CVE-2020-12502 — HIGH (8.8)

Vulnerability Description

Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to unauthenticated device administration.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Pepperl-Fuchs	Es7510-Xt Firmware	All versions
Pepperl-Fuchs	Es7510-Xt	-
Pepperl-Fuchs	Es8509-Xt Firmware	All versions
Pepperl-Fuchs	Es8509-Xt	-
Pepperl-Fuchs	Es8510-Xt Firmware	All versions
Pepperl-Fuchs	Es8510-Xt	-
Pepperl-Fuchs	Es9528-Xtv2 Firmware	All versions
Pepperl-Fuchs	Es9528-Xtv2	-
Pepperl-Fuchs	Es7506 Firmware	All versions
Pepperl-Fuchs	Es7506	-
Pepperl-Fuchs	Es7510 Firmware	All versions
Pepperl-Fuchs	Es7510	-
Pepperl-Fuchs	Es7528 Firmware	All versions
Pepperl-Fuchs	Es7528	-
Pepperl-Fuchs	Es8508 Firmware	All versions
Pepperl-Fuchs	Es8508	-
Pepperl-Fuchs	Es8508F Firmware	All versions
Pepperl-Fuchs	Es8508F	-
Pepperl-Fuchs	Es8510 Firmware	All versions
Pepperl-Fuchs	Es8510	-

Related Weaknesses (CWE)

CWE-352

References

http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-CommaExploitThird Party AdvisoryVDB Entry
http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-CommExploitThird Party AdvisoryVDB Entry
http://seclists.org/fulldisclosure/2021/Jun/0Mailing ListThird Party Advisory
https://cert.vde.com/de-de/advisories/vde-2020-040Third Party Advisory
https://cert.vde.com/en-us/advisories/vde-2020-053Third Party Advisory
https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabiliExploitThird Party Advisory
http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-CommaExploitThird Party AdvisoryVDB Entry
http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-CommExploitThird Party AdvisoryVDB Entry
http://seclists.org/fulldisclosure/2021/Jun/0Mailing ListThird Party Advisory
https://cert.vde.com/de-de/advisories/vde-2020-040Third Party Advisory
https://cert.vde.com/en-us/advisories/vde-2020-053Third Party Advisory
https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabiliExploitThird Party Advisory

FAQ

What is CVE-2020-12502?

CVE-2020-12502 is a vulnerability with a CVSS score of 8.8 (HIGH). Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT...

How severe is CVE-2020-12502?

CVE-2020-12502 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-12502?

Check the references section above for vendor advisories and patch information. Affected products include: Pepperl-Fuchs Es7510-Xt Firmware, Pepperl-Fuchs Es7510-Xt, Pepperl-Fuchs Es8509-Xt Firmware, Pepperl-Fuchs Es8509-Xt, Pepperl-Fuchs Es8510-Xt Firmware.