VDB
CVE-2020-12502
CVE-2020-12502
PUBLISHED
CVSS 8.800000190734863 HIGH
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to unauthenticated device administration.
EPSS 0.67% · 71.7th percentile
Risk Scores
CVSS v3.1
8.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
0.67%
71.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Korenix | JetNet | 5428G-20SFP, 5310, 4510 |
| pepperl-fuchs | es8508_firmware | |
| pepperl-fuchs | es9528-xtv2_firmware | |
| pepperl-fuchs | es8510_firmware | |
| korenix | jetnet_5428g-20sfp_firmware | |
| pepperl-fuchs | es7506_firmware | |
| Westermo | PMI-110-F2G | unspecified |
| pepperl-fuchs | es7510_firmware | |
| korenix | jetnet_5810g_firmware | |
| korenix | jetnet_4706_firmware | |
| korenix | jetnet_4706f_firmware | |
| korenix | jetnet_5310_firmware | |
| korenix | jetnet_5010_firmware | |
| pepperl-fuchs | es9528-xt_firmware | |
| pepperl-fuchs | icrl-m-8rj45\/4sfp-g-din_firmware | 0, 0 |
| pepperl-fuchs | icrl-m-16rj45\/4cp-g-din_firmware | 0, 0 |
| pepperl-fuchs | es7510-xt_firmware | |
| pepperl-fuchs | es9528_firmware | |
| pepperl-fuchs | es7528_firmware | |
| korenix | jetnet_6095_firmware |
…and 6 more
Timeline
- Oct 7, 2020 PoC Published
- Oct 12, 2020 PoC Published
- Oct 15, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 1, 2021 PoC Published
- Jun 22, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 5, 2022 PoC Published
- Feb 8, 2022 EPSS Score
References
- https://cert.vde.com/de-de/advisories/vde-2020-040 url
- 20210601 SEC Consult SA-20210601-0 :: Multiple critical vulnerabilities in Korenix Technology JetNet Series mailing-list
- http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html url
- https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/ url
- https://cert.vde.com/en-us/advisories/vde-2020-053 url
- http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html url
- https://nvd.nist.gov/vuln/detail/CVE-2020-12502 advisory
- https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs url