Published: 15/10/2020 Updated: 29/04/2022

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to unauthenticated device administration.

Vulnerable Product	Search on Vulmon	Subscribe to Product
pepperl-fuchs es7510-xt firmware
pepperl-fuchs es8509-xt firmware
pepperl-fuchs es8510-xt firmware
pepperl-fuchs es9528-xtv2 firmware
pepperl-fuchs es7506 firmware
pepperl-fuchs es7510 firmware
pepperl-fuchs es7528 firmware
pepperl-fuchs es8508 firmware
pepperl-fuchs es8508f firmware
pepperl-fuchs es8510 firmware
pepperl-fuchs es8510-xte firmware
pepperl-fuchs es9528 firmware
pepperl-fuchs es9528-xt firmware
pepperl-fuchs icrl-m-8rj45/4sfp-g-din firmware
pepperl-fuchs icrl-m-16rj45/4cp-g-din firmware
korenix jetnet 5428g-20sfp firmware -
korenix jetnet 5810g firmware -
korenix jetnet 4706f firmware -
korenix jetnet 4706 firmware -
korenix jetnet 4510 firmware -
korenix jetnet 5010 firmware -
korenix jetnet 5310 firmware -
korenix jetnet 6095 firmware -

Multiple Korenix products are affected by unauthenticated device administration, backdoor accounts, cross site request forgery, unauthenticated tftp actions, and command injection vulnerabilities Products affected include JetNet 5428G-20SFP, JetNet 5810G, JetNet 4706F, JetNet 4706, JetNet 4706, JetNet 4510, JetNet 5010, JetNet 5310, and JetNet 609 ...

Korenix Technology JetWave products JetWave 2212X, JetWave 2212S, JetWave 2212G, JetWave 2311, and JetWave 3220 suffer from unauthenticated device administration, cross site request forgery, multiple command injection, and unauthenticated tftp action vulnerabilities ...

SEC Consult Vulnerability Lab Security Advisory < 20220131-0 > ======================================================================= title: Multiple Critical Vulnerabilities product: Korenix Technology JetWave products: JetWave 2212X, JetWave 2212S, JetWave 2212G, JetWa ...

SEC Consult Vulnerability Lab Security Advisory < 20210601-0 > ======================================================================= title: Multiple Critical Vulnerabilities product: Multiple Korenix Technology products: Korenix: JetNet 5428G-20SFP, JetNet 5810G, JetNet 4706F, ...

SEC Consult Vulnerability Lab Security Advisory < 20201005-0 > ======================================================================= title: Multiple Critical Vulnerabilities product: RocketLinx Series vulnerable version: See "Vulnerable / tested versions" fixed version: 131 (partial fix) CVE numbe ...

CWE-352 https://cert.vde.com/de-de/advisories/vde-2020-040 http://seclists.org/fulldisclosure/2021/Jun/0 http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/https://cert.vde.com/en-us/advisories/vde-2020-053 http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html https://nvd.nist.gov http://seclists.org/fulldisclosure/2022/Feb/4

CVE-2020-12502

Vulnerability Summary

Vulnerability Trend

Exploits

Mailing Lists

References

Vulmon Search

About

Products

Connect