Vulnerability Details CVE-2020-12504
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below has an active TFTP-Service.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.015
EPSS Ranking 79.8%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html
- http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html
- http://seclists.org/fulldisclosure/2021/Jun/0
- https://cert.vde.com/de-de/advisories/vde-2020-040
- https://cert.vde.com/en-us/advisories/vde-2020-053
- https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/
- http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html
- http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html
- http://seclists.org/fulldisclosure/2021/Jun/0
- https://cert.vde.com/de-de/advisories/vde-2020-040
- https://cert.vde.com/en-us/advisories/vde-2020-053
- https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/
Products affected by CVE-2020-12504
-
cpe:2.3:h:korenix:jetwave_2212g:-
-
cpe:2.3:h:korenix:jetwave_2212s:-
-
cpe:2.3:h:korenix:jetwave_2212x:-
-
cpe:2.3:h:korenix:jetwave_2311:-
-
cpe:2.3:h:korenix:jetwave_3220:-
-
cpe:2.3:h:korenix:jetwave_3420:-
-
cpe:2.3:h:korenix:jetwave_4510:-
-
cpe:2.3:h:korenix:jetwave_4706:-
-
cpe:2.3:h:korenix:jetwave_4706f:-
-
cpe:2.3:h:korenix:jetwave_5010:-
-
cpe:2.3:h:korenix:jetwave_5310:-
-
cpe:2.3:h:korenix:jetwave_5428g-20sfp:-
-
cpe:2.3:h:korenix:jetwave_5810g:-
-
cpe:2.3:h:pepperl-fuchs:es7506:-
-
cpe:2.3:h:pepperl-fuchs:es7510-xt:-
-
cpe:2.3:h:pepperl-fuchs:es7510:-
-
cpe:2.3:h:pepperl-fuchs:es7528:-
-
cpe:2.3:h:pepperl-fuchs:es8508:-
-
cpe:2.3:h:pepperl-fuchs:es8508f:-
-
cpe:2.3:h:pepperl-fuchs:es8509-xt:-
-
cpe:2.3:h:pepperl-fuchs:es8510-xt:-
-
cpe:2.3:h:pepperl-fuchs:es8510-xte:-
-
cpe:2.3:h:pepperl-fuchs:es8510:-
-
cpe:2.3:h:pepperl-fuchs:es9528-xt:-
-
cpe:2.3:h:pepperl-fuchs:es9528-xtv2:-
-
cpe:2.3:h:pepperl-fuchs:es9528:-
-
cpe:2.3:h:pepperl-fuchs:icrl-m-16rj45/4cp-g-din:-
-
cpe:2.3:h:pepperl-fuchs:icrl-m-8rj45/4sfp-g-din:-
-
cpe:2.3:h:westermo:pmi-110-f2g:-
-
cpe:2.3:o:korenix:jetwave_2212g_firmware:1.4
-
cpe:2.3:o:korenix:jetwave_2212s_firmware:1.5
-
cpe:2.3:o:korenix:jetwave_2212x_firmware:1.5
-
cpe:2.3:o:korenix:jetwave_2311_firmware:1.2
-
cpe:2.3:o:korenix:jetwave_3220_firmware:1.2
-
cpe:2.3:o:korenix:jetwave_3420_firmware:1.1.3t
-
cpe:2.3:o:korenix:jetwave_4510_firmware:3.0b
-
cpe:2.3:o:korenix:jetwave_4706_firmware:2.3b
-
cpe:2.3:o:korenix:jetwave_4706f_firmware:2.3b
-
cpe:2.3:o:korenix:jetwave_5010_firmware:3.1a
-
cpe:2.3:o:korenix:jetwave_5310_firmware:1.5
-
cpe:2.3:o:korenix:jetwave_5428g-20sfp_firmware:1.0
-
cpe:2.3:o:korenix:jetwave_5810g_firmware:1.1
-
cpe:2.3:o:pepperl-fuchs:es7506_firmware:-
-
cpe:2.3:o:pepperl-fuchs:es7506_firmware:2.1b
-
cpe:2.3:o:pepperl-fuchs:es7510-xt_firmware:-
-
cpe:2.3:o:pepperl-fuchs:es7510_firmware:-
-
cpe:2.3:o:pepperl-fuchs:es7510_firmware:3.1a
-
cpe:2.3:o:pepperl-fuchs:es7528_firmware:-
-
cpe:2.3:o:pepperl-fuchs:es8508_firmware:-
-
cpe:2.3:o:pepperl-fuchs:es8508f_firmware:-
-
cpe:2.3:o:pepperl-fuchs:es8509-xt_firmware:-
-
cpe:2.3:o:pepperl-fuchs:es8509-xt_firmware:2.1a
-
cpe:2.3:o:pepperl-fuchs:es8510-xt_firmware:-
-
cpe:2.3:o:pepperl-fuchs:es8510-xt_firmware:3.1a
-
cpe:2.3:o:pepperl-fuchs:es8510-xte_firmware:-
-
cpe:2.3:o:pepperl-fuchs:es8510_firmware:-
-
cpe:2.3:o:pepperl-fuchs:es9528-xt_firmware:-
-
cpe:2.3:o:pepperl-fuchs:es9528-xtv2_firmware:-
-
cpe:2.3:o:pepperl-fuchs:es9528-xtv2_firmware:2.1a
-
cpe:2.3:o:pepperl-fuchs:es9528_firmware:-
-
cpe:2.3:o:pepperl-fuchs:icrl-m-16rj45/4cp-g-din_firmware:-
-
cpe:2.3:o:pepperl-fuchs:icrl-m-16rj45/4cp-g-din_firmware:1.2.3
-
cpe:2.3:o:pepperl-fuchs:icrl-m-8rj45/4sfp-g-din_firmware:-
-
cpe:2.3:o:pepperl-fuchs:icrl-m-8rj45/4sfp-g-din_firmware:1.2.3
-
cpe:2.3:o:westermo:pmi-110-f2g_firmware:1.5