CVE-2020-12504

Exploit

EPSS 1.47%
Published 15.10.2020 19:15:11
Last modified 21.11.2024 04:59:49
Source info@cert.vde.com
Teams watchlist Login
Open Login

Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below has an active TFTP-Service.

Affected products Warnungen 0 Metrics 4 CWE 1 References 9

Data is provided by the National Vulnerability Database (NVD)

Pepperl-fuchs ≫ Es7510-xt Firmware Version < 2.1.1

Pepperl-fuchs ≫ Es7510-xt Version-

Pepperl-fuchs ≫ Es8509-xt Firmware

Pepperl-fuchs ≫ Es8509-xt Version-

Pepperl-fuchs ≫ Es8510-xt Firmware

Pepperl-fuchs ≫ Es8510-xt Version-

Pepperl-fuchs ≫ Es9528-xtv2 Firmware

Pepperl-fuchs ≫ Es9528-xtv2 Version-

Pepperl-fuchs ≫ Es7506 Firmware

Pepperl-fuchs ≫ Es7506 Version-

Pepperl-fuchs ≫ Es7510 Firmware

Pepperl-fuchs ≫ Es7510 Version-

Pepperl-fuchs ≫ Es7528 Firmware

Pepperl-fuchs ≫ Es7528 Version-

Pepperl-fuchs ≫ Es8508 Firmware

Pepperl-fuchs ≫ Es8508 Version-

Pepperl-fuchs ≫ Es8508f Firmware

Pepperl-fuchs ≫ Es8508f Version-

Pepperl-fuchs ≫ Es8510 Firmware Version < 3.1.1

Pepperl-fuchs ≫ Es8510 Version-

Pepperl-fuchs ≫ Es8510-xte Firmware

Pepperl-fuchs ≫ Es8510-xte Version-

Pepperl-fuchs ≫ Es9528 Firmware

Pepperl-fuchs ≫ Es9528 Version-

Pepperl-fuchs ≫ Es9528-xt Firmware

Pepperl-fuchs ≫ Es9528-xt Version-

Pepperl-fuchs ≫ Icrl-m-8rj45/4sfp-g-din Firmware Version <= 1.2.3

Pepperl-fuchs ≫ Icrl-m-8rj45/4sfp-g-din Version-

Pepperl-fuchs ≫ Icrl-m-16rj45/4cp-g-din Firmware Version <= 1.2.3

Pepperl-fuchs ≫ Icrl-m-16rj45/4cp-g-din Version-

Korenix ≫ Jetwave 2212s Firmware Version1.5

Korenix ≫ Jetwave 2212s Version-

Korenix ≫ Jetwave 2212g Firmware Version1.4

Korenix ≫ Jetwave 2212g Version-

Korenix ≫ Jetwave 2311 Firmware Version1.2

Korenix ≫ Jetwave 2311 Version-

Korenix ≫ Jetwave 3220 Firmware Version1.2

Korenix ≫ Jetwave 3220 Version-

Korenix ≫ Jetwave 3420 Firmware Version1.1.3t

Korenix ≫ Jetwave 3420 Version-

Korenix ≫ Jetwave 2212x Firmware Version1.5

Korenix ≫ Jetwave 2212x Version-

Korenix ≫ Jetwave 5428g-20sfp Firmware Version1.0

Korenix ≫ Jetwave 5428g-20sfp Version-

Korenix ≫ Jetwave 5810g Firmware Version1.1

Korenix ≫ Jetwave 5810g Version-

Korenix ≫ Jetwave 5310 Firmware Version1.5

Korenix ≫ Jetwave 5310 Version-

Korenix ≫ Jetwave 5010 Firmware Version3.1a

Korenix ≫ Jetwave 5010 Version-

Korenix ≫ Jetwave 4706f Firmware Version2.3b

Korenix ≫ Jetwave 4706f Version-

Korenix ≫ Jetwave 4706 Firmware Version2.3b

Korenix ≫ Jetwave 4706 Version-

Korenix ≫ Jetwave 4510 Firmware Version3.0b

Korenix ≫ Jetwave 4510 Version-

Westermo ≫ Pmi-110-f2g Firmware Version1.5

Westermo ≫ Pmi-110-f2g Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.47%	0.791

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
info@cert.vde.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-912 Hidden Functionality

The product contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the product's users or administrators.

http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html

Third Party Advisory

Exploit

VDB Entry

http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html

Third Party Advisory

Exploit

VDB Entry

http://seclists.org/fulldisclosure/2021/Jun/0

Third Party Advisory

Exploit

Mailing List