CVE-2020-12504
Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
6
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below has an active TFTP-Service.
Una vulnerabilidad de AutorizaciĆ³n Inapropiada de Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528-XT (todas las versiones) e ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW versiones 1.2.3 y por debajo, presentan un servicio TFTP activo
Multiple Korenix products are affected by unauthenticated device administration, backdoor accounts, cross site request forgery, unauthenticated tftp actions, and command injection vulnerabilities. Products affected include JetNet 5428G-20SFP, JetNet 5810G, JetNet 4706F, JetNet 4706, JetNet 4706, JetNet 4510, JetNet 5010, JetNet 5310, and JetNet 6095.
*Credits:
T. Weber (SEC Consult Vulnerability Lab), Coordinated by CERT@VDE
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-04-30 CVE Reserved
- 2020-10-05 CVE Published
- 2021-06-01 First Exploit
- 2024-09-16 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-912: Hidden Functionality
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| https://cert.vde.com/de-de/advisories/vde-2020-040 | Third Party Advisory | |
| https://cert.vde.com/en-us/advisories/vde-2020-053 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Pepperl-fuchs Search vendor "Pepperl-fuchs" | Es7510-xt Firmware Search vendor "Pepperl-fuchs" for product "Es7510-xt Firmware" | < 2.1.1 Search vendor "Pepperl-fuchs" for product "Es7510-xt Firmware" and version " < 2.1.1" | - |
Affected
| in | Pepperl-fuchs Search vendor "Pepperl-fuchs" | Es7510-xt Search vendor "Pepperl-fuchs" for product "Es7510-xt" | - | - |
Safe
|
| Pepperl-fuchs Search vendor "Pepperl-fuchs" | Es8509-xt Firmware Search vendor "Pepperl-fuchs" for product "Es8509-xt Firmware" | * | - |
Affected
| in | Pepperl-fuchs Search vendor "Pepperl-fuchs" | Es8509-xt Search vendor "Pepperl-fuchs" for product "Es8509-xt" | - | - |
Safe
|
| Pepperl-fuchs Search vendor "Pepperl-fuchs" | Es8510-xt Firmware Search vendor "Pepperl-fuchs" for product "Es8510-xt Firmware" | * | - |
Affected
| in | Pepperl-fuchs Search vendor "Pepperl-fuchs" | Es8510-xt Search vendor "Pepperl-fuchs" for product "Es8510-xt" | - | - |
Safe
|
| Pepperl-fuchs Search vendor "Pepperl-fuchs" | Es9528-xtv2 Firmware Search vendor "Pepperl-fuchs" for product "Es9528-xtv2 Firmware" | * | - |
Affected
| in | Pepperl-fuchs Search vendor "Pepperl-fuchs" | Es9528-xtv2 Search vendor "Pepperl-fuchs" for product "Es9528-xtv2" | - | - |
Safe
|
| Pepperl-fuchs Search vendor "Pepperl-fuchs" | Es7506 Firmware Search vendor "Pepperl-fuchs" for product "Es7506 Firmware" | * | - |
Affected
| in | Pepperl-fuchs Search vendor "Pepperl-fuchs" | Es7506 Search vendor "Pepperl-fuchs" for product "Es7506" | - | - |
Safe
|
| Pepperl-fuchs Search vendor "Pepperl-fuchs" | Es7510 Firmware Search vendor "Pepperl-fuchs" for product "Es7510 Firmware" | * | - |
Affected
| in | Pepperl-fuchs Search vendor "Pepperl-fuchs" | Es7510 Search vendor "Pepperl-fuchs" for product "Es7510" | - | - |
Safe
|
| Pepperl-fuchs Search vendor "Pepperl-fuchs" | Es7528 Firmware Search vendor "Pepperl-fuchs" for product "Es7528 Firmware" | * | - |
Affected
| in | Pepperl-fuchs Search vendor "Pepperl-fuchs" | Es7528 Search vendor "Pepperl-fuchs" for product "Es7528" | - | - |
Safe
|
| Pepperl-fuchs Search vendor "Pepperl-fuchs" | Es8508 Firmware Search vendor "Pepperl-fuchs" for product "Es8508 Firmware" | * | - |
Affected
| in | Pepperl-fuchs Search vendor "Pepperl-fuchs" | Es8508 Search vendor "Pepperl-fuchs" for product "Es8508" | - | - |
Safe
|
| Pepperl-fuchs Search vendor "Pepperl-fuchs" | Es8508f Firmware Search vendor "Pepperl-fuchs" for product "Es8508f Firmware" | * | - |
Affected
| in | Pepperl-fuchs Search vendor "Pepperl-fuchs" | Es8508f Search vendor "Pepperl-fuchs" for product "Es8508f" | - | - |
Safe
|
| Pepperl-fuchs Search vendor "Pepperl-fuchs" | Es8510 Firmware Search vendor "Pepperl-fuchs" for product "Es8510 Firmware" | < 3.1.1 Search vendor "Pepperl-fuchs" for product "Es8510 Firmware" and version " < 3.1.1" | - |
Affected
| in | Pepperl-fuchs Search vendor "Pepperl-fuchs" | Es8510 Search vendor "Pepperl-fuchs" for product "Es8510" | - | - |
Safe
|
| Pepperl-fuchs Search vendor "Pepperl-fuchs" | Es8510-xte Firmware Search vendor "Pepperl-fuchs" for product "Es8510-xte Firmware" | * | - |
Affected
| in | Pepperl-fuchs Search vendor "Pepperl-fuchs" | Es8510-xte Search vendor "Pepperl-fuchs" for product "Es8510-xte" | - | - |
Safe
|
| Pepperl-fuchs Search vendor "Pepperl-fuchs" | Es9528 Firmware Search vendor "Pepperl-fuchs" for product "Es9528 Firmware" | * | - |
Affected
| in | Pepperl-fuchs Search vendor "Pepperl-fuchs" | Es9528 Search vendor "Pepperl-fuchs" for product "Es9528" | - | - |
Safe
|
| Pepperl-fuchs Search vendor "Pepperl-fuchs" | Es9528-xt Firmware Search vendor "Pepperl-fuchs" for product "Es9528-xt Firmware" | * | - |
Affected
| in | Pepperl-fuchs Search vendor "Pepperl-fuchs" | Es9528-xt Search vendor "Pepperl-fuchs" for product "Es9528-xt" | - | - |
Safe
|
| Pepperl-fuchs Search vendor "Pepperl-fuchs" | Icrl-m-8rj45\/4sfp-g-din Firmware Search vendor "Pepperl-fuchs" for product "Icrl-m-8rj45\/4sfp-g-din Firmware" | <= 1.2.3 Search vendor "Pepperl-fuchs" for product "Icrl-m-8rj45\/4sfp-g-din Firmware" and version " <= 1.2.3" | - |
Affected
| in | Pepperl-fuchs Search vendor "Pepperl-fuchs" | Icrl-m-8rj45\/4sfp-g-din Search vendor "Pepperl-fuchs" for product "Icrl-m-8rj45\/4sfp-g-din" | - | - |
Safe
|
| Pepperl-fuchs Search vendor "Pepperl-fuchs" | Icrl-m-16rj45\/4cp-g-din Firmware Search vendor "Pepperl-fuchs" for product "Icrl-m-16rj45\/4cp-g-din Firmware" | <= 1.2.3 Search vendor "Pepperl-fuchs" for product "Icrl-m-16rj45\/4cp-g-din Firmware" and version " <= 1.2.3" | - |
Affected
| in | Pepperl-fuchs Search vendor "Pepperl-fuchs" | Icrl-m-16rj45\/4cp-g-din Search vendor "Pepperl-fuchs" for product "Icrl-m-16rj45\/4cp-g-din" | - | - |
Safe
|
| Korenix Search vendor "Korenix" | Jetwave 2212s Firmware Search vendor "Korenix" for product "Jetwave 2212s Firmware" | 1.5 Search vendor "Korenix" for product "Jetwave 2212s Firmware" and version "1.5" | - |
Affected
| in | Korenix Search vendor "Korenix" | Jetwave 2212s Search vendor "Korenix" for product "Jetwave 2212s" | - | - |
Safe
|
| Korenix Search vendor "Korenix" | Jetwave 2212g Firmware Search vendor "Korenix" for product "Jetwave 2212g Firmware" | 1.4 Search vendor "Korenix" for product "Jetwave 2212g Firmware" and version "1.4" | - |
Affected
| in | Korenix Search vendor "Korenix" | Jetwave 2212g Search vendor "Korenix" for product "Jetwave 2212g" | - | - |
Safe
|
| Korenix Search vendor "Korenix" | Jetwave 2311 Firmware Search vendor "Korenix" for product "Jetwave 2311 Firmware" | 1.2 Search vendor "Korenix" for product "Jetwave 2311 Firmware" and version "1.2" | - |
Affected
| in | Korenix Search vendor "Korenix" | Jetwave 2311 Search vendor "Korenix" for product "Jetwave 2311" | - | - |
Safe
|
| Korenix Search vendor "Korenix" | Jetwave 3220 Firmware Search vendor "Korenix" for product "Jetwave 3220 Firmware" | 1.2 Search vendor "Korenix" for product "Jetwave 3220 Firmware" and version "1.2" | - |
Affected
| in | Korenix Search vendor "Korenix" | Jetwave 3220 Search vendor "Korenix" for product "Jetwave 3220" | - | - |
Safe
|
| Korenix Search vendor "Korenix" | Jetwave 3420 Firmware Search vendor "Korenix" for product "Jetwave 3420 Firmware" | 1.1.3t Search vendor "Korenix" for product "Jetwave 3420 Firmware" and version "1.1.3t" | - |
Affected
| in | Korenix Search vendor "Korenix" | Jetwave 3420 Search vendor "Korenix" for product "Jetwave 3420" | - | - |
Safe
|
| Korenix Search vendor "Korenix" | Jetwave 2212x Firmware Search vendor "Korenix" for product "Jetwave 2212x Firmware" | 1.5 Search vendor "Korenix" for product "Jetwave 2212x Firmware" and version "1.5" | - |
Affected
| in | Korenix Search vendor "Korenix" | Jetwave 2212x Search vendor "Korenix" for product "Jetwave 2212x" | - | - |
Safe
|
| Korenix Search vendor "Korenix" | Jetwave 5428g-20sfp Firmware Search vendor "Korenix" for product "Jetwave 5428g-20sfp Firmware" | 1.0 Search vendor "Korenix" for product "Jetwave 5428g-20sfp Firmware" and version "1.0" | - |
Affected
| in | Korenix Search vendor "Korenix" | Jetwave 5428g-20sfp Search vendor "Korenix" for product "Jetwave 5428g-20sfp" | - | - |
Safe
|
| Korenix Search vendor "Korenix" | Jetwave 5810g Firmware Search vendor "Korenix" for product "Jetwave 5810g Firmware" | 1.1 Search vendor "Korenix" for product "Jetwave 5810g Firmware" and version "1.1" | - |
Affected
| in | Korenix Search vendor "Korenix" | Jetwave 5810g Search vendor "Korenix" for product "Jetwave 5810g" | - | - |
Safe
|
| Korenix Search vendor "Korenix" | Jetwave 5310 Firmware Search vendor "Korenix" for product "Jetwave 5310 Firmware" | 1.5 Search vendor "Korenix" for product "Jetwave 5310 Firmware" and version "1.5" | - |
Affected
| in | Korenix Search vendor "Korenix" | Jetwave 5310 Search vendor "Korenix" for product "Jetwave 5310" | - | - |
Safe
|
| Korenix Search vendor "Korenix" | Jetwave 5010 Firmware Search vendor "Korenix" for product "Jetwave 5010 Firmware" | 3.1a Search vendor "Korenix" for product "Jetwave 5010 Firmware" and version "3.1a" | - |
Affected
| in | Korenix Search vendor "Korenix" | Jetwave 5010 Search vendor "Korenix" for product "Jetwave 5010" | - | - |
Safe
|
| Korenix Search vendor "Korenix" | Jetwave 4706f Firmware Search vendor "Korenix" for product "Jetwave 4706f Firmware" | 2.3b Search vendor "Korenix" for product "Jetwave 4706f Firmware" and version "2.3b" | - |
Affected
| in | Korenix Search vendor "Korenix" | Jetwave 4706f Search vendor "Korenix" for product "Jetwave 4706f" | - | - |
Safe
|
| Korenix Search vendor "Korenix" | Jetwave 4706 Firmware Search vendor "Korenix" for product "Jetwave 4706 Firmware" | 2.3b Search vendor "Korenix" for product "Jetwave 4706 Firmware" and version "2.3b" | - |
Affected
| in | Korenix Search vendor "Korenix" | Jetwave 4706 Search vendor "Korenix" for product "Jetwave 4706" | - | - |
Safe
|
| Korenix Search vendor "Korenix" | Jetwave 4510 Firmware Search vendor "Korenix" for product "Jetwave 4510 Firmware" | 3.0b Search vendor "Korenix" for product "Jetwave 4510 Firmware" and version "3.0b" | - |
Affected
| in | Korenix Search vendor "Korenix" | Jetwave 4510 Search vendor "Korenix" for product "Jetwave 4510" | - | - |
Safe
|
| Westermo Search vendor "Westermo" | Pmi-110-f2g Firmware Search vendor "Westermo" for product "Pmi-110-f2g Firmware" | 1.5 Search vendor "Westermo" for product "Pmi-110-f2g Firmware" and version "1.5" | - |
Affected
| in | Westermo Search vendor "Westermo" | Pmi-110-f2g Search vendor "Westermo" for product "Pmi-110-f2g" | - | - |
Safe
|