CVE-2020-12502

Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products

Severity Score

8.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to unauthenticated device administration.

Una vulnerabilidad de Autorización Inapropiada de Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528-XT (todas las versiones) e ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW versiones 1.2.3 y por debajo, son propensos a una administración de dispositivos no autenticados

Multiple Korenix products are affected by unauthenticated device administration, backdoor accounts, cross site request forgery, unauthenticated tftp actions, and command injection vulnerabilities. Products affected include JetNet 5428G-20SFP, JetNet 5810G, JetNet 4706F, JetNet 4706, JetNet 4706, JetNet 4510, JetNet 5010, JetNet 5310, and JetNet 6095.

*Credits: T. Weber (SEC Consult Vulnerability Lab), Coordinated by CERT@VDE

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-04-30 CVE Reserved
2020-10-05 CVE Published
2024-09-16 CVE Updated
2024-09-16 First Exploit
2024-09-21 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-352: Cross-Site Request Forgery (CSRF)

CAPEC

References (6)

URL	Tag	Source
http://seclists.org/fulldisclosure/2021/Jun/0	Mailing List
https://cert.vde.com/de-de/advisories/vde-2020-040	Third Party Advisory
https://cert.vde.com/en-us/advisories/vde-2020-053	Third Party Advisory

URL	Date	SRC
http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html	2024-09-16
http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html	2024-09-16
https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs	2024-09-16

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Pepperl-fuchs Search vendor "Pepperl-fuchs"	Es7510-xt Firmware Search vendor "Pepperl-fuchs" for product "Es7510-xt Firmware"	*	-	Affected	in	Pepperl-fuchs Search vendor "Pepperl-fuchs"	Es7510-xt Search vendor "Pepperl-fuchs" for product "Es7510-xt"	-	-	Safe
Pepperl-fuchs Search vendor "Pepperl-fuchs"	Es8509-xt Firmware Search vendor "Pepperl-fuchs" for product "Es8509-xt Firmware"	*	-	Affected	in	Pepperl-fuchs Search vendor "Pepperl-fuchs"	Es8509-xt Search vendor "Pepperl-fuchs" for product "Es8509-xt"	-	-	Safe
Pepperl-fuchs Search vendor "Pepperl-fuchs"	Es8510-xt Firmware Search vendor "Pepperl-fuchs" for product "Es8510-xt Firmware"	*	-	Affected	in	Pepperl-fuchs Search vendor "Pepperl-fuchs"	Es8510-xt Search vendor "Pepperl-fuchs" for product "Es8510-xt"	-	-	Safe
Pepperl-fuchs Search vendor "Pepperl-fuchs"	Es9528-xtv2 Firmware Search vendor "Pepperl-fuchs" for product "Es9528-xtv2 Firmware"	*	-	Affected	in	Pepperl-fuchs Search vendor "Pepperl-fuchs"	Es9528-xtv2 Search vendor "Pepperl-fuchs" for product "Es9528-xtv2"	-	-	Safe
Pepperl-fuchs Search vendor "Pepperl-fuchs"	Es7506 Firmware Search vendor "Pepperl-fuchs" for product "Es7506 Firmware"	*	-	Affected	in	Pepperl-fuchs Search vendor "Pepperl-fuchs"	Es7506 Search vendor "Pepperl-fuchs" for product "Es7506"	-	-	Safe
Pepperl-fuchs Search vendor "Pepperl-fuchs"	Es7510 Firmware Search vendor "Pepperl-fuchs" for product "Es7510 Firmware"	*	-	Affected	in	Pepperl-fuchs Search vendor "Pepperl-fuchs"	Es7510 Search vendor "Pepperl-fuchs" for product "Es7510"	-	-	Safe
Pepperl-fuchs Search vendor "Pepperl-fuchs"	Es7528 Firmware Search vendor "Pepperl-fuchs" for product "Es7528 Firmware"	*	-	Affected	in	Pepperl-fuchs Search vendor "Pepperl-fuchs"	Es7528 Search vendor "Pepperl-fuchs" for product "Es7528"	-	-	Safe
Pepperl-fuchs Search vendor "Pepperl-fuchs"	Es8508 Firmware Search vendor "Pepperl-fuchs" for product "Es8508 Firmware"	*	-	Affected	in	Pepperl-fuchs Search vendor "Pepperl-fuchs"	Es8508 Search vendor "Pepperl-fuchs" for product "Es8508"	-	-	Safe
Pepperl-fuchs Search vendor "Pepperl-fuchs"	Es8508f Firmware Search vendor "Pepperl-fuchs" for product "Es8508f Firmware"	*	-	Affected	in	Pepperl-fuchs Search vendor "Pepperl-fuchs"	Es8508f Search vendor "Pepperl-fuchs" for product "Es8508f"	-	-	Safe
Pepperl-fuchs Search vendor "Pepperl-fuchs"	Es8510 Firmware Search vendor "Pepperl-fuchs" for product "Es8510 Firmware"	*	-	Affected	in	Pepperl-fuchs Search vendor "Pepperl-fuchs"	Es8510 Search vendor "Pepperl-fuchs" for product "Es8510"	-	-	Safe
Pepperl-fuchs Search vendor "Pepperl-fuchs"	Es8510-xte Firmware Search vendor "Pepperl-fuchs" for product "Es8510-xte Firmware"	*	-	Affected	in	Pepperl-fuchs Search vendor "Pepperl-fuchs"	Es8510-xte Search vendor "Pepperl-fuchs" for product "Es8510-xte"	-	-	Safe
Pepperl-fuchs Search vendor "Pepperl-fuchs"	Es9528 Firmware Search vendor "Pepperl-fuchs" for product "Es9528 Firmware"	*	-	Affected	in	Pepperl-fuchs Search vendor "Pepperl-fuchs"	Es9528 Search vendor "Pepperl-fuchs" for product "Es9528"	-	-	Safe
Pepperl-fuchs Search vendor "Pepperl-fuchs"	Es9528-xt Firmware Search vendor "Pepperl-fuchs" for product "Es9528-xt Firmware"	*	-	Affected	in	Pepperl-fuchs Search vendor "Pepperl-fuchs"	Es9528-xt Search vendor "Pepperl-fuchs" for product "Es9528-xt"	-	-	Safe
Pepperl-fuchs Search vendor "Pepperl-fuchs"	Icrl-m-8rj45\/4sfp-g-din Firmware Search vendor "Pepperl-fuchs" for product "Icrl-m-8rj45\/4sfp-g-din Firmware"	<= 1.2.3 Search vendor "Pepperl-fuchs" for product "Icrl-m-8rj45\/4sfp-g-din Firmware" and version " <= 1.2.3"	-	Affected	in	Pepperl-fuchs Search vendor "Pepperl-fuchs"	Icrl-m-8rj45\/4sfp-g-din Search vendor "Pepperl-fuchs" for product "Icrl-m-8rj45\/4sfp-g-din"	-	-	Safe
Pepperl-fuchs Search vendor "Pepperl-fuchs"	Icrl-m-16rj45\/4cp-g-din Firmware Search vendor "Pepperl-fuchs" for product "Icrl-m-16rj45\/4cp-g-din Firmware"	<= 1.2.3 Search vendor "Pepperl-fuchs" for product "Icrl-m-16rj45\/4cp-g-din Firmware" and version " <= 1.2.3"	-	Affected	in	Pepperl-fuchs Search vendor "Pepperl-fuchs"	Icrl-m-16rj45\/4cp-g-din Search vendor "Pepperl-fuchs" for product "Icrl-m-16rj45\/4cp-g-din"	-	-	Safe
Korenix Search vendor "Korenix"	Jetnet 5428g-20sfp Firmware Search vendor "Korenix" for product "Jetnet 5428g-20sfp Firmware"	-	-	Affected	in	Korenix Search vendor "Korenix"	Jetnet 5428g-20sfp Search vendor "Korenix" for product "Jetnet 5428g-20sfp"	-	-	Safe
Korenix Search vendor "Korenix"	Jetnet 5810g Firmware Search vendor "Korenix" for product "Jetnet 5810g Firmware"	-	-	Affected	in	Korenix Search vendor "Korenix"	Jetnet 5810g Search vendor "Korenix" for product "Jetnet 5810g"	-	-	Safe
Korenix Search vendor "Korenix"	Jetnet 4706f Firmware Search vendor "Korenix" for product "Jetnet 4706f Firmware"	-	-	Affected	in	Korenix Search vendor "Korenix"	Jetnet 4706f Search vendor "Korenix" for product "Jetnet 4706f"	-	-	Safe
Korenix Search vendor "Korenix"	Jetnet 4706 Firmware Search vendor "Korenix" for product "Jetnet 4706 Firmware"	-	-	Affected	in	Korenix Search vendor "Korenix"	Jetnet 4706 Search vendor "Korenix" for product "Jetnet 4706"	-	-	Safe
Korenix Search vendor "Korenix"	Jetnet 4510 Firmware Search vendor "Korenix" for product "Jetnet 4510 Firmware"	-	-	Affected	in	Korenix Search vendor "Korenix"	Jetnet 4510 Search vendor "Korenix" for product "Jetnet 4510"	-	-	Safe
Korenix Search vendor "Korenix"	Jetnet 5010 Firmware Search vendor "Korenix" for product "Jetnet 5010 Firmware"	-	-	Affected	in	Korenix Search vendor "Korenix"	Jetnet 5010 Search vendor "Korenix" for product "Jetnet 5010"	-	-	Safe
Korenix Search vendor "Korenix"	Jetnet 5310 Firmware Search vendor "Korenix" for product "Jetnet 5310 Firmware"	-	-	Affected	in	Korenix Search vendor "Korenix"	Jetnet 5310 Search vendor "Korenix" for product "Jetnet 5310"	-	-	Safe
Korenix Search vendor "Korenix"	Jetnet 6095 Firmware Search vendor "Korenix" for product "Jetnet 6095 Firmware"	-	-	Affected	in	Korenix Search vendor "Korenix"	Jetnet 6095 Search vendor "Korenix" for product "Jetnet 6095"	-	-	Safe
Pepperl-fuchs Search vendor "Pepperl-fuchs"	Icrl-m-8rj45\/4sfp-g-din Firmware Search vendor "Pepperl-fuchs" for product "Icrl-m-8rj45\/4sfp-g-din Firmware"	< 1.4 Search vendor "Pepperl-fuchs" for product "Icrl-m-8rj45\/4sfp-g-din Firmware" and version " < 1.4"	-	Affected	in	Pepperl-fuchs Search vendor "Pepperl-fuchs"	Icrl-m-8rj45\/4sfp-g-din Search vendor "Pepperl-fuchs" for product "Icrl-m-8rj45\/4sfp-g-din"	-	-	Safe
Pepperl-fuchs Search vendor "Pepperl-fuchs"	Icrl-m-16rj45\/4cp-g-din Firmware Search vendor "Pepperl-fuchs" for product "Icrl-m-16rj45\/4cp-g-din Firmware"	< 1.4.0 Search vendor "Pepperl-fuchs" for product "Icrl-m-16rj45\/4cp-g-din Firmware" and version " < 1.4.0"	-	Affected	in	Pepperl-fuchs Search vendor "Pepperl-fuchs"	Icrl-m-16rj45\/4cp-g-din Search vendor "Pepperl-fuchs" for product "Icrl-m-16rj45\/4cp-g-din"	-	-	Safe