VDB
CVE-2020-12501
CVE-2020-12501
PUBLISHED
CVSS 9.800000190734863 CRITICAL
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) use undocumented accounts.
EPSS 0.94% · 76.7th percentile
Risk Scores
CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.94%
76.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| pepperl-fuchs | es7510-xt_firmware | |
| Westermo | PMI-110-F2G | * |
| pepperl-fuchs | es9528-xtv2_firmware | |
| Korenix | JetNet | 4510, 5810G, 5310 |
| korenix | jetnet5310_firmware | |
| pepperl-fuchs | es8510-xte_firmware | |
| korenix | jetnet4706f_firmware | |
| korenix | jetwave_2212x_firmware | |
| korenix | jetwave_2212s_firmware | |
| korenix | jetnet5428g-20sfp_firmware | |
| pepperl-fuchs | es8510-xt_firmware | |
| pepperl-fuchs | es8509-xt_firmware | |
| korenix | jetnet5810g_firmware | |
| korenix | jetwave_2212g_firmware | |
| pepperl-fuchs | es9528-xt_firmware | |
| korenix | jetwave_2311_firmware | |
| pepperl-fuchs | es8508_firmware | |
| pepperl-fuchs | es8510_firmware | |
| korenix | jetwave_3220_firmware | |
| pepperl-fuchs | es7510_firmware |
…and 9 more
Exploit Intelligence
- CIRCL seen: CVE-2020-12501 (circl-sighting)
- CIRCL seen: CVE-2020-12501 (circl-sighting)
- http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html (circl)
- https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/ (circl)
- https://cert.vde.com/de-de/advisories/vde-2020-040 (circl)
- 20220603 SEC Consult SA-20220531-0 :: Backdoor account in Korenix JetPort 5601V3 (circl)
- http://packetstormsecurity.com/files/167409/Korenix-JetPort-5601V3-Backdoor-Account.html (circl)
- http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html (circl)
- 20210601 SEC Consult SA-20210601-0 :: Multiple critical vulnerabilities in Korenix Technology JetNet Series (circl)
- Korenix JetPort 5601V3 Backdoor Account Vulnerability (0day-today)
…and 7 more exploits
Timeline
- Oct 7, 2020 PoC Published
- Oct 12, 2020 PoC Published
- Oct 15, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 1, 2021 PoC Published
- Jun 23, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 5, 2022 PoC Published
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
References
- https://cert.vde.com/de-de/advisories/vde-2020-040 url
- 20210601 SEC Consult SA-20210601-0 :: Multiple critical vulnerabilities in Korenix Technology JetNet Series mailing-list
- http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html url
- https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/ url
- http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html url
- 20220603 SEC Consult SA-20220531-0 :: Backdoor account in Korenix JetPort 5601V3 mailing-list
- http://packetstormsecurity.com/files/167409/Korenix-JetPort-5601V3-Backdoor-Account.html url
- https://nvd.nist.gov/vuln/detail/CVE-2020-12501 advisory
- https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs url