CVE-2020-12502

Summary

Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to unauthenticated device administration.

Affected Software

VendorProductVersion RangeStatus
Pepperl+FuchsP+F Comtrol RocketLinxES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510-XTE, ES9528/ES9528-XT allaffected
Pepperl+FuchsP+F Comtrol RocketLinxES7510-XT < 2.1.1affected
Pepperl+FuchsP+F Comtrol RocketLinxES8510 < 3.1.1affected
Pepperl+FuchsP+F Comtrol RocketLinxICRL-M-8RJ45/4SFP-G-DIN <= 1.2.3affected
Pepperl+FuchsP+F Comtrol RocketLinxICRL-M-16RJ45/4CP-G-DIN <= 1.2.3affected
KorenixJetNet5428G-20SFP <= V1.0affected
KorenixJetNet5810G <= V1.1affected
KorenixJetNet4706F <= V2.3baffected
KorenixJetNet4510 <= V3.0baffected
KorenixJetNet5310 < V1.6affected
WestermoPMI-110-F2Gunspecified < V1.8affected

Weaknesses

  • CWE-352: CWE-352 Cross-Site Request Forgery (CSRF)

ADP Enrichment

CVE Program Container

Additional References

References