VDB
CVE-2020-12503
CVE-2020-12503
PUBLISHED
CVSS 7.199999809265137 HIGH
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to multiple authenticated command injections.
EPSS 6.42% · 91.2th percentile
Risk Scores
CVSS 3.1
7.199999809265137
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score
6.42%
91.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| korenix | jetwave_2212x_firmware | |
| korenix | jetnet_4510_firmware | |
| pepperl-fuchs | es9528-xt_firmware | |
| pepperl-fuchs | es9528-xtv2_firmware | |
| korenix | jetwave_2212s_firmware | |
| pepperl-fuchs | es8508_firmware | |
| pepperl-fuchs | es7506_firmware | |
| pepperl-fuchs | icrl-m-16rj45\/4cp-g-din_firmware | 0 |
| korenix | jetnet_5810g_firmware | |
| korenix | jetwave_2311_firmware | |
| korenix | jetnet_4706_firmware | |
| korenix | jetnet_5310_firmware | |
| korenix | jetwave_2212g_firmware | |
| korenix | jetnet_4706f_firmware | |
| Korenix | JetNet | 5428G-20SFP, 5310, * |
| Westermo | PMI-110-F2G | unspecified |
| pepperl-fuchs | es7528_firmware | |
| korenix | jetnet_5010_firmware | |
| korenix | jetnet_5428g-20sfp_firmware | |
| pepperl-fuchs | es8508f_firmware |
…and 11 more
Exploit Intelligence
- CIRCL seen: CVE-2020-12503 (circl-sighting)
- CIRCL seen: CVE-2020-12503 (circl-sighting)
- https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/ (circl)
- https://cert.vde.com/de-de/advisories/vde-2020-040 (circl)
- https://cert.vde.com/en-us/advisories/vde-2020-053 (circl)
- http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html (circl)
- http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html (circl)
- 20210601 SEC Consult SA-20210601-0 :: Multiple critical vulnerabilities in Korenix Technology JetNet Series (circl)
- Korenix Technology JetWave CSRF / Command Injection / Missing Authentication Vulnerabilities (0day-today)
- Korenix Technology JetWave CSRF / Command Injection / Missing Authentication Vulnerabilities (0day-today)
…and 4 more exploits
Timeline
- Oct 7, 2020 PoC Published
- Oct 12, 2020 PoC Published
- Oct 15, 2020 CVE Published
- Oct 15, 2020 PoC Published
- Apr 14, 2021 EPSS Score
- Jun 1, 2021 PoC Published
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 5, 2022 PoC Published
- Feb 8, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
References
- https://cert.vde.com/de-de/advisories/vde-2020-040 url
- 20210601 SEC Consult SA-20210601-0 :: Multiple critical vulnerabilities in Korenix Technology JetNet Series mailing-list
- http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html url
- https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/ url
- https://cert.vde.com/en-us/advisories/vde-2020-053 url
- http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html url
- https://nvd.nist.gov/vuln/detail/CVE-2020-12503 advisory
- https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs url