First published: Thu Oct 15 2020(Updated: )
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to unauthenticated device administration.
Credit: info@cert.vde.com
Affected Software | Affected Version | How to fix |
---|---|---|
Pepperl-fuchs Es7510-xt Firmware | ||
Pepperl-fuchs Es7510-xt | ||
Pepperl-fuchs Es8509-xt Firmware | ||
Pepperl-fuchs Es8509-xt | ||
Pepperl-fuchs Es8510-xt Firmware | ||
Pepperl-fuchs Es8510-xt | ||
Pepperl-fuchs Es9528-xtv2 Firmware | ||
Pepperl-fuchs Es9528-xtv2 | ||
Pepperl-fuchs Es7506 Firmware | ||
Pepperl-fuchs Es7506 | ||
Pepperl-fuchs Es7510 Firmware | ||
Pepperl-fuchs Es7510 | ||
Pepperl-fuchs Es7528 Firmware | ||
Pepperl-fuchs Es7528 | ||
Pepperl-fuchs Es8508 Firmware | ||
Pepperl-fuchs Es8508 | ||
Pepperl-fuchs Es8508f Firmware | ||
Pepperl-fuchs Es8508f | ||
Pepperl-fuchs Es8510 Firmware | ||
Pepperl-fuchs Es8510 | ||
Pepperl-fuchs Es8510-xte Firmware | ||
Pepperl-fuchs Es8510-xte | ||
Pepperl-fuchs Es9528 Firmware | ||
Pepperl-fuchs Es9528 | ||
Pepperl-fuchs Es9528-xt Firmware | ||
Pepperl-fuchs Es9528-xt | ||
Pepperl-fuchs Icrl-m-8rj45\/4sfp-g-din Firmware | <=1.2.3 | |
Pepperl-fuchs Icrl-m-8rj45\/4sfp-g-din | ||
Pepperl-fuchs Icrl-m-16rj45\/4cp-g-din Firmware | <=1.2.3 | |
Pepperl-fuchs Icrl-m-16rj45\/4cp-g-din | ||
Korenix Jetnet 5428g-20sfp Firmware | ||
Korenix Jetnet 5428g-20sfp | ||
Korenix Jetnet 5810g Firmware | ||
Korenix Jetnet 5810g | ||
Korenix Jetnet 4706f Firmware | ||
Korenix Jetnet 4706f | ||
Korenix Jetnet 4706 Firmware | ||
Korenix Jetnet 4706 | ||
Korenix Jetnet 4510 Firmware | ||
Korenix Jetnet 4510 | ||
Korenix Jetnet 5010 Firmware | ||
Korenix Jetnet 5010 | ||
Korenix Jetnet 5310 Firmware | ||
Korenix Jetnet 5310 | ||
Korenix Jetnet 6095 Firmware | ||
Korenix Jetnet 6095 | ||
Pepperl-fuchs Icrl-m-8rj45\/4sfp-g-din Firmware | <1.4 | |
Pepperl-fuchs Icrl-m-16rj45\/4cp-g-din Firmware | <1.4.0 |
An external protective measure is required. 1) Traffic from untrusted networks to the device should be blocked by a firewall. Especially traffic targeting the administration webpage. 2) Administrator and user access should be protected by a secure password and only be available to a very limited group of people.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2020-12502.
The severity level of CVE-2020-12502 is high (8.8).
Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below are affected.
CVE-2020-12502 is an Improper Authorization vulnerability in Pepperl+Fuchs P+F Comtrol RocketLinx ES series firmware and ICRL-M devices FW 1.2.3 and below, which could allow unauthorized access.
Yes, you can find more details on CVE-2020-12502 vulnerability at the following references: [Reference 1](http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html), [Reference 2](http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html), [Reference 3](http://seclists.org/fulldisclosure/2021/Jun/0).