How severe is CVE-2020-12494?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2020-12494?

This is classified as CWE-459, which is a common weakness in software security.

CVE-2020-12494 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

Beckhoff's TwinCAT RT network driver for Intel 8254x and 8255x is providing EtherCAT functionality. The driver implements real-time features. Except for Ethernet frames sent from real-time functionality, all other Ethernet frames sent through the driver are not padded if their payload is less than the minimum Ethernet frame size. Instead, arbitrary memory content is transmitted within in the padding bytes of the frame. Most likely this memory contains slices from previously transmitted or received frames. By this method, memory content is disclosed, however, an attacker can hardly control which memory content is affected. For example, the disclosure can be provoked with small sized ICMP echo requests sent to the device.

Related Vulnerabilities

CVE-2019-17420

MEDIUM

CVSS:5.3(Medium)

In OISF LibHTP before 0.5.31, as used in Suricata 4.1.4 and other products, an HTTP protocol parsing error causes the http_header signature to not alert on a response with a single \r\n ending.

CWE-4592019

CVE-2019-20849

MEDIUM

CVSS:5.3(Medium)

An issue was discovered in Mattermost Mobile Apps before 1.26.0. Cookie data can persist on a device after a logout.

CWE-4592019

CVE-2019-20850

MEDIUM

CVSS:5.3(Medium)

An issue was discovered in Mattermost Mobile Apps before 1.26.0. A view cache can persist on a device after a logout.

CWE-4592019

CVE-2019-8768

MEDIUM

CVSS:5.3(Medium)

"Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Catalina 10.15. A user may be unable to delete browsing hi...

CWE-4592019

CVE-2023-42795

MEDIUM

CVSS:5.3(Medium)

Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0....

CWE-4592023

CVE-2024-6300

MEDIUM

CVSS:5.3(Medium)

Incomplete cleanup when performing redactions in Conduit, allowing an attacker to check whether certain strings were present in the PDU before redaction

CWE-4592024