CVE-2020-12504

Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below has an active TFTP-Service.

Una vulnerabilidad de Autorización Inapropiada de Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528-XT (todas las versiones) e ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW versiones 1.2.3 y por debajo, presentan un servicio TFTP activo

Multiple Korenix products are affected by unauthenticated device administration, backdoor accounts, cross site request forgery, unauthenticated tftp actions, and command injection vulnerabilities. Products affected include JetNet 5428G-20SFP, JetNet 5810G, JetNet 4706F, JetNet 4706, JetNet 4706, JetNet 4510, JetNet 5010, JetNet 5310, and JetNet 6095.

*Credits: T. Weber (SEC Consult Vulnerability Lab), Coordinated by CERT@VDE

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-04-30 CVE Reserved
2020-10-05 CVE Published
2024-09-16 CVE Updated
2024-09-16 First Exploit
2024-09-21 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-912: Hidden Functionality

CAPEC

References (6)

URL	Tag	Source
https://cert.vde.com/de-de/advisories/vde-2020-040	Third Party Advisory
https://cert.vde.com/en-us/advisories/vde-2020-053	Third Party Advisory

URL	Date	SRC
http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html	2024-09-16
http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html	2024-09-16
http://seclists.org/fulldisclosure/2021/Jun/0	2024-09-16
https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs	2024-09-16

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Pepperl-fuchs Search vendor "Pepperl-fuchs"	Es7510-xt Firmware Search vendor "Pepperl-fuchs" for product "Es7510-xt Firmware"	< 2.1.1 Search vendor "Pepperl-fuchs" for product "Es7510-xt Firmware" and version " < 2.1.1"	-	Affected	in	Pepperl-fuchs Search vendor "Pepperl-fuchs"	Es7510-xt Search vendor "Pepperl-fuchs" for product "Es7510-xt"	-	-	Safe
Pepperl-fuchs Search vendor "Pepperl-fuchs"	Es8509-xt Firmware Search vendor "Pepperl-fuchs" for product "Es8509-xt Firmware"	*	-	Affected	in	Pepperl-fuchs Search vendor "Pepperl-fuchs"	Es8509-xt Search vendor "Pepperl-fuchs" for product "Es8509-xt"	-	-	Safe
Pepperl-fuchs Search vendor "Pepperl-fuchs"	Es8510-xt Firmware Search vendor "Pepperl-fuchs" for product "Es8510-xt Firmware"	*	-	Affected	in	Pepperl-fuchs Search vendor "Pepperl-fuchs"	Es8510-xt Search vendor "Pepperl-fuchs" for product "Es8510-xt"	-	-	Safe
Pepperl-fuchs Search vendor "Pepperl-fuchs"	Es9528-xtv2 Firmware Search vendor "Pepperl-fuchs" for product "Es9528-xtv2 Firmware"	*	-	Affected	in	Pepperl-fuchs Search vendor "Pepperl-fuchs"	Es9528-xtv2 Search vendor "Pepperl-fuchs" for product "Es9528-xtv2"	-	-	Safe
Pepperl-fuchs Search vendor "Pepperl-fuchs"	Es7506 Firmware Search vendor "Pepperl-fuchs" for product "Es7506 Firmware"	*	-	Affected	in	Pepperl-fuchs Search vendor "Pepperl-fuchs"	Es7506 Search vendor "Pepperl-fuchs" for product "Es7506"	-	-	Safe
Pepperl-fuchs Search vendor "Pepperl-fuchs"	Es7510 Firmware Search vendor "Pepperl-fuchs" for product "Es7510 Firmware"	*	-	Affected	in	Pepperl-fuchs Search vendor "Pepperl-fuchs"	Es7510 Search vendor "Pepperl-fuchs" for product "Es7510"	-	-	Safe
Pepperl-fuchs Search vendor "Pepperl-fuchs"	Es7528 Firmware Search vendor "Pepperl-fuchs" for product "Es7528 Firmware"	*	-	Affected	in	Pepperl-fuchs Search vendor "Pepperl-fuchs"	Es7528 Search vendor "Pepperl-fuchs" for product "Es7528"	-	-	Safe
Pepperl-fuchs Search vendor "Pepperl-fuchs"	Es8508 Firmware Search vendor "Pepperl-fuchs" for product "Es8508 Firmware"	*	-	Affected	in	Pepperl-fuchs Search vendor "Pepperl-fuchs"	Es8508 Search vendor "Pepperl-fuchs" for product "Es8508"	-	-	Safe
Pepperl-fuchs Search vendor "Pepperl-fuchs"	Es8508f Firmware Search vendor "Pepperl-fuchs" for product "Es8508f Firmware"	*	-	Affected	in	Pepperl-fuchs Search vendor "Pepperl-fuchs"	Es8508f Search vendor "Pepperl-fuchs" for product "Es8508f"	-	-	Safe
Pepperl-fuchs Search vendor "Pepperl-fuchs"	Es8510 Firmware Search vendor "Pepperl-fuchs" for product "Es8510 Firmware"	< 3.1.1 Search vendor "Pepperl-fuchs" for product "Es8510 Firmware" and version " < 3.1.1"	-	Affected	in	Pepperl-fuchs Search vendor "Pepperl-fuchs"	Es8510 Search vendor "Pepperl-fuchs" for product "Es8510"	-	-	Safe
Pepperl-fuchs Search vendor "Pepperl-fuchs"	Es8510-xte Firmware Search vendor "Pepperl-fuchs" for product "Es8510-xte Firmware"	*	-	Affected	in	Pepperl-fuchs Search vendor "Pepperl-fuchs"	Es8510-xte Search vendor "Pepperl-fuchs" for product "Es8510-xte"	-	-	Safe
Pepperl-fuchs Search vendor "Pepperl-fuchs"	Es9528 Firmware Search vendor "Pepperl-fuchs" for product "Es9528 Firmware"	*	-	Affected	in	Pepperl-fuchs Search vendor "Pepperl-fuchs"	Es9528 Search vendor "Pepperl-fuchs" for product "Es9528"	-	-	Safe
Pepperl-fuchs Search vendor "Pepperl-fuchs"	Es9528-xt Firmware Search vendor "Pepperl-fuchs" for product "Es9528-xt Firmware"	*	-	Affected	in	Pepperl-fuchs Search vendor "Pepperl-fuchs"	Es9528-xt Search vendor "Pepperl-fuchs" for product "Es9528-xt"	-	-	Safe
Pepperl-fuchs Search vendor "Pepperl-fuchs"	Icrl-m-8rj45\/4sfp-g-din Firmware Search vendor "Pepperl-fuchs" for product "Icrl-m-8rj45\/4sfp-g-din Firmware"	<= 1.2.3 Search vendor "Pepperl-fuchs" for product "Icrl-m-8rj45\/4sfp-g-din Firmware" and version " <= 1.2.3"	-	Affected	in	Pepperl-fuchs Search vendor "Pepperl-fuchs"	Icrl-m-8rj45\/4sfp-g-din Search vendor "Pepperl-fuchs" for product "Icrl-m-8rj45\/4sfp-g-din"	-	-	Safe
Pepperl-fuchs Search vendor "Pepperl-fuchs"	Icrl-m-16rj45\/4cp-g-din Firmware Search vendor "Pepperl-fuchs" for product "Icrl-m-16rj45\/4cp-g-din Firmware"	<= 1.2.3 Search vendor "Pepperl-fuchs" for product "Icrl-m-16rj45\/4cp-g-din Firmware" and version " <= 1.2.3"	-	Affected	in	Pepperl-fuchs Search vendor "Pepperl-fuchs"	Icrl-m-16rj45\/4cp-g-din Search vendor "Pepperl-fuchs" for product "Icrl-m-16rj45\/4cp-g-din"	-	-	Safe
Korenix Search vendor "Korenix"	Jetwave 2212s Firmware Search vendor "Korenix" for product "Jetwave 2212s Firmware"	1.5 Search vendor "Korenix" for product "Jetwave 2212s Firmware" and version "1.5"	-	Affected	in	Korenix Search vendor "Korenix"	Jetwave 2212s Search vendor "Korenix" for product "Jetwave 2212s"	-	-	Safe
Korenix Search vendor "Korenix"	Jetwave 2212g Firmware Search vendor "Korenix" for product "Jetwave 2212g Firmware"	1.4 Search vendor "Korenix" for product "Jetwave 2212g Firmware" and version "1.4"	-	Affected	in	Korenix Search vendor "Korenix"	Jetwave 2212g Search vendor "Korenix" for product "Jetwave 2212g"	-	-	Safe
Korenix Search vendor "Korenix"	Jetwave 2311 Firmware Search vendor "Korenix" for product "Jetwave 2311 Firmware"	1.2 Search vendor "Korenix" for product "Jetwave 2311 Firmware" and version "1.2"	-	Affected	in	Korenix Search vendor "Korenix"	Jetwave 2311 Search vendor "Korenix" for product "Jetwave 2311"	-	-	Safe
Korenix Search vendor "Korenix"	Jetwave 3220 Firmware Search vendor "Korenix" for product "Jetwave 3220 Firmware"	1.2 Search vendor "Korenix" for product "Jetwave 3220 Firmware" and version "1.2"	-	Affected	in	Korenix Search vendor "Korenix"	Jetwave 3220 Search vendor "Korenix" for product "Jetwave 3220"	-	-	Safe
Korenix Search vendor "Korenix"	Jetwave 3420 Firmware Search vendor "Korenix" for product "Jetwave 3420 Firmware"	1.1.3t Search vendor "Korenix" for product "Jetwave 3420 Firmware" and version "1.1.3t"	-	Affected	in	Korenix Search vendor "Korenix"	Jetwave 3420 Search vendor "Korenix" for product "Jetwave 3420"	-	-	Safe
Korenix Search vendor "Korenix"	Jetwave 2212x Firmware Search vendor "Korenix" for product "Jetwave 2212x Firmware"	1.5 Search vendor "Korenix" for product "Jetwave 2212x Firmware" and version "1.5"	-	Affected	in	Korenix Search vendor "Korenix"	Jetwave 2212x Search vendor "Korenix" for product "Jetwave 2212x"	-	-	Safe
Korenix Search vendor "Korenix"	Jetwave 5428g-20sfp Firmware Search vendor "Korenix" for product "Jetwave 5428g-20sfp Firmware"	1.0 Search vendor "Korenix" for product "Jetwave 5428g-20sfp Firmware" and version "1.0"	-	Affected	in	Korenix Search vendor "Korenix"	Jetwave 5428g-20sfp Search vendor "Korenix" for product "Jetwave 5428g-20sfp"	-	-	Safe
Korenix Search vendor "Korenix"	Jetwave 5810g Firmware Search vendor "Korenix" for product "Jetwave 5810g Firmware"	1.1 Search vendor "Korenix" for product "Jetwave 5810g Firmware" and version "1.1"	-	Affected	in	Korenix Search vendor "Korenix"	Jetwave 5810g Search vendor "Korenix" for product "Jetwave 5810g"	-	-	Safe
Korenix Search vendor "Korenix"	Jetwave 5310 Firmware Search vendor "Korenix" for product "Jetwave 5310 Firmware"	1.5 Search vendor "Korenix" for product "Jetwave 5310 Firmware" and version "1.5"	-	Affected	in	Korenix Search vendor "Korenix"	Jetwave 5310 Search vendor "Korenix" for product "Jetwave 5310"	-	-	Safe
Korenix Search vendor "Korenix"	Jetwave 5010 Firmware Search vendor "Korenix" for product "Jetwave 5010 Firmware"	3.1a Search vendor "Korenix" for product "Jetwave 5010 Firmware" and version "3.1a"	-	Affected	in	Korenix Search vendor "Korenix"	Jetwave 5010 Search vendor "Korenix" for product "Jetwave 5010"	-	-	Safe
Korenix Search vendor "Korenix"	Jetwave 4706f Firmware Search vendor "Korenix" for product "Jetwave 4706f Firmware"	2.3b Search vendor "Korenix" for product "Jetwave 4706f Firmware" and version "2.3b"	-	Affected	in	Korenix Search vendor "Korenix"	Jetwave 4706f Search vendor "Korenix" for product "Jetwave 4706f"	-	-	Safe
Korenix Search vendor "Korenix"	Jetwave 4706 Firmware Search vendor "Korenix" for product "Jetwave 4706 Firmware"	2.3b Search vendor "Korenix" for product "Jetwave 4706 Firmware" and version "2.3b"	-	Affected	in	Korenix Search vendor "Korenix"	Jetwave 4706 Search vendor "Korenix" for product "Jetwave 4706"	-	-	Safe
Korenix Search vendor "Korenix"	Jetwave 4510 Firmware Search vendor "Korenix" for product "Jetwave 4510 Firmware"	3.0b Search vendor "Korenix" for product "Jetwave 4510 Firmware" and version "3.0b"	-	Affected	in	Korenix Search vendor "Korenix"	Jetwave 4510 Search vendor "Korenix" for product "Jetwave 4510"	-	-	Safe
Westermo Search vendor "Westermo"	Pmi-110-f2g Firmware Search vendor "Westermo" for product "Pmi-110-f2g Firmware"	1.5 Search vendor "Westermo" for product "Pmi-110-f2g Firmware" and version "1.5"	-	Affected	in	Westermo Search vendor "Westermo"	Pmi-110-f2g Search vendor "Westermo" for product "Pmi-110-f2g"	-	-	Safe