CVSS: 9.8EPSS: 19%CPEs: 58EXPL: 4CVE-2020-12504 – Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products
https://notcve.org/view.php?id=CVE-2020-12504
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below has an active TFTP-Service. Una vulnerabilidad de Autorización Inapropiada de Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528-XT (todas las versiones) e ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW versiones 1.2.3 y por debajo, presentan un servicio TFTP activo Multiple Korenix products are affected by unauthenticated device administration, backdoor accounts, cross site request forgery, unauthenticated tftp actions, and command injection vulnerabilities. Products affected include JetNet 5428G-20SFP, JetNet 5810G, JetNet 4706F, JetNet 4706, JetNet 4706, JetNet 4510, JetNet 5010, JetNet 5310, and JetNet 6095. • http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html http://seclists.org/fulldisclosure/2021/Jun/0 https://cert.vde.com/de-de/advisories/vde-2020-040 https://cert.vde.com/en-us/advisories/vde-2020-053 https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs • CWE-912: Hidden Functionality •
CVSS: 9.8EPSS: 1%CPEs: 52EXPL: 4CVE-2020-12501 – Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products
https://notcve.org/view.php?id=CVE-2020-12501
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) use undocumented accounts. Una vulnerabilidad de Autorización Inapropiada de Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528-XT (todas las versiones), utilizan cuentas no documentadas Multiple Korenix products are affected by unauthenticated device administration, backdoor accounts, cross site request forgery, unauthenticated tftp actions, and command injection vulnerabilities. Products affected include JetNet 5428G-20SFP, JetNet 5810G, JetNet 4706F, JetNet 4706, JetNet 4706, JetNet 4510, JetNet 5010, JetNet 5310, and JetNet 6095. • http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html http://packetstormsecurity.com/files/167409/Korenix-JetPort-5601V3-Backdoor-Account.html http://seclists.org/fulldisclosure/2021/Jun/0 http://seclists.org/fulldisclosure/2022/Jun/3 https://cert.vde.com/de-de/advisories/vde-2020-040 https://sec-consult.com/vulnerability-lab/advisory/m • CWE-798: Use of Hard-coded Credentials •
CVSS: 8.8EPSS: 1%CPEs: 50EXPL: 3CVE-2020-12502 – Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products
https://notcve.org/view.php?id=CVE-2020-12502
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to unauthenticated device administration. Una vulnerabilidad de Autorización Inapropiada de Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528-XT (todas las versiones) e ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW versiones 1.2.3 y por debajo, son propensos a una administración de dispositivos no autenticados Multiple Korenix products are affected by unauthenticated device administration, backdoor accounts, cross site request forgery, unauthenticated tftp actions, and command injection vulnerabilities. Products affected include JetNet 5428G-20SFP, JetNet 5810G, JetNet 4706F, JetNet 4706, JetNet 4706, JetNet 4510, JetNet 5010, JetNet 5310, and JetNet 6095. • http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html http://seclists.org/fulldisclosure/2021/Jun/0 https://cert.vde.com/de-de/advisories/vde-2020-040 https://cert.vde.com/en-us/advisories/vde-2020-053 https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.2EPSS: 12%CPEs: 60EXPL: 2CVE-2020-12503 – Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products
https://notcve.org/view.php?id=CVE-2020-12503
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to multiple authenticated command injections. Una vulnerabilidad de Autorización Inapropiada de Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528-XT (todas las versiones) e ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW versiones 1.2.3 y por debajo, son propensos a múltiples inyecciones de comandos autenticados Multiple Korenix products are affected by unauthenticated device administration, backdoor accounts, cross site request forgery, unauthenticated tftp actions, and command injection vulnerabilities. Products affected include JetNet 5428G-20SFP, JetNet 5810G, JetNet 4706F, JetNet 4706, JetNet 4706, JetNet 4510, JetNet 5010, JetNet 5310, and JetNet 6095. • http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html http://seclists.org/fulldisclosure/2021/Jun/0 https://cert.vde.com/de-de/advisories/vde-2020-040 https://cert.vde.com/en-us/advisories/vde-2020-053 https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs • CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 25%CPEs: 26EXPL: 3CVE-2020-12500 – Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products
https://notcve.org/view.php?id=CVE-2020-12500
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) allows unauthenticated device administration. Una vulnerabilidad de Autorización Inapropiada de Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528-XT (todas las versiones), permite la administración de dispositivos no autenticados Multiple Korenix products are affected by unauthenticated device administration, backdoor accounts, cross site request forgery, unauthenticated tftp actions, and command injection vulnerabilities. Products affected include JetNet 5428G-20SFP, JetNet 5810G, JetNet 4706F, JetNet 4706, JetNet 4706, JetNet 4510, JetNet 5010, JetNet 5310, and JetNet 6095. • http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html http://seclists.org/fulldisclosure/2021/Jun/0 https://cert.vde.com/de-de/advisories/vde-2020-040 https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs • CWE-306: Missing Authentication for Critical Function •