Vulnerability Details CVE-2020-12503
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to multiple authenticated command injections.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.056
EPSS Ranking 89.8%
CVSS Severity
CVSS v3 Score 7.2
CVSS v2 Score 6.5
References
- http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html
- http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html
- http://seclists.org/fulldisclosure/2021/Jun/0
- https://cert.vde.com/de-de/advisories/vde-2020-040
- https://cert.vde.com/en-us/advisories/vde-2020-053
- https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/
- http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html
- http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html
- http://seclists.org/fulldisclosure/2021/Jun/0
- https://cert.vde.com/de-de/advisories/vde-2020-040
- https://cert.vde.com/en-us/advisories/vde-2020-053
- https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/
Products affected by CVE-2020-12503
-
cpe:2.3:h:korenix:jetnet_4510:-
-
cpe:2.3:h:korenix:jetnet_4706:-
-
cpe:2.3:h:korenix:jetnet_4706f:-
-
cpe:2.3:h:korenix:jetnet_5010:-
-
cpe:2.3:h:korenix:jetnet_5310:-
-
cpe:2.3:h:korenix:jetnet_5428g-20sfp:-
-
cpe:2.3:h:korenix:jetnet_5810g:-
-
cpe:2.3:h:korenix:jetnet_6095:-
-
cpe:2.3:h:korenix:jetwave_2212g:-
-
cpe:2.3:h:korenix:jetwave_2212s:-
-
cpe:2.3:h:korenix:jetwave_2212x:-
-
cpe:2.3:h:korenix:jetwave_2311:-
-
cpe:2.3:h:korenix:jetwave_3220:-
-
cpe:2.3:h:pepperl-fuchs:es7506:-
-
cpe:2.3:h:pepperl-fuchs:es7510-xt:-
-
cpe:2.3:h:pepperl-fuchs:es7510:-
-
cpe:2.3:h:pepperl-fuchs:es7528:-
-
cpe:2.3:h:pepperl-fuchs:es8508:-
-
cpe:2.3:h:pepperl-fuchs:es8508f:-
-
cpe:2.3:h:pepperl-fuchs:es8509-xt:-
-
cpe:2.3:h:pepperl-fuchs:es8510-xt:-
-
cpe:2.3:h:pepperl-fuchs:es8510-xte:-
-
cpe:2.3:h:pepperl-fuchs:es8510:-
-
cpe:2.3:h:pepperl-fuchs:es9528-xt:-
-
cpe:2.3:h:pepperl-fuchs:es9528-xtv2:-
-
cpe:2.3:h:pepperl-fuchs:es9528:-
-
cpe:2.3:h:pepperl-fuchs:icrl-m-16rj45/4cp-g-din:-
-
cpe:2.3:h:pepperl-fuchs:icrl-m-8rj45/4sfp-g-din:-
-
cpe:2.3:o:korenix:jetnet_4510_firmware:-
-
cpe:2.3:o:korenix:jetnet_4706_firmware:-
-
cpe:2.3:o:korenix:jetnet_4706f_firmware:-
-
cpe:2.3:o:korenix:jetnet_5010_firmware:-
-
cpe:2.3:o:korenix:jetnet_5310_firmware:-
-
cpe:2.3:o:korenix:jetnet_5428g-20sfp_firmware:-
-
cpe:2.3:o:korenix:jetnet_5810g_firmware:-
-
cpe:2.3:o:korenix:jetnet_6095_firmware:-
-
cpe:2.3:o:korenix:jetwave_2212g_firmware:-
-
cpe:2.3:o:korenix:jetwave_2212s_firmware:-
-
cpe:2.3:o:korenix:jetwave_2212x_firmware:-
-
cpe:2.3:o:korenix:jetwave_2311_firmware:-
-
cpe:2.3:o:korenix:jetwave_3220_firmware:-
-
cpe:2.3:o:pepperl-fuchs:es7506_firmware:-
-
cpe:2.3:o:pepperl-fuchs:es7506_firmware:2.1b
-
cpe:2.3:o:pepperl-fuchs:es7510-xt_firmware:-
-
cpe:2.3:o:pepperl-fuchs:es7510-xt_firmware:2.1b
-
cpe:2.3:o:pepperl-fuchs:es7510_firmware:-
-
cpe:2.3:o:pepperl-fuchs:es7510_firmware:3.1a
-
cpe:2.3:o:pepperl-fuchs:es7528_firmware:-
-
cpe:2.3:o:pepperl-fuchs:es8508_firmware:-
-
cpe:2.3:o:pepperl-fuchs:es8508f_firmware:-
-
cpe:2.3:o:pepperl-fuchs:es8509-xt_firmware:-
-
cpe:2.3:o:pepperl-fuchs:es8509-xt_firmware:2.1a
-
cpe:2.3:o:pepperl-fuchs:es8510-xt_firmware:-
-
cpe:2.3:o:pepperl-fuchs:es8510-xt_firmware:3.1a
-
cpe:2.3:o:pepperl-fuchs:es8510-xte_firmware:-
-
cpe:2.3:o:pepperl-fuchs:es8510_firmware:-
-
cpe:2.3:o:pepperl-fuchs:es8510_firmware:3.1a
-
cpe:2.3:o:pepperl-fuchs:es9528-xt_firmware:-
-
cpe:2.3:o:pepperl-fuchs:es9528-xtv2_firmware:-
-
cpe:2.3:o:pepperl-fuchs:es9528-xtv2_firmware:2.1a
-
cpe:2.3:o:pepperl-fuchs:es9528_firmware:-
-
cpe:2.3:o:pepperl-fuchs:icrl-m-16rj45/4cp-g-din_firmware:-
-
cpe:2.3:o:pepperl-fuchs:icrl-m-16rj45/4cp-g-din_firmware:1.2.3
-
cpe:2.3:o:pepperl-fuchs:icrl-m-16rj45/4cp-g-din_firmware:1.3.1
-
cpe:2.3:o:pepperl-fuchs:icrl-m-8rj45/4sfp-g-din_firmware:-
-
cpe:2.3:o:pepperl-fuchs:icrl-m-8rj45/4sfp-g-din_firmware:1.2.3
-
cpe:2.3:o:pepperl-fuchs:icrl-m-8rj45/4sfp-g-din_firmware:1.3.1