CVE-2020-12500
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) allows unauthenticated device administration.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Pepperl+Fuchs | P+F Comtrol RocketLinx | ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510-XTE, ES9528/ES9528-XT all | affected |
| Pepperl+Fuchs | P+F Comtrol RocketLinx | ES7510-XT < 2.1.1 | affected |
| Pepperl+Fuchs | P+F Comtrol RocketLinx | ES8510 < 3.1.1 | affected |
| Korenix | JetNet | 5428G-20SFP <= V1.0 | affected |
| Korenix | JetNet | 5810G <= V1.1 | affected |
| Korenix | JetNet | 4706F <= V2.3b | affected |
| Korenix | JetNet | 4510 <= V3.0b | affected |
| Korenix | JetNet | 5310 < V1.6 | affected |
| Westermo | PMI-110-F2G | unspecified < V1.8 | affected |
Weaknesses
- CWE-306: CWE-306 Missing Authentication for Critical Function
ADP Enrichment
CVE Program Container
Additional References
- https://cert.vde.com/de-de/advisories/vde-2020-040
- http://seclists.org/fulldisclosure/2021/Jun/0
- http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html
- https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/
- http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html
References
- https://cert.vde.com/de-de/advisories/vde-2020-040
- http://seclists.org/fulldisclosure/2021/Jun/0
- http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html
- https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/
- http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.