First published: Wed Oct 07 2020(Updated: )
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to multiple authenticated command injections.
Credit: info@cert.vde.com
Affected Software | Affected Version | How to fix |
---|---|---|
Pepperl-fuchs Es7510-xt Firmware | ||
Pepperl-fuchs Es7510-xt | ||
Pepperl-fuchs Es8509-xt Firmware | ||
Pepperl-fuchs Es8509-xt | ||
Pepperl-fuchs Es8510-xt Firmware | ||
Pepperl-fuchs Es8510-xt | ||
Pepperl-fuchs Es9528-xtv2 Firmware | ||
Pepperl-fuchs Es9528-xtv2 | ||
Pepperl-fuchs Es7506 Firmware | ||
Pepperl-fuchs Es7506 | ||
Pepperl-fuchs Es7510 Firmware | ||
Pepperl-fuchs Es7510 | ||
Pepperl-fuchs Es7528 Firmware | ||
Pepperl-fuchs Es7528 | ||
Pepperl-fuchs Es8508 Firmware | ||
Pepperl-fuchs Es8508 | ||
Pepperl-fuchs Es8508f Firmware | ||
Pepperl-fuchs Es8508f | ||
Pepperl-fuchs Es8510 Firmware | ||
Pepperl-fuchs Es8510 | ||
Pepperl-fuchs Es8510-xte Firmware | ||
Pepperl-fuchs Es8510-xte | ||
Pepperl-fuchs Es9528 Firmware | ||
Pepperl-fuchs Es9528 | ||
Pepperl-fuchs Es9528-xt Firmware | ||
Pepperl-fuchs Es9528-xt | ||
Pepperl-fuchs Icrl-m-8rj45\/4sfp-g-din Firmware | <=1.3.1 | |
Pepperl-fuchs Icrl-m-8rj45\/4sfp-g-din | ||
Pepperl-fuchs Icrl-m-16rj45\/4cp-g-din Firmware | <=1.3.1 | |
Pepperl-fuchs Icrl-m-16rj45\/4cp-g-din | ||
Korenix Jetnet 5428g-20sfp Firmware | ||
Korenix Jetnet 5428g-20sfp | ||
Korenix Jetnet 5810g Firmware | ||
Korenix Jetnet 5810g | ||
Korenix Jetnet 4706f Firmware | ||
Korenix Jetnet 4706f | ||
Korenix Jetnet 4706 Firmware | ||
Korenix Jetnet 4706 | ||
Korenix Jetnet 4510 Firmware | ||
Korenix Jetnet 4510 | ||
Korenix Jetnet 5010 Firmware | ||
Korenix Jetnet 5010 | ||
Korenix Jetnet 5310 Firmware | ||
Korenix Jetnet 5310 | ||
Korenix Jetnet 6095 Firmware | ||
Korenix Jetnet 6095 | ||
Pepperl-fuchs Icrl-m-16rj45\/4cp-g-din Firmware | ||
Pepperl-fuchs Icrl-m-8rj45\/4sfp-g-din Firmware | ||
Korenix Jetwave 2212x Firmware | ||
Korenix Jetwave 2212x | ||
Korenix Jetwave 2212s Firmware | ||
Korenix Jetwave 2212s | ||
Korenix Jetwave 2212g Firmware | ||
Korenix Jetwave 2212g | ||
Korenix Jetwave 2311 Firmware | ||
Korenix Jetwave 2311 | ||
Korenix Jetwave 3220 Firmware | ||
Korenix Jetwave 3220 |
An external protective measure is required. 1) Traffic from untrusted networks to the device should be blocked by a firewall. Especially traffic targeting the administration webpage. 2) Administrator and user access should be protected by a secure password and only be available to a very limited group of people.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.