CVE-2020-12500

Summary

Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) allows unauthenticated device administration.

Affected Software

VendorProductVersion RangeStatus
Pepperl+FuchsP+F Comtrol RocketLinxES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510-XTE, ES9528/ES9528-XT allaffected
Pepperl+FuchsP+F Comtrol RocketLinxES7510-XT < 2.1.1affected
Pepperl+FuchsP+F Comtrol RocketLinxES8510 < 3.1.1affected
KorenixJetNet5428G-20SFP <= V1.0affected
KorenixJetNet5810G <= V1.1affected
KorenixJetNet4706F <= V2.3baffected
KorenixJetNet4510 <= V3.0baffected
KorenixJetNet5310 < V1.6affected
WestermoPMI-110-F2Gunspecified < V1.8affected

Weaknesses

  • CWE-306: CWE-306 Missing Authentication for Critical Function

ADP Enrichment

CVE Program Container

Additional References

References