CVSS: 9.8EPSS: 1%CPEs: 52EXPL: 4CVE-2020-12501 – Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products
https://notcve.org/view.php?id=CVE-2020-12501
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) use undocumented accounts. Una vulnerabilidad de Autorización Inapropiada de Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528-XT (todas las versiones), utilizan cuentas no documentadas Multiple Korenix products are affected by unauthenticated device administration, backdoor accounts, cross site request forgery, unauthenticated tftp actions, and command injection vulnerabilities. Products affected include JetNet 5428G-20SFP, JetNet 5810G, JetNet 4706F, JetNet 4706, JetNet 4706, JetNet 4510, JetNet 5010, JetNet 5310, and JetNet 6095. • http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html http://packetstormsecurity.com/files/167409/Korenix-JetPort-5601V3-Backdoor-Account.html http://seclists.org/fulldisclosure/2021/Jun/0 http://seclists.org/fulldisclosure/2022/Jun/3 https://cert.vde.com/de-de/advisories/vde-2020-040 https://sec-consult.com/vulnerability-lab/advisory/m • CWE-798: Use of Hard-coded Credentials •
CVSS: 8.8EPSS: 1%CPEs: 50EXPL: 3CVE-2020-12502 – Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products
https://notcve.org/view.php?id=CVE-2020-12502
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to unauthenticated device administration. Una vulnerabilidad de Autorización Inapropiada de Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528-XT (todas las versiones) e ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW versiones 1.2.3 y por debajo, son propensos a una administración de dispositivos no autenticados Multiple Korenix products are affected by unauthenticated device administration, backdoor accounts, cross site request forgery, unauthenticated tftp actions, and command injection vulnerabilities. Products affected include JetNet 5428G-20SFP, JetNet 5810G, JetNet 4706F, JetNet 4706, JetNet 4706, JetNet 4510, JetNet 5010, JetNet 5310, and JetNet 6095. • http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html http://seclists.org/fulldisclosure/2021/Jun/0 https://cert.vde.com/de-de/advisories/vde-2020-040 https://cert.vde.com/en-us/advisories/vde-2020-053 https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.2EPSS: 12%CPEs: 60EXPL: 2CVE-2020-12503 – Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products
https://notcve.org/view.php?id=CVE-2020-12503
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to multiple authenticated command injections. Una vulnerabilidad de Autorización Inapropiada de Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528-XT (todas las versiones) e ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW versiones 1.2.3 y por debajo, son propensos a múltiples inyecciones de comandos autenticados Multiple Korenix products are affected by unauthenticated device administration, backdoor accounts, cross site request forgery, unauthenticated tftp actions, and command injection vulnerabilities. Products affected include JetNet 5428G-20SFP, JetNet 5810G, JetNet 4706F, JetNet 4706, JetNet 4706, JetNet 4510, JetNet 5010, JetNet 5310, and JetNet 6095. • http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html http://seclists.org/fulldisclosure/2021/Jun/0 https://cert.vde.com/de-de/advisories/vde-2020-040 https://cert.vde.com/en-us/advisories/vde-2020-053 https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs • CWE-863: Incorrect Authorization •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2019-9725
https://notcve.org/view.php?id=CVE-2019-9725
The Web manager (aka Commander) on Korenix JetPort 5601 and 5601f devices has Persistent XSS via the Port Alias field under Serial Setting. El gestor web (también conocido como Commander) en Korenix JetPort, en dispositivos con las versiones 5601 y 5601f, tiene Cross-Site Scripting (XSS) persistente mediante el campo "Port Alias" en el ajuste "Serial". • https://medium.com/%40bertinjoseb/korenix-jetport-web-manager-persistent-xss-6cf7e2a38634 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 18EXPL: 0CVE-2017-14027
https://notcve.org/view.php?id=CVE-2017-14027
A Use of Hard-coded Credentials issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G version 1.1d, JetNet6710G-HVDC version 1.1e, and JetNet6710G version 1.1. The software uses undocumented hard-coded credentials that may allow an attacker to gain remote access. Se ha descubierto un problema de uso de credenciales embebidaa en Korenix JetNet JetNet5018G versión 1.4, JetNet5310G versión 1.4a, JetNet5428G-2G-2FX versión 1.4, JetNet5628G-R versión 1.4, JetNet5628G versión 1.4, JetNet5728G-24P versión 1.4, JetNet5828G versión 1.1d, JetNet6710G-HVDC versión 1.1e y JetNet6710G versión 1.1. El software utiliza credenciales embebidas no documentadas que podrían permitir que un atacante obtuviese acceso remoto. • http://www.securityfocus.com/bid/101598 https://ics-cert.us-cert.gov/advisories/ICSA-17-299-01 • CWE-798: Use of Hard-coded Credentials •