CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0CVE-2020-12512 – Pepper+Fuchs Comtrol IO-Link Master Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-12512
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting Pepperl + Fuchs Comtrol IO-Link Master en la versión 1.5.48 y anteriores, es propenso a un ataque de tipo Cross-Site Scripting reflejado autenticado de una POST Pepperl+Fuchs IO-Link Master Series with system version 1.36 and application version 1.5.28 suffers from command injection, cross site request forgery, cross site scripting, denial of service, and null pointer vulnerabilities. • https://cert.vde.com/en-us/advisories/vde-2020-038 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 19%CPEs: 58EXPL: 4CVE-2020-12504 – Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products
https://notcve.org/view.php?id=CVE-2020-12504
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below has an active TFTP-Service. Una vulnerabilidad de Autorización Inapropiada de Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528-XT (todas las versiones) e ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW versiones 1.2.3 y por debajo, presentan un servicio TFTP activo Multiple Korenix products are affected by unauthenticated device administration, backdoor accounts, cross site request forgery, unauthenticated tftp actions, and command injection vulnerabilities. Products affected include JetNet 5428G-20SFP, JetNet 5810G, JetNet 4706F, JetNet 4706, JetNet 4706, JetNet 4510, JetNet 5010, JetNet 5310, and JetNet 6095. • http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html http://seclists.org/fulldisclosure/2021/Jun/0 https://cert.vde.com/de-de/advisories/vde-2020-040 https://cert.vde.com/en-us/advisories/vde-2020-053 https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs • CWE-912: Hidden Functionality •
CVSS: 9.8EPSS: 1%CPEs: 52EXPL: 4CVE-2020-12501 – Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products
https://notcve.org/view.php?id=CVE-2020-12501
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) use undocumented accounts. Una vulnerabilidad de Autorización Inapropiada de Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528-XT (todas las versiones), utilizan cuentas no documentadas Multiple Korenix products are affected by unauthenticated device administration, backdoor accounts, cross site request forgery, unauthenticated tftp actions, and command injection vulnerabilities. Products affected include JetNet 5428G-20SFP, JetNet 5810G, JetNet 4706F, JetNet 4706, JetNet 4706, JetNet 4510, JetNet 5010, JetNet 5310, and JetNet 6095. • http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html http://packetstormsecurity.com/files/167409/Korenix-JetPort-5601V3-Backdoor-Account.html http://seclists.org/fulldisclosure/2021/Jun/0 http://seclists.org/fulldisclosure/2022/Jun/3 https://cert.vde.com/de-de/advisories/vde-2020-040 https://sec-consult.com/vulnerability-lab/advisory/m • CWE-798: Use of Hard-coded Credentials •
CVSS: 8.8EPSS: 1%CPEs: 50EXPL: 3CVE-2020-12502 – Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products
https://notcve.org/view.php?id=CVE-2020-12502
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to unauthenticated device administration. Una vulnerabilidad de Autorización Inapropiada de Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528-XT (todas las versiones) e ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW versiones 1.2.3 y por debajo, son propensos a una administración de dispositivos no autenticados Multiple Korenix products are affected by unauthenticated device administration, backdoor accounts, cross site request forgery, unauthenticated tftp actions, and command injection vulnerabilities. Products affected include JetNet 5428G-20SFP, JetNet 5810G, JetNet 4706F, JetNet 4706, JetNet 4706, JetNet 4510, JetNet 5010, JetNet 5310, and JetNet 6095. • http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html http://seclists.org/fulldisclosure/2021/Jun/0 https://cert.vde.com/de-de/advisories/vde-2020-040 https://cert.vde.com/en-us/advisories/vde-2020-053 https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.2EPSS: 12%CPEs: 60EXPL: 2CVE-2020-12503 – Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products
https://notcve.org/view.php?id=CVE-2020-12503
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to multiple authenticated command injections. Una vulnerabilidad de Autorización Inapropiada de Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528-XT (todas las versiones) e ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW versiones 1.2.3 y por debajo, son propensos a múltiples inyecciones de comandos autenticados Multiple Korenix products are affected by unauthenticated device administration, backdoor accounts, cross site request forgery, unauthenticated tftp actions, and command injection vulnerabilities. Products affected include JetNet 5428G-20SFP, JetNet 5810G, JetNet 4706F, JetNet 4706, JetNet 4706, JetNet 4510, JetNet 5010, JetNet 5310, and JetNet 6095. • http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html http://seclists.org/fulldisclosure/2021/Jun/0 https://cert.vde.com/de-de/advisories/vde-2020-040 https://cert.vde.com/en-us/advisories/vde-2020-053 https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs • CWE-863: Incorrect Authorization •