CVE-2020-12501: Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products
First published: Thu Oct 15 2020(Updated: )
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) use undocumented accounts.
Credit: info@cert.vde.com info@cert.vde.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Pepperl-fuchs Es7510-xt Firmware | ||
| Pepperl-fuchs Es7510-xt | ||
| All of | ||
| Pepperl-fuchs Es8509-xt Firmware | ||
| Pepperl-fuchs Es8509-xt | ||
| All of | ||
| Pepperl-fuchs Es8510-xt Firmware | ||
| Pepperl-fuchs Es8510-xt | ||
| All of | ||
| Pepperl-fuchs Es9528-xtv2 Firmware | ||
| Pepperl-fuchs Es9528-xtv2 | ||
| All of | ||
| Pepperl-fuchs Es7506 Firmware | ||
| Pepperl-fuchs Es7506 | ||
| All of | ||
| Pepperl-fuchs Es7510 Firmware | ||
| Pepperl-fuchs Es7510 | ||
| All of | ||
| Pepperl-fuchs Es7528 Firmware | ||
| Pepperl-fuchs Es7528 | ||
| All of | ||
| Pepperl-fuchs Es8508 Firmware | ||
| Pepperl-fuchs Es8508 | ||
| All of | ||
| Pepperl-fuchs Es8508f Firmware | ||
| Pepperl-fuchs Es8508f | ||
| All of | ||
| Pepperl-fuchs Es8510 Firmware | ||
| Pepperl-fuchs Es8510 | ||
| All of | ||
| Pepperl-fuchs Es8510-xte Firmware | ||
| Pepperl-fuchs Es8510-xte | ||
| All of | ||
| Pepperl-fuchs Es9528 Firmware | ||
| Pepperl-fuchs Es9528 | ||
| All of | ||
| Pepperl-fuchs Es9528-xt Firmware | ||
| Pepperl-fuchs Es9528-xt | ||
| All of | ||
| Korenix Jetnet5428g-20sfp Firmware | ||
| Korenix Jetnet 5428g-20sfp | ||
| All of | ||
| Korenix Jetnet5810g Firmware | ||
| Korenix Jetnet 5810g | ||
| All of | ||
| Korenix Jetnet4510 Firmware | ||
| Korenix Jetnet 4510 | ||
| All of | ||
| Korenix Jetnet5010 Firmware | ||
| Korenix Jetnet 5010 | ||
| All of | ||
| Korenix Jetnet5310 Firmware | ||
| Korenix Jetnet 5310 | ||
| All of | ||
| Korenix Jetnet6095 Firmware | ||
| Korenix Jetnet 6095 | ||
| All of | ||
| Korenix Jetnet4706 Firmware | ||
| Korenix Jetnet 4706 | ||
| All of | ||
| Korenix Jetwave 3220 Firmware | ||
| Korenix Jetwave 3220 | ||
| All of | ||
| Korenix Jetwave 2311 Firmware | ||
| Korenix Jetwave 2311 | ||
| All of | ||
| Korenix Jetnet4706f Firmware | ||
| Korenix Jetnet 4706f | ||
| All of | ||
| Korenix Jetwave 2212s Firmware | ||
| Korenix Jetwave 2212s | ||
| All of | ||
| Korenix Jetwave 2212g Firmware | ||
| Korenix Jetwave 2212g | ||
| All of | ||
| Korenix Jetwave 2212x Firmware | ||
| Korenix Jetwave 2212x | ||
| Pepperl-fuchs Es7510-xt Firmware | ||
| Pepperl-fuchs Es7510-xt | ||
| Pepperl-fuchs Es8509-xt Firmware | ||
| Pepperl-fuchs Es8509-xt | ||
| Pepperl-fuchs Es8510-xt Firmware | ||
| Pepperl-fuchs Es8510-xt | ||
| Pepperl-fuchs Es9528-xtv2 Firmware | ||
| Pepperl-fuchs Es9528-xtv2 | ||
| Pepperl-fuchs Es7506 Firmware | ||
| Pepperl-fuchs Es7506 | ||
| Pepperl-fuchs Es7510 Firmware | ||
| Pepperl-fuchs Es7510 | ||
| Pepperl-fuchs Es7528 Firmware | ||
| Pepperl-fuchs Es7528 | ||
| Pepperl-fuchs Es8508 Firmware | ||
| Pepperl-fuchs Es8508 | ||
| Pepperl-fuchs Es8508f Firmware | ||
| Pepperl-fuchs Es8508f | ||
| Pepperl-fuchs Es8510 Firmware | ||
| Pepperl-fuchs Es8510 | ||
| Pepperl-fuchs Es8510-xte Firmware | ||
| Pepperl-fuchs Es8510-xte | ||
| Pepperl-fuchs Es9528 Firmware | ||
| Pepperl-fuchs Es9528 | ||
| Pepperl-fuchs Es9528-xt Firmware | ||
| Pepperl-fuchs Es9528-xt | ||
| Korenix Jetnet5428g-20sfp Firmware | ||
| Korenix Jetnet5428g-20sfp | ||
| Korenix Jetnet5810g Firmware | ||
| Korenix Jetnet5810g | ||
| Korenix Jetnet4510 Firmware | ||
| Korenix Jetnet4510 | ||
| Korenix Jetnet5010 Firmware | ||
| Korenix Jetnet5010 | ||
| Korenix Jetnet5310 Firmware | ||
| Korenix Jetnet5310 | ||
| Korenix Jetnet6095 Firmware | ||
| Korenix Jetnet6095 | ||
| Korenix Jetnet4706 Firmware | ||
| Korenix Jetnet4706 | ||
| Korenix Jetwave 3220 Firmware | ||
| Korenix Jetwave 3220 | ||
| Korenix Jetwave 2311 Firmware | ||
| Korenix Jetwave 2311 | ||
| Korenix Jetnet4706f Firmware | ||
| Korenix Jetnet4706f | ||
| Korenix Jetwave 2212s Firmware | ||
| Korenix Jetwave 2212s | ||
| Korenix Jetwave 2212g Firmware | ||
| Korenix Jetwave 2212g | ||
| Korenix Jetwave 2212x Firmware | ||
| Korenix Jetwave 2212x |
Remedy
An external protective measure is required. 1) Traffic from untrusted networks to the device should be blocked by a firewall. Especially traffic targeting the administration webpage. 2) Administrator and user access should be protected by a secure password and only be available to a very limited group of people.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html
- http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html
- http://packetstormsecurity.com/files/167409/Korenix-JetPort-5601V3-Backdoor-Account.html
- http://seclists.org/fulldisclosure/2021/Jun/0
- http://seclists.org/fulldisclosure/2022/Jun/3
- https://cert.vde.com/de-de/advisories/vde-2020-040
- https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/
Frequently Asked Questions
What is the vulnerability ID for this security issue?
The vulnerability ID for this security issue is CVE-2020-12501.
What is the severity of CVE-2020-12501?
The severity of CVE-2020-12501 is critical with a CVSS score of 9.8.
Which products are affected by CVE-2020-12501?
The Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, and ES9528/ES9528-XT (all versions) are affected by CVE-2020-12501.
What is the vulnerability in Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, and ES9528/ES9528-XT?
The vulnerability in Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, and ES9528/ES9528-XT is an improper authorization issue that allows the use of undocumented accounts.
How can I fix the issue related to CVE-2020-12501?
To fix the issue related to CVE-2020-12501, it is recommended to apply the latest firmware update provided by Pepperl+Fuchs for the affected products.
- collector/nvd-index
- agent/type
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/references
- agent/weakness
- agent/softwarecombine
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/title
- agent/last-modified-date
- agent/severity
- agent/event
- agent/first-publish-date
- agent/tags
- vendor/pepperl-fuchs
- canonical/pepperl-fuchs es7510-xt firmware
- canonical/pepperl-fuchs es7510-xt
- canonical/pepperl-fuchs es8509-xt firmware
- canonical/pepperl-fuchs es8509-xt
- canonical/pepperl-fuchs es8510-xt firmware
- canonical/pepperl-fuchs es8510-xt
- canonical/pepperl-fuchs es9528-xtv2 firmware
- canonical/pepperl-fuchs es9528-xtv2
- canonical/pepperl-fuchs es7506 firmware
- canonical/pepperl-fuchs es7506
- canonical/pepperl-fuchs es7510 firmware
- canonical/pepperl-fuchs es7510
- canonical/pepperl-fuchs es7528 firmware
- canonical/pepperl-fuchs es7528
- canonical/pepperl-fuchs es8508 firmware
- canonical/pepperl-fuchs es8508
- canonical/pepperl-fuchs es8508f firmware
- canonical/pepperl-fuchs es8508f
- canonical/pepperl-fuchs es8510 firmware
- canonical/pepperl-fuchs es8510
- canonical/pepperl-fuchs es8510-xte firmware
- canonical/pepperl-fuchs es8510-xte
- canonical/pepperl-fuchs es9528 firmware
- canonical/pepperl-fuchs es9528
- canonical/pepperl-fuchs es9528-xt firmware
- canonical/pepperl-fuchs es9528-xt
- vendor/korenix
- canonical/korenix jetnet5428g-20sfp firmware
- canonical/korenix jetnet5428g-20sfp
- canonical/korenix jetnet5810g firmware
- canonical/korenix jetnet5810g
- canonical/korenix jetnet4510 firmware
- canonical/korenix jetnet4510
- canonical/korenix jetnet5010 firmware
- canonical/korenix jetnet5010
- canonical/korenix jetnet5310 firmware
- canonical/korenix jetnet5310
- canonical/korenix jetnet6095 firmware
- canonical/korenix jetnet6095
- canonical/korenix jetnet4706 firmware
- canonical/korenix jetnet4706
- canonical/korenix jetwave 3220 firmware
- canonical/korenix jetwave 3220
- canonical/korenix jetwave 2311 firmware
- canonical/korenix jetwave 2311
- canonical/korenix jetnet4706f firmware
- canonical/korenix jetnet4706f
- canonical/korenix jetwave 2212s firmware
- canonical/korenix jetwave 2212s
- canonical/korenix jetwave 2212g firmware
- canonical/korenix jetwave 2212g
- canonical/korenix jetwave 2212x firmware
- canonical/korenix jetwave 2212x
- canonical/korenix jetnet 5428g-20sfp
- canonical/korenix jetnet 5810g
- canonical/korenix jetnet 4510
- canonical/korenix jetnet 5010
- canonical/korenix jetnet 5310
- canonical/korenix jetnet 6095
- canonical/korenix jetnet 4706
- canonical/korenix jetnet 4706f