Contact strongly recommends updating to the latest version PLCnext Enineer 2020.6 or\nhigher, which fixes this vulnerability."
         }
     ],
     "source": {