CVE-2020-12501

🗓️ 15 Oct 2020 18:42:56Reported by CERTVDEType

cve🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 159 Views

CVE-2020-12501 Improper Authorization vulnerability in Pepperl+Fuchs P+F Comtrol RocketLinx serie

Reporter	Title	Published	Views	Family All 13
0day.today	Korenix CSRF / Backdoor Accounts / Command Injection / Missing Authentication Vulnerabilities	1 Jun 202100:00	–	zdt
0day.today	Korenix Technology JetWave CSRF / Command Injection / Missing Authentication Vulnerabilities	5 Feb 202200:00	–	zdt
0day.today	Korenix JetPort 5601V3 Backdoor Account Vulnerability	7 Jun 202200:00	–	zdt
Circl	CVE-2020-12501	7 Oct 202011:00	–	circl
Cvelist	CVE-2020-12501 Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products	15 Oct 202018:42	–	cvelist
EUVD	EUVD-2020-4803	7 Oct 202500:30	–	euvd
NVD	CVE-2020-12501	15 Oct 202019:15	–	nvd
Packet Storm	Korenix CSRF / Backdoor Accounts / Command Injection / Missing Authentication	1 Jun 202100:00	–	packetstorm
Packet Storm	Korenix Technology JetWave CSRF / Command Injection / Missing Authentication	4 Feb 202200:00	–	packetstorm
Packet Storm	Korenix JetPort 5601V3 Backdoor Account	6 Jun 202200:00	–	packetstorm

NVD

Vulners

Node

pepperl-fuchs es7510-xt_firmware

AND

pepperl-fuchs es7510-xtMatch-

Node

pepperl-fuchs es8509-xt_firmware

AND

pepperl-fuchs es8509-xtMatch-

Node

pepperl-fuchs es8510-xt_firmware

AND

pepperl-fuchs es8510-xtMatch-

Node

pepperl-fuchs es9528-xtv2_firmware

AND

pepperl-fuchs es9528-xtv2Match-

Node

pepperl-fuchs es7506_firmware

AND

pepperl-fuchs es7506Match-

Node

pepperl-fuchs es7510_firmware

AND

pepperl-fuchs es7510Match-

Node

pepperl-fuchs es7528_firmware

AND

pepperl-fuchs es7528Match-

Node

pepperl-fuchs es8508_firmware

AND

pepperl-fuchs es8508Match-

Node

pepperl-fuchs es8508f_firmware

AND

pepperl-fuchs es8508fMatch-

Node

pepperl-fuchs es8510_firmware

AND

pepperl-fuchs es8510Match-

Node

pepperl-fuchs es8510-xte_firmware

AND

pepperl-fuchs es8510-xteMatch-

Node

pepperl-fuchs es9528_firmware

AND

pepperl-fuchs es9528Match-

Node

pepperl-fuchs es9528-xt_firmware

AND

pepperl-fuchs es9528-xtMatch-

Node

korenix jetnet5428g-20sfp_firmwareMatch-

AND

korenix jetnet_5428g-20sfpMatch-

Node

korenix jetnet5810g_firmwareMatch-

AND

korenix jetnet_5810gMatch-

Node

korenix jetnet4510_firmwareMatch-

AND

korenix jetnet_4510Match-

Node

korenix jetnet5010_firmwareMatch-

AND

korenix jetnet_5010Match-

Node

korenix jetnet5310_firmwareMatch-

AND

korenix jetnet_5310Match-

Node

korenix jetnet6095_firmwareMatch-

AND

korenix jetnet_6095Match-

Node

korenix jetnet4706_firmwareMatch-

AND

korenix jetnet_4706Match-

Node

korenix jetwave_3220_firmwareMatch-

AND

korenix jetwave_3220Match-

Node

korenix jetwave_2311_firmwareMatch-

AND

korenix jetwave_2311Match-

Node

korenix jetnet4706f_firmwareMatch-

AND

korenix jetnet_4706fMatch-

Node

korenix jetwave_2212s_firmwareMatch-

AND

korenix jetwave_2212sMatch-

Node

korenix jetwave_2212g_firmwareMatch-

AND

korenix jetwave_2212gMatch-

Node

korenix jetwave_2212x_firmwareMatch-

AND

korenix jetwave_2212xMatch-

[
  {
    "product": "P+F Comtrol RocketLinx",
    "vendor": "Pepperl+Fuchs",
    "versions": [
      {
        "status": "affected",
        "version": "ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F,  ES8510-XTE, ES9528/ES9528-XT all"
      },
      {
        "lessThan": "2.1.1",
        "status": "affected",
        "version": "ES7510-XT",
        "versionType": "custom"
      },
      {
        "lessThan": "3.1.1",
        "status": "affected",
        "version": "ES8510",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "JetNet",
    "vendor": "Korenix",
    "versions": [
      {
        "lessThanOrEqual": "V1.0",
        "status": "affected",
        "version": "5428G-20SFP",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "V1.1",
        "status": "affected",
        "version": "5810G",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "V2.3b",
        "status": "affected",
        "version": "4706F",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "V3.0b",
        "status": "affected",
        "version": "4510",
        "versionType": "custom"
      },
      {
        "lessThan": "V1.6",
        "status": "affected",
        "version": "5310",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "PMI-110-F2G",
    "vendor": "Westermo",
    "versions": [
      {
        "lessThan": "V1.8",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
cert	www.cert.vde.com/de-de/advisories/vde-2020-040
seclists	www.seclists.org/fulldisclosure/2021/Jun/0
packetstormsecurity	www.packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html
packetstormsecurity	www.packetstormsecurity.com/files/167409/Korenix-JetPort-5601V3-Backdoor-Account.html
seclists	www.seclists.org/fulldisclosure/2022/Jun/3
packetstormsecurity	www.packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html
sec-consult	www.sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/

21 Nov 2024 04:59Current

9.5High risk

Vulners AI Score9.5

CVSS 27.5

CVSS 3.19.8

EPSS0.00944

CWE-798