Vulnerability-Lookup

VDE-2020-040

Vulnerability from csaf_pepperlfuchsse - Published: 2020-10-05 12:00 - Updated: 2020-10-05 12:00

Summary

Pepperl+Fuchs: Multiple Products prone to multiple vulnerabilities in Comtrol RocketLinux

Notes

Summary: Several critical vulnerabilities within Firmware have been identified. Please consult the CVEs for details.

Impact: Pepperl+Fuchs analyzed and identified affected devices. Remote attackers may exploit multiple vulnerabilities to get access to the device and execute any program and tap information.

Mitigation: An external protective measure is required. 1) Traffic from untrusted networks to the device should be blocked by a firewall. Especially traffic targeting the administration webpage. 2) Administrator and user access should be protected by a secure password and only be available to a very limited group of people.

CVE-2020-12504

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-912 - Hidden Functionality

Mitigation An external protective measure is required. 1) Traffic from untrusted networks to the device should be blocked by a firewall. Especially traffic targeting the administration webpage. 2) Administrator and user access should be protected by a secure password and only be available to a very limited group of people.

Affected products

Known affected 12 products

Product	Identifier	Version	Remediation
Unresolved product id: CSAFPID-31001		—
Unresolved product id: CSAFPID-31002		—
Unresolved product id: CSAFPID-31003		—
Unresolved product id: CSAFPID-31004		—
Unresolved product id: CSAFPID-31005		—
Unresolved product id: CSAFPID-31006		—
Unresolved product id: CSAFPID-31007		—
Unresolved product id: CSAFPID-31008		—
Unresolved product id: CSAFPID-31009		—
Unresolved product id: CSAFPID-31010		—
Unresolved product id: CSAFPID-31011		—
Unresolved product id: CSAFPID-31012		—

CVE-2020-12513

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-285 - Improper Authorization

Vendor Fix In order to prevent the exploitation of the reported vulnerabilities, we recommend that the affected units be updated with the following three firmware packages: - U-Boot bootloader version 1.36 or newer - System image version 1.52 or newer - Application base version 1.6.11 or newer

Affected products

Known affected 12 products

Product	Identifier	Version	Remediation
Unresolved product id: CSAFPID-31001		—
Unresolved product id: CSAFPID-31002		—
Unresolved product id: CSAFPID-31003		—
Unresolved product id: CSAFPID-31004		—
Unresolved product id: CSAFPID-31005		—
Unresolved product id: CSAFPID-31006		—
Unresolved product id: CSAFPID-31007		—
Unresolved product id: CSAFPID-31008		—
Unresolved product id: CSAFPID-31009		—
Unresolved product id: CSAFPID-31010		—
Unresolved product id: CSAFPID-31011		—
Unresolved product id: CSAFPID-31012		—

CVE-2020-12501

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-798 - Use of Hard-coded Credentials

Affected products

Known affected 12 products

Product	Identifier	Version	Remediation
Unresolved product id: CSAFPID-31001		—
Unresolved product id: CSAFPID-31002		—
Unresolved product id: CSAFPID-31003		—
Unresolved product id: CSAFPID-31004		—
Unresolved product id: CSAFPID-31005		—
Unresolved product id: CSAFPID-31006		—
Unresolved product id: CSAFPID-31007		—
Unresolved product id: CSAFPID-31008		—
Unresolved product id: CSAFPID-31009		—
Unresolved product id: CSAFPID-31010		—
Unresolved product id: CSAFPID-31011		—
Unresolved product id: CSAFPID-31012		—

CVE-2020-12502

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-352 - Cross-Site Request Forgery (CSRF)

Affected products

Known affected 12 products

Product	Identifier	Version	Remediation
Unresolved product id: CSAFPID-31001		—
Unresolved product id: CSAFPID-31002		—
Unresolved product id: CSAFPID-31003		—
Unresolved product id: CSAFPID-31004		—
Unresolved product id: CSAFPID-31005		—
Unresolved product id: CSAFPID-31006		—
Unresolved product id: CSAFPID-31007		—
Unresolved product id: CSAFPID-31008		—
Unresolved product id: CSAFPID-31009		—
Unresolved product id: CSAFPID-31010		—
Unresolved product id: CSAFPID-31011		—
Unresolved product id: CSAFPID-31012		—

CVE-2020-12503

7.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-20 - Improper Input Validation

Affected products

Known affected 12 products

Product	Identifier	Version	Remediation
Unresolved product id: CSAFPID-31001		—
Unresolved product id: CSAFPID-31002		—
Unresolved product id: CSAFPID-31003		—
Unresolved product id: CSAFPID-31004		—
Unresolved product id: CSAFPID-31005		—
Unresolved product id: CSAFPID-31006		—
Unresolved product id: CSAFPID-31007		—
Unresolved product id: CSAFPID-31008		—
Unresolved product id: CSAFPID-31009		—
Unresolved product id: CSAFPID-31010		—
Unresolved product id: CSAFPID-31011		—
Unresolved product id: CSAFPID-31012		—

References

3 references

URL	Category
https://certvde.com/de/advisories/vendor/pepperl+fuchs/	external
https://pepperl-fuchs.csaf-tp.certvde.com/.well-k…	self
https://certvde.com/de/advisories/VDE-2020-040/	self

Acknowledgments

CERT@VDE certvde.com

SEC Consult Vulnerability Lab T.Weber

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "organization": "CERT@VDE",
        "summary": "coordination",
        "urls": [
          "https://certvde.com"
        ]
      },
      {
        "names": [
          "T.Weber"
        ],
        "organization": "SEC Consult Vulnerability Lab",
        "summary": "reported"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-GB",
    "notes": [
      {
        "category": "summary",
        "text": "Several critical vulnerabilities within Firmware have been identified. Please consult the CVEs for details.",
        "title": "Summary"
      },
      {
        "category": "description",
        "text": "Pepperl+Fuchs analyzed and identified affected devices.\nRemote attackers may exploit multiple vulnerabilities to get access to the device and\nexecute any program and tap information.",
        "title": "Impact"
      },
      {
        "category": "description",
        "text": "An external protective measure is required.\n\n1) Traffic from untrusted networks to the device should be blocked by a firewall. Especially\ntraffic targeting the administration webpage.\n\n2) Administrator and user access should be protected by a secure password and only be\navailable to a very limited group of people.",
        "title": "Mitigation"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "cert@pepperl-fuchs.com",
      "name": "Pepperl+Fuchs SE",
      "namespace": "https://www.pepperl-fuchs.com"
    },
    "references": [
      {
        "category": "external",
        "summary": "CERT@VDE Security Advisories for Pepperl+Fuchs",
        "url": "https://certvde.com/de/advisories/vendor/pepperl+fuchs/"
      },
      {
        "category": "self",
        "summary": "VDE-2020-040: Pepperl+Fuchs: Multiple Products prone to multiple vulnerabilities in Comtrol RocketLinux - CSAF",
        "url": "https://pepperl-fuchs.csaf-tp.certvde.com/.well-known/csaf/white/2020/vde-2020-040.json"
      },
      {
        "category": "self",
        "summary": "VDE-2020-040: Pepperl+Fuchs: Multiple Products prone to multiple vulnerabilities in Comtrol RocketLinux - HTML",
        "url": "https://certvde.com/de/advisories/VDE-2020-040/"
      }
    ],
    "title": "Pepperl+Fuchs: Multiple Products prone to multiple vulnerabilities in Comtrol RocketLinux",
    "tracking": {
      "aliases": [
        "VDE-2020-040"
      ],
      "current_release_date": "2020-10-05T12:00:00.000Z",
      "generator": {
        "date": "2025-02-27T15:51:08.443Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.20"
        }
      },
      "id": "VDE-2020-040",
      "initial_release_date": "2020-10-05T12:00:00.000Z",
      "revision_history": [
        {
          "date": "2020-10-05T12:00:00.000Z",
          "number": "1",
          "summary": "initial revision"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "ES7506",
                "product": {
                  "name": "ES7506",
                  "product_id": "CSAFPID-11001"
                }
              },
              {
                "category": "product_name",
                "name": "ES7506",
                "product": {
                  "name": "ES7506",
                  "product_id": "CSAFPID-11002"
                }
              },
              {
                "category": "product_name",
                "name": "ES7510",
                "product": {
                  "name": "ES7510",
                  "product_id": "CSAFPID-11003"
                }
              },
              {
                "category": "product_name",
                "name": "ES7510-XT",
                "product": {
                  "name": "ES7510-XT",
                  "product_id": "CSAFPID-11004"
                }
              },
              {
                "category": "product_name",
                "name": "ES7528",
                "product": {
                  "name": "ES7528",
                  "product_id": "CSAFPID-11005"
                }
              },
              {
                "category": "product_name",
                "name": "ES8508",
                "product": {
                  "name": "ES8508",
                  "product_id": "CSAFPID-11006"
                }
              },
              {
                "category": "product_name",
                "name": "ES8508F",
                "product": {
                  "name": "ES8508F",
                  "product_id": "CSAFPID-11007"
                }
              },
              {
                "category": "product_name",
                "name": "ES8509-XT",
                "product": {
                  "name": "ES8509-XT",
                  "product_id": "CSAFPID-11008"
                }
              },
              {
                "category": "product_name",
                "name": "ES8510",
                "product": {
                  "name": "ES8510",
                  "product_id": "CSAFPID-11009"
                }
              },
              {
                "category": "product_name",
                "name": "ES8510-XT",
                "product": {
                  "name": "ES8510-XT",
                  "product_id": "CSAFPID-11010"
                }
              },
              {
                "category": "product_name",
                "name": "ES8510-XTE",
                "product": {
                  "name": "ES8510-XTE",
                  "product_id": "CSAFPID-11011"
                }
              },
              {
                "category": "product_name",
                "name": "ES9528/ES9528-XT",
                "product": {
                  "name": "ES9528/ES9528-XT",
                  "product_id": "CSAFPID-11012"
                }
              },
              {
                "category": "product_name",
                "name": "ES9528-XTv2",
                "product": {
                  "name": "ES9528-XTv2",
                  "product_id": "CSAFPID-11013"
                }
              }
            ],
            "category": "product_family",
            "name": "Hardware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Firmware vers:all/*",
                  "product_id": "CSAFPID-21001"
                }
              }
            ],
            "category": "product_family",
            "name": "Firmware"
          }
        ],
        "category": "vendor",
        "name": "Pepperl+Fuchs"
      }
    ],
    "product_groups": [
      {
        "group_id": "CSAFGID-0001",
        "product_ids": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-31004",
          "CSAFPID-31005",
          "CSAFPID-31006",
          "CSAFPID-31007",
          "CSAFPID-31008",
          "CSAFPID-31009",
          "CSAFPID-31010",
          "CSAFPID-31011",
          "CSAFPID-31012"
        ],
        "summary": "Affected products."
      }
    ],
    "relationships": [
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware vers:all/* installed on ES7506",
          "product_id": "CSAFPID-31001"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware vers:all/* installed on ES7506",
          "product_id": "CSAFPID-31002"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11002"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware vers:all/* installed on ES7510",
          "product_id": "CSAFPID-31003"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11003"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware vers:all/* installed on ES7510-XT",
          "product_id": "CSAFPID-31004"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11004"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware vers:all/* installed on ES7506",
          "product_id": "CSAFPID-31005"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11005"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware vers:all/* installed on ES8508",
          "product_id": "CSAFPID-31006"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11006"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware vers:all/* installed on ES8508F",
          "product_id": "CSAFPID-31007"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11007"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware vers:all/* installed on ES8509-XT",
          "product_id": "CSAFPID-31008"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11008"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware vers:all/* installed on ES8510",
          "product_id": "CSAFPID-31009"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11009"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware vers:all/* installed on ES8510-XT",
          "product_id": "CSAFPID-31010"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11010"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware vers:all/* installed on ES8510-XTE",
          "product_id": "CSAFPID-31011"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11011"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware vers:all/* installed on ES9528/ES9528-XT",
          "product_id": "CSAFPID-31012"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11012"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware vers:all/* installed on ES9528-XTv2",
          "product_id": "CSAFPID-31013"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11013"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-12504",
      "cwe": {
        "id": "CWE-912",
        "name": "Hidden Functionality"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Active TFTP-Service",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-31004",
          "CSAFPID-31005",
          "CSAFPID-31006",
          "CSAFPID-31007",
          "CSAFPID-31008",
          "CSAFPID-31009",
          "CSAFPID-31010",
          "CSAFPID-31011",
          "CSAFPID-31012"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "An external protective measure is required.\n\n1) Traffic from untrusted networks to the device should be blocked by a firewall. Especially\ntraffic targeting the administration webpage.\n\n2) Administrator and user access should be protected by a secure password and only be\navailable to a very limited group of people.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 9.8,
            "environmentalSeverity": "CRITICAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 9.8,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003",
            "CSAFPID-31004",
            "CSAFPID-31005",
            "CSAFPID-31006",
            "CSAFPID-31007",
            "CSAFPID-31008",
            "CSAFPID-31009",
            "CSAFPID-31010",
            "CSAFPID-31011",
            "CSAFPID-31012"
          ]
        }
      ],
      "title": "CVE-2020-12504"
    },
    {
      "cve": "CVE-2020-12513",
      "cwe": {
        "id": "CWE-285",
        "name": "Improper Authorization"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Unauthenticated Device Administration",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-31004",
          "CSAFPID-31005",
          "CSAFPID-31006",
          "CSAFPID-31007",
          "CSAFPID-31008",
          "CSAFPID-31009",
          "CSAFPID-31010",
          "CSAFPID-31011",
          "CSAFPID-31012"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "\nIn order to prevent the exploitation of the reported vulnerabilities, we recommend that the\naffected units be updated with the following three firmware packages:\n\n- U-Boot bootloader version 1.36 or newer\n- System image version 1.52 or newer\n- Application base version 1.6.11 or newer",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 9.8,
            "environmentalSeverity": "CRITICAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 9.8,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003",
            "CSAFPID-31004",
            "CSAFPID-31005",
            "CSAFPID-31006",
            "CSAFPID-31007",
            "CSAFPID-31008",
            "CSAFPID-31009",
            "CSAFPID-31010",
            "CSAFPID-31011",
            "CSAFPID-31012"
          ]
        }
      ],
      "title": "CVE-2020-12513"
    },
    {
      "cve": "CVE-2020-12501",
      "cwe": {
        "id": "CWE-798",
        "name": "Use of Hard-coded Credentials"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Undocumented Accounts",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-31004",
          "CSAFPID-31005",
          "CSAFPID-31006",
          "CSAFPID-31007",
          "CSAFPID-31008",
          "CSAFPID-31009",
          "CSAFPID-31010",
          "CSAFPID-31011",
          "CSAFPID-31012"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "An external protective measure is required.\n\n1) Traffic from untrusted networks to the device should be blocked by a firewall. Especially\ntraffic targeting the administration webpage.\n\n2) Administrator and user access should be protected by a secure password and only be\navailable to a very limited group of people.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 9.8,
            "environmentalSeverity": "CRITICAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 9.8,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003",
            "CSAFPID-31004",
            "CSAFPID-31005",
            "CSAFPID-31006",
            "CSAFPID-31007",
            "CSAFPID-31008",
            "CSAFPID-31009",
            "CSAFPID-31010",
            "CSAFPID-31011",
            "CSAFPID-31012"
          ]
        }
      ],
      "title": "CVE-2020-12501"
    },
    {
      "cve": "CVE-2020-12502",
      "cwe": {
        "id": "CWE-352",
        "name": "Cross-Site Request Forgery (CSRF)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Unauthenticated Device Administration",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-31004",
          "CSAFPID-31005",
          "CSAFPID-31006",
          "CSAFPID-31007",
          "CSAFPID-31008",
          "CSAFPID-31009",
          "CSAFPID-31010",
          "CSAFPID-31011",
          "CSAFPID-31012"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "An external protective measure is required.\n\n1) Traffic from untrusted networks to the device should be blocked by a firewall. Especially\ntraffic targeting the administration webpage.\n\n2) Administrator and user access should be protected by a secure password and only be\navailable to a very limited group of people.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 8.8,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 8.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003",
            "CSAFPID-31004",
            "CSAFPID-31005",
            "CSAFPID-31006",
            "CSAFPID-31007",
            "CSAFPID-31008",
            "CSAFPID-31009",
            "CSAFPID-31010",
            "CSAFPID-31011",
            "CSAFPID-31012"
          ]
        }
      ],
      "title": "CVE-2020-12502"
    },
    {
      "cve": "CVE-2020-12503",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Multiple Authenticated Command Injections",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-31004",
          "CSAFPID-31005",
          "CSAFPID-31006",
          "CSAFPID-31007",
          "CSAFPID-31008",
          "CSAFPID-31009",
          "CSAFPID-31010",
          "CSAFPID-31011",
          "CSAFPID-31012"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "An external protective measure is required.\n\n1) Traffic from untrusted networks to the device should be blocked by a firewall. Especially\ntraffic targeting the administration webpage.\n\n2) Administrator and user access should be protected by a secure password and only be\navailable to a very limited group of people.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 7.2,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "temporalScore": 7.2,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003",
            "CSAFPID-31004",
            "CSAFPID-31005",
            "CSAFPID-31006",
            "CSAFPID-31007",
            "CSAFPID-31008",
            "CSAFPID-31009",
            "CSAFPID-31010",
            "CSAFPID-31011",
            "CSAFPID-31012"
          ]
        }
      ],
      "title": "CVE-2020-12503"
    }
  ]
}

CVE-2020-12501 (GCVE-0-2020-12501)

Vulnerability from cvelistv5 – Published: 2020-10-15 18:42 – Updated: 2024-09-16 19:20

Title

Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products

Summary

Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) use undocumented accounts.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-798 - Use of Hard-coded Credentials

Assigner

CERTVDE

References

7 references

URL	Tags
https://cert.vde.com/de-de/advisories/vde-2020-040	x_refsource_CONFIRM
http://seclists.org/fulldisclosure/2021/Jun/0	mailing-listx_refsource_FULLDISC
http://packetstormsecurity.com/files/162903/Koren…	x_refsource_MISC
https://sec-consult.com/vulnerability-lab/advisor…	x_refsource_CONFIRM
http://packetstormsecurity.com/files/165875/Koren…	x_refsource_MISC
http://seclists.org/fulldisclosure/2022/Jun/3	mailing-listx_refsource_FULLDISC
http://packetstormsecurity.com/files/167409/Koren…	x_refsource_MISC

Impacted products

3 products

Vendor	Product	Version
Pepperl+Fuchs	P+F Comtrol RocketLinx	Affected: ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510-XTE, ES9528/ES9528-XT all Affected: ES7510-XT , < 2.1.1 (custom) Affected: ES8510 , < 3.1.1 (custom)
Korenix	JetNet	Affected: 5428G-20SFP , ≤ V1.0 (custom) Affected: 5810G , ≤ V1.1 (custom) Affected: 4706F , ≤ V2.3b (custom) Affected: 4510 , ≤ V3.0b (custom) Affected: 5310 , < V1.6 (custom)
Westermo	PMI-110-F2G	Affected: unspecified , < V1.8 (custom)

Date Public ?

2020-10-07 00:00

Credits

T. Weber (SEC Consult Vulnerability Lab) Coordinated by CERT@VDE

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:56:52.091Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert.vde.com/de-de/advisories/vde-2020-040"
          },
          {
            "name": "20210601 SEC Consult SA-20210601-0 :: Multiple critical vulnerabilities in Korenix Technology JetNet Series",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2021/Jun/0"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html"
          },
          {
            "name": "20220603 SEC Consult SA-20220531-0 :: Backdoor account in Korenix JetPort 5601V3",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2022/Jun/3"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/167409/Korenix-JetPort-5601V3-Backdoor-Account.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "P+F Comtrol RocketLinx",
          "vendor": "Pepperl+Fuchs",
          "versions": [
            {
              "status": "affected",
              "version": "ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F,  ES8510-XTE, ES9528/ES9528-XT all"
            },
            {
              "lessThan": "2.1.1",
              "status": "affected",
              "version": "ES7510-XT",
              "versionType": "custom"
            },
            {
              "lessThan": "3.1.1",
              "status": "affected",
              "version": "ES8510",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "JetNet",
          "vendor": "Korenix",
          "versions": [
            {
              "lessThanOrEqual": "V1.0",
              "status": "affected",
              "version": "5428G-20SFP",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.1",
              "status": "affected",
              "version": "5810G",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V2.3b",
              "status": "affected",
              "version": "4706F",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V3.0b",
              "status": "affected",
              "version": "4510",
              "versionType": "custom"
            },
            {
              "lessThan": "V1.6",
              "status": "affected",
              "version": "5310",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "PMI-110-F2G",
          "vendor": "Westermo",
          "versions": [
            {
              "lessThan": "V1.8",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "T. Weber (SEC Consult Vulnerability Lab)"
        },
        {
          "lang": "en",
          "value": "Coordinated by CERT@VDE"
        }
      ],
      "datePublic": "2020-10-07T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) use undocumented accounts."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-798",
              "description": "CWE-798 Use of Hard-coded Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-06T16:06:23.000Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert.vde.com/de-de/advisories/vde-2020-040"
        },
        {
          "name": "20210601 SEC Consult SA-20210601-0 :: Multiple critical vulnerabilities in Korenix Technology JetNet Series",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2021/Jun/0"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html"
        },
        {
          "name": "20220603 SEC Consult SA-20220531-0 :: Backdoor account in Korenix JetPort 5601V3",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2022/Jun/3"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/167409/Korenix-JetPort-5601V3-Backdoor-Account.html"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "An external protective measure is required.\n\n1) Traffic from untrusted networks to the device should be blocked by a firewall. Especially\ntraffic targeting the administration webpage.\n\n2) Administrator and user access should be protected by a secure password and only be\navailable to a very limited group of people."
        }
      ],
      "source": {
        "advisory": "VDE-2020-040",
        "discovery": "EXTERNAL"
      },
      "title": "Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "info@cert.vde.com",
          "DATE_PUBLIC": "2020-10-07T13:10:00.000Z",
          "ID": "CVE-2020-12501",
          "STATE": "PUBLIC",
          "TITLE": "Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "P+F Comtrol RocketLinx",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_name": "ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F,  ES8510-XTE, ES9528/ES9528-XT",
                            "version_value": "all"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "ES7510-XT",
                            "version_value": "2.1.1"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "ES8510",
                            "version_value": "3.1.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Pepperl+Fuchs"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "JetNet",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "5428G-20SFP",
                            "version_value": "V1.0"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "5810G",
                            "version_value": "V1.1"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "4706F",
                            "version_value": "V2.3b"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "4510",
                            "version_value": "V3.0b"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5310",
                            "version_value": "V1.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Korenix"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "PMI-110-F2G",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "V1.8"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Westermo"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "T. Weber (SEC Consult Vulnerability Lab)"
          },
          {
            "lang": "eng",
            "value": "Coordinated by CERT@VDE"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) use undocumented accounts."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-798 Use of Hard-coded Credentials"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert.vde.com/de-de/advisories/vde-2020-040",
              "refsource": "CONFIRM",
              "url": "https://cert.vde.com/de-de/advisories/vde-2020-040"
            },
            {
              "name": "20210601 SEC Consult SA-20210601-0 :: Multiple critical vulnerabilities in Korenix Technology JetNet Series",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2021/Jun/0"
            },
            {
              "name": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html"
            },
            {
              "name": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/",
              "refsource": "CONFIRM",
              "url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/"
            },
            {
              "name": "http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html"
            },
            {
              "name": "20220603 SEC Consult SA-20220531-0 :: Backdoor account in Korenix JetPort 5601V3",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2022/Jun/3"
            },
            {
              "name": "http://packetstormsecurity.com/files/167409/Korenix-JetPort-5601V3-Backdoor-Account.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/167409/Korenix-JetPort-5601V3-Backdoor-Account.html"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "An external protective measure is required.\n\n1) Traffic from untrusted networks to the device should be blocked by a firewall. Especially\ntraffic targeting the administration webpage.\n\n2) Administrator and user access should be protected by a secure password and only be\navailable to a very limited group of people."
          }
        ],
        "source": {
          "advisory": "VDE-2020-040",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2020-12501",
    "datePublished": "2020-10-15T18:42:56.306Z",
    "dateReserved": "2020-04-30T00:00:00.000Z",
    "dateUpdated": "2024-09-16T19:20:40.911Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-12502 (GCVE-0-2020-12502)

Vulnerability from cvelistv5 – Published: 2020-10-15 18:42 – Updated: 2024-09-16 18:43

Title

Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products

Summary

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-352 - Cross-Site Request Forgery (CSRF)

Assigner

CERTVDE

References

6 references

URL	Tags
https://cert.vde.com/de-de/advisories/vde-2020-040	x_refsource_CONFIRM
http://seclists.org/fulldisclosure/2021/Jun/0	mailing-listx_refsource_FULLDISC
http://packetstormsecurity.com/files/162903/Koren…	x_refsource_MISC
https://sec-consult.com/vulnerability-lab/advisor…	x_refsource_CONFIRM
https://cert.vde.com/en-us/advisories/vde-2020-053	x_refsource_CONFIRM
http://packetstormsecurity.com/files/165875/Koren…	x_refsource_MISC

Impacted products

4 products

Vendor	Product	Version
Pepperl+Fuchs	P+F Comtrol RocketLinx	Affected: ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510-XTE, ES9528/ES9528-XT all Affected: ES7510-XT , < 2.1.1 (custom) Affected: ES8510 , < 3.1.1 (custom)
Pepperl+Fuchs	P+F Comtrol RocketLinx	Affected: ICRL-M-8RJ45/4SFP-G-DIN , ≤ 1.2.3 (custom) Affected: ICRL-M-16RJ45/4CP-G-DIN , ≤ 1.2.3 (custom)
Korenix	JetNet	Affected: 5428G-20SFP , ≤ V1.0 (custom) Affected: 5810G , ≤ V1.1 (custom) Affected: 4706F , ≤ V2.3b (custom) Affected: 4510 , ≤ V3.0b (custom) Affected: 5310 , < V1.6 (custom)
Westermo	PMI-110-F2G	Affected: unspecified , < V1.8 (custom)

Date Public ?

2020-10-07 00:00

Credits

T. Weber (SEC Consult Vulnerability Lab) Coordinated by CERT@VDE

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:56:52.083Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert.vde.com/de-de/advisories/vde-2020-040"
          },
          {
            "name": "20210601 SEC Consult SA-20210601-0 :: Multiple critical vulnerabilities in Korenix Technology JetNet Series",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2021/Jun/0"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en-us/advisories/vde-2020-053"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "P+F Comtrol RocketLinx",
          "vendor": "Pepperl+Fuchs",
          "versions": [
            {
              "status": "affected",
              "version": "ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F,  ES8510-XTE, ES9528/ES9528-XT all"
            },
            {
              "lessThan": "2.1.1",
              "status": "affected",
              "version": "ES7510-XT",
              "versionType": "custom"
            },
            {
              "lessThan": "3.1.1",
              "status": "affected",
              "version": "ES8510",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "P+F Comtrol RocketLinx",
          "vendor": "Pepperl+Fuchs",
          "versions": [
            {
              "lessThanOrEqual": "1.2.3",
              "status": "affected",
              "version": "ICRL-M-8RJ45/4SFP-G-DIN",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "1.2.3",
              "status": "affected",
              "version": "ICRL-M-16RJ45/4CP-G-DIN",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "JetNet",
          "vendor": "Korenix",
          "versions": [
            {
              "lessThanOrEqual": "V1.0",
              "status": "affected",
              "version": "5428G-20SFP",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.1",
              "status": "affected",
              "version": "5810G",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V2.3b",
              "status": "affected",
              "version": "4706F",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V3.0b",
              "status": "affected",
              "version": "4510",
              "versionType": "custom"
            },
            {
              "lessThan": "V1.6",
              "status": "affected",
              "version": "5310",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "PMI-110-F2G",
          "vendor": "Westermo",
          "versions": [
            {
              "lessThan": "V1.8",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "T. Weber (SEC Consult Vulnerability Lab)"
        },
        {
          "lang": "en",
          "value": "Coordinated by CERT@VDE"
        }
      ],
      "datePublic": "2020-10-07T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to unauthenticated device administration."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-352",
              "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-02-04T19:06:11.000Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert.vde.com/de-de/advisories/vde-2020-040"
        },
        {
          "name": "20210601 SEC Consult SA-20210601-0 :: Multiple critical vulnerabilities in Korenix Technology JetNet Series",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2021/Jun/0"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert.vde.com/en-us/advisories/vde-2020-053"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "An external protective measure is required.\n\n1) Traffic from untrusted networks to the device should be blocked by a firewall. Especially\ntraffic targeting the administration webpage.\n\n2) Administrator and user access should be protected by a secure password and only be\navailable to a very limited group of people."
        }
      ],
      "source": {
        "advisory": "VDE-2020-040",
        "discovery": "EXTERNAL"
      },
      "title": "Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "info@cert.vde.com",
          "DATE_PUBLIC": "2020-10-07T13:10:00.000Z",
          "ID": "CVE-2020-12502",
          "STATE": "PUBLIC",
          "TITLE": "Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "P+F Comtrol RocketLinx",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_name": "ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F,  ES8510-XTE, ES9528/ES9528-XT",
                            "version_value": "all"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "ES7510-XT",
                            "version_value": "2.1.1"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "ES8510",
                            "version_value": "3.1.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "P+F Comtrol RocketLinx",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "ICRL-M-8RJ45/4SFP-G-DIN",
                            "version_value": "1.2.3"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "ICRL-M-16RJ45/4CP-G-DIN",
                            "version_value": "1.2.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Pepperl+Fuchs"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "JetNet",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "5428G-20SFP",
                            "version_value": "V1.0"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "5810G",
                            "version_value": "V1.1"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "4706F",
                            "version_value": "V2.3b"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "4510",
                            "version_value": "V3.0b"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5310",
                            "version_value": "V1.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Korenix"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "PMI-110-F2G",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "V1.8"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Westermo"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "T. Weber (SEC Consult Vulnerability Lab)"
          },
          {
            "lang": "eng",
            "value": "Coordinated by CERT@VDE"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to unauthenticated device administration."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-352 Cross-Site Request Forgery (CSRF)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert.vde.com/de-de/advisories/vde-2020-040",
              "refsource": "CONFIRM",
              "url": "https://cert.vde.com/de-de/advisories/vde-2020-040"
            },
            {
              "name": "20210601 SEC Consult SA-20210601-0 :: Multiple critical vulnerabilities in Korenix Technology JetNet Series",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2021/Jun/0"
            },
            {
              "name": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html"
            },
            {
              "name": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/",
              "refsource": "CONFIRM",
              "url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/"
            },
            {
              "name": "https://cert.vde.com/en-us/advisories/vde-2020-053",
              "refsource": "CONFIRM",
              "url": "https://cert.vde.com/en-us/advisories/vde-2020-053"
            },
            {
              "name": "http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "An external protective measure is required.\n\n1) Traffic from untrusted networks to the device should be blocked by a firewall. Especially\ntraffic targeting the administration webpage.\n\n2) Administrator and user access should be protected by a secure password and only be\navailable to a very limited group of people."
          }
        ],
        "source": {
          "advisory": "VDE-2020-040",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2020-12502",
    "datePublished": "2020-10-15T18:42:57.229Z",
    "dateReserved": "2020-04-30T00:00:00.000Z",
    "dateUpdated": "2024-09-16T18:43:33.813Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-12503 (GCVE-0-2020-12503)

Vulnerability from cvelistv5 – Published: 2020-10-15 18:42 – Updated: 2024-09-17 04:24

Title

Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products

Summary

Severity ?

7.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-863 - Incorrect Authorization

Assigner

CERTVDE

References

6 references

URL	Tags
https://cert.vde.com/de-de/advisories/vde-2020-040	x_refsource_CONFIRM
http://seclists.org/fulldisclosure/2021/Jun/0	mailing-listx_refsource_FULLDISC
http://packetstormsecurity.com/files/162903/Koren…	x_refsource_MISC
https://sec-consult.com/vulnerability-lab/advisor…	x_refsource_CONFIRM
https://cert.vde.com/en-us/advisories/vde-2020-053	x_refsource_CONFIRM
http://packetstormsecurity.com/files/165875/Koren…	x_refsource_MISC

Impacted products

4 products

Vendor	Product	Version
Pepperl+Fuchs	P+F Comtrol RocketLinx	Affected: ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510-XTE, ES9528/ES9528-XT all Affected: ES7510-XT , < 2.1.1 (custom) Affected: ES8510 , < 3.1.1 (custom)
Pepperl+Fuchs	P+F Comtrol RocketLinx	Affected: ICRL-M-8RJ45/4SFP-G-DIN , ≤ 1.2.3 (custom) Affected: ICRL-M-16RJ45/4CP-G-DIN , ≤ 1.2.3 (custom)
Korenix	JetNet	Affected: 5428G-20SFP , ≤ V1.0 (custom) Affected: 5810G , ≤ V1.1 (custom) Affected: 4706F , ≤ V2.3b (custom) Affected: 4510 , ≤ V3.0b (custom) Affected: 5310 , < V1.6 (custom)
Westermo	PMI-110-F2G	Affected: unspecified , < V1.8 (custom)

Date Public ?

2020-10-07 00:00

Credits

T. Weber (SEC Consult Vulnerability Lab) Coordinated by CERT@VDE

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:56:52.086Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert.vde.com/de-de/advisories/vde-2020-040"
          },
          {
            "name": "20210601 SEC Consult SA-20210601-0 :: Multiple critical vulnerabilities in Korenix Technology JetNet Series",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2021/Jun/0"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en-us/advisories/vde-2020-053"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "P+F Comtrol RocketLinx",
          "vendor": "Pepperl+Fuchs",
          "versions": [
            {
              "status": "affected",
              "version": "ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F,  ES8510-XTE, ES9528/ES9528-XT all"
            },
            {
              "lessThan": "2.1.1",
              "status": "affected",
              "version": "ES7510-XT",
              "versionType": "custom"
            },
            {
              "lessThan": "3.1.1",
              "status": "affected",
              "version": "ES8510",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "P+F Comtrol RocketLinx",
          "vendor": "Pepperl+Fuchs",
          "versions": [
            {
              "lessThanOrEqual": "1.2.3",
              "status": "affected",
              "version": "ICRL-M-8RJ45/4SFP-G-DIN",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "1.2.3",
              "status": "affected",
              "version": "ICRL-M-16RJ45/4CP-G-DIN",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "JetNet",
          "vendor": "Korenix",
          "versions": [
            {
              "lessThanOrEqual": "V1.0",
              "status": "affected",
              "version": "5428G-20SFP",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.1",
              "status": "affected",
              "version": "5810G",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V2.3b",
              "status": "affected",
              "version": "4706F",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V3.0b",
              "status": "affected",
              "version": "4510",
              "versionType": "custom"
            },
            {
              "lessThan": "V1.6",
              "status": "affected",
              "version": "5310",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "PMI-110-F2G",
          "vendor": "Westermo",
          "versions": [
            {
              "lessThan": "V1.8",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "T. Weber (SEC Consult Vulnerability Lab)"
        },
        {
          "lang": "en",
          "value": "Coordinated by CERT@VDE"
        }
      ],
      "datePublic": "2020-10-07T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to multiple authenticated command injections."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863 Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-02-04T19:06:09.000Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert.vde.com/de-de/advisories/vde-2020-040"
        },
        {
          "name": "20210601 SEC Consult SA-20210601-0 :: Multiple critical vulnerabilities in Korenix Technology JetNet Series",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2021/Jun/0"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert.vde.com/en-us/advisories/vde-2020-053"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "An external protective measure is required.\n\n1) Traffic from untrusted networks to the device should be blocked by a firewall. Especially\ntraffic targeting the administration webpage.\n\n2) Administrator and user access should be protected by a secure password and only be\navailable to a very limited group of people."
        }
      ],
      "source": {
        "advisory": "VDE-2020-040",
        "discovery": "EXTERNAL"
      },
      "title": "Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "info@cert.vde.com",
          "DATE_PUBLIC": "2020-10-07T13:10:00.000Z",
          "ID": "CVE-2020-12503",
          "STATE": "PUBLIC",
          "TITLE": "Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "P+F Comtrol RocketLinx",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_name": "ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F,  ES8510-XTE, ES9528/ES9528-XT",
                            "version_value": "all"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "ES7510-XT",
                            "version_value": "2.1.1"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "ES8510",
                            "version_value": "3.1.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "P+F Comtrol RocketLinx",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "ICRL-M-8RJ45/4SFP-G-DIN",
                            "version_value": "1.2.3"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "ICRL-M-16RJ45/4CP-G-DIN",
                            "version_value": "1.2.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Pepperl+Fuchs"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "JetNet",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "5428G-20SFP",
                            "version_value": "V1.0"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "5810G",
                            "version_value": "V1.1"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "4706F",
                            "version_value": "V2.3b"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "4510",
                            "version_value": "V3.0b"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5310",
                            "version_value": "V1.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Korenix"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "PMI-110-F2G",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "V1.8"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Westermo"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "T. Weber (SEC Consult Vulnerability Lab)"
          },
          {
            "lang": "eng",
            "value": "Coordinated by CERT@VDE"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to multiple authenticated command injections."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-863 Incorrect Authorization"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert.vde.com/de-de/advisories/vde-2020-040",
              "refsource": "CONFIRM",
              "url": "https://cert.vde.com/de-de/advisories/vde-2020-040"
            },
            {
              "name": "20210601 SEC Consult SA-20210601-0 :: Multiple critical vulnerabilities in Korenix Technology JetNet Series",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2021/Jun/0"
            },
            {
              "name": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html"
            },
            {
              "name": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/",
              "refsource": "CONFIRM",
              "url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/"
            },
            {
              "name": "https://cert.vde.com/en-us/advisories/vde-2020-053",
              "refsource": "CONFIRM",
              "url": "https://cert.vde.com/en-us/advisories/vde-2020-053"
            },
            {
              "name": "http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "An external protective measure is required.\n\n1) Traffic from untrusted networks to the device should be blocked by a firewall. Especially\ntraffic targeting the administration webpage.\n\n2) Administrator and user access should be protected by a secure password and only be\navailable to a very limited group of people."
          }
        ],
        "source": {
          "advisory": "VDE-2020-040",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2020-12503",
    "datePublished": "2020-10-15T18:42:58.016Z",
    "dateReserved": "2020-04-30T00:00:00.000Z",
    "dateUpdated": "2024-09-17T04:24:41.310Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-12504 (GCVE-0-2020-12504)

Vulnerability from cvelistv5 – Published: 2020-10-15 18:42 – Updated: 2024-09-16 17:09

Title

Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products

Summary

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-912 - Hidden Functionality

Assigner

CERTVDE

References

6 references

URL	Tags
https://cert.vde.com/de-de/advisories/vde-2020-040	x_refsource_CONFIRM
http://seclists.org/fulldisclosure/2021/Jun/0	mailing-listx_refsource_FULLDISC
http://packetstormsecurity.com/files/162903/Koren…	x_refsource_MISC
https://sec-consult.com/vulnerability-lab/advisor…	x_refsource_CONFIRM
https://cert.vde.com/en-us/advisories/vde-2020-053	x_refsource_CONFIRM
http://packetstormsecurity.com/files/165875/Koren…	x_refsource_MISC

Impacted products

4 products

Vendor	Product	Version
Pepperl+Fuchs	P+F Comtrol RocketLinx	Affected: ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510-XTE, ES9528/ES9528-XT all Affected: ES7510-XT , < 2.1.1 (custom) Affected: ES8510 , < 3.1.1 (custom)
Pepperl+Fuchs	P+F Comtrol RocketLinx	Affected: ICRL-M-8RJ45/4SFP-G-DIN , ≤ 1.2.3 (custom) Affected: ICRL-M-16RJ45/4CP-G-DIN , ≤ 1.2.3 (custom)
Korenix	JetNet	Affected: 5428G-20SFP , ≤ V1.0 (custom) Affected: 5810G , ≤ V1.1 (custom) Affected: 4706F , ≤ V2.3b (custom) Affected: 4510 , ≤ V3.0b (custom) Affected: 5310 , < V1.6 (custom)
Westermo	PMI-110-F2G	Affected: unspecified , < V1.8 (custom)

Date Public ?

2020-10-07 00:00

Credits

T. Weber (SEC Consult Vulnerability Lab) Coordinated by CERT@VDE

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:56:52.052Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert.vde.com/de-de/advisories/vde-2020-040"
          },
          {
            "name": "20210601 SEC Consult SA-20210601-0 :: Multiple critical vulnerabilities in Korenix Technology JetNet Series",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2021/Jun/0"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en-us/advisories/vde-2020-053"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "P+F Comtrol RocketLinx",
          "vendor": "Pepperl+Fuchs",
          "versions": [
            {
              "status": "affected",
              "version": "ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F,  ES8510-XTE, ES9528/ES9528-XT all"
            },
            {
              "lessThan": "2.1.1",
              "status": "affected",
              "version": "ES7510-XT",
              "versionType": "custom"
            },
            {
              "lessThan": "3.1.1",
              "status": "affected",
              "version": "ES8510",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "P+F Comtrol RocketLinx",
          "vendor": "Pepperl+Fuchs",
          "versions": [
            {
              "lessThanOrEqual": "1.2.3",
              "status": "affected",
              "version": "ICRL-M-8RJ45/4SFP-G-DIN",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "1.2.3",
              "status": "affected",
              "version": "ICRL-M-16RJ45/4CP-G-DIN",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "JetNet",
          "vendor": "Korenix",
          "versions": [
            {
              "lessThanOrEqual": "V1.0",
              "status": "affected",
              "version": "5428G-20SFP",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V1.1",
              "status": "affected",
              "version": "5810G",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V2.3b",
              "status": "affected",
              "version": "4706F",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "V3.0b",
              "status": "affected",
              "version": "4510",
              "versionType": "custom"
            },
            {
              "lessThan": "V1.6",
              "status": "affected",
              "version": "5310",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "PMI-110-F2G",
          "vendor": "Westermo",
          "versions": [
            {
              "lessThan": "V1.8",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "T. Weber (SEC Consult Vulnerability Lab)"
        },
        {
          "lang": "en",
          "value": "Coordinated by CERT@VDE"
        }
      ],
      "datePublic": "2020-10-07T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below has an active TFTP-Service."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-912",
              "description": "CWE-912 Hidden Functionality",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-02-04T19:06:15.000Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert.vde.com/de-de/advisories/vde-2020-040"
        },
        {
          "name": "20210601 SEC Consult SA-20210601-0 :: Multiple critical vulnerabilities in Korenix Technology JetNet Series",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2021/Jun/0"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert.vde.com/en-us/advisories/vde-2020-053"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "For ICRL-M-8RJ45/4SFP-G-DIN and ICRL-M-16RJ45/4CP-G-DIN:\nUpdate to Firmware 1.3.1 and deactivate TFTP-Service.\n\nFor all other devices:\nAn external protective measure is required.\n\n1) Traffic from untrusted networks to the device should be blocked by a firewall. Especially\ntraffic targeting the administration webpage.\n\n2) Administrator and user access should be protected by a secure password and only be\navailable to a very limited group of people."
        }
      ],
      "source": {
        "advisory": "VDE-2020-040",
        "discovery": "EXTERNAL"
      },
      "title": "Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "info@cert.vde.com",
          "DATE_PUBLIC": "2020-10-07T13:10:00.000Z",
          "ID": "CVE-2020-12504",
          "STATE": "PUBLIC",
          "TITLE": "Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "P+F Comtrol RocketLinx",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_name": "ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F,  ES8510-XTE, ES9528/ES9528-XT",
                            "version_value": "all"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "ES7510-XT",
                            "version_value": "2.1.1"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "ES8510",
                            "version_value": "3.1.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "P+F Comtrol RocketLinx",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "ICRL-M-8RJ45/4SFP-G-DIN",
                            "version_value": "1.2.3"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "ICRL-M-16RJ45/4CP-G-DIN",
                            "version_value": "1.2.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Pepperl+Fuchs"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "JetNet",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "5428G-20SFP",
                            "version_value": "V1.0"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "5810G",
                            "version_value": "V1.1"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "4706F",
                            "version_value": "V2.3b"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "4510",
                            "version_value": "V3.0b"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "5310",
                            "version_value": "V1.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Korenix"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "PMI-110-F2G",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "V1.8"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Westermo"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "T. Weber (SEC Consult Vulnerability Lab)"
          },
          {
            "lang": "eng",
            "value": "Coordinated by CERT@VDE"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below has an active TFTP-Service."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-912 Hidden Functionality"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert.vde.com/de-de/advisories/vde-2020-040",
              "refsource": "CONFIRM",
              "url": "https://cert.vde.com/de-de/advisories/vde-2020-040"
            },
            {
              "name": "20210601 SEC Consult SA-20210601-0 :: Multiple critical vulnerabilities in Korenix Technology JetNet Series",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2021/Jun/0"
            },
            {
              "name": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html"
            },
            {
              "name": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/",
              "refsource": "CONFIRM",
              "url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/"
            },
            {
              "name": "https://cert.vde.com/en-us/advisories/vde-2020-053",
              "refsource": "CONFIRM",
              "url": "https://cert.vde.com/en-us/advisories/vde-2020-053"
            },
            {
              "name": "http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "For ICRL-M-8RJ45/4SFP-G-DIN and ICRL-M-16RJ45/4CP-G-DIN:\nUpdate to Firmware 1.3.1 and deactivate TFTP-Service.\n\nFor all other devices:\nAn external protective measure is required.\n\n1) Traffic from untrusted networks to the device should be blocked by a firewall. Especially\ntraffic targeting the administration webpage.\n\n2) Administrator and user access should be protected by a secure password and only be\navailable to a very limited group of people."
          }
        ],
        "source": {
          "advisory": "VDE-2020-040",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2020-12504",
    "datePublished": "2020-10-15T18:42:59.041Z",
    "dateReserved": "2020-04-30T00:00:00.000Z",
    "dateUpdated": "2024-09-16T17:09:09.147Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-12513 (GCVE-0-2020-12513)

Vulnerability from cvelistv5 – Published: 2021-01-22 19:01 – Updated: 2024-09-16 17:13

Title

Pepper+Fuchs Comtrol IO-Link Master OS Command Injection

Summary

Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-78 - OS Command Injection

Assigner

CERTVDE

References

1 reference

URL	Tags
https://cert.vde.com/en-us/advisories/vde-2020-038	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
Pepper+Fuchs	Comtrol IO-Link Master	Affected: unspecified , ≤ 1.5.48 (custom)

Date Public ?

2021-01-04 00:00

Credits

T.Weber (SEC Consult Vulnerability Lab) reported this vulnerability. Coordinated by CERT@VDE.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:56:52.092Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en-us/advisories/vde-2020-038"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Comtrol IO-Link Master",
          "vendor": "Pepper+Fuchs",
          "versions": [
            {
              "lessThanOrEqual": "1.5.48",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "T.Weber (SEC Consult Vulnerability Lab) reported this vulnerability.  Coordinated by CERT@VDE."
        }
      ],
      "datePublic": "2021-01-04T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78 OS Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-22T19:01:56.000Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert.vde.com/en-us/advisories/vde-2020-038"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "In order to prevent the exploitation of the reported vulnerabilities, we recommend that the\naffected units be updated with the following three firmware packages:\n\nU-Boot bootloader version 1.36 or newer\nSystem image version 1.52 or newer\nApplication base version 1.6.11 or newer"
        }
      ],
      "source": {
        "advisory": "VDE-2020-038",
        "defect": [
          "VDE-2020-038"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Pepper+Fuchs Comtrol IO-Link Master OS Command Injection",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "info@cert.vde.com",
          "DATE_PUBLIC": "2021-01-04T11:00:00.000Z",
          "ID": "CVE-2020-12513",
          "STATE": "PUBLIC",
          "TITLE": "Pepper+Fuchs Comtrol IO-Link Master OS Command Injection"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Comtrol IO-Link Master",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "1.5.48"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Pepper+Fuchs"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "T.Weber (SEC Consult Vulnerability Lab) reported this vulnerability.  Coordinated by CERT@VDE."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-78 OS Command Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert.vde.com/en-us/advisories/vde-2020-038",
              "refsource": "CONFIRM",
              "url": "https://cert.vde.com/en-us/advisories/vde-2020-038"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "In order to prevent the exploitation of the reported vulnerabilities, we recommend that the\naffected units be updated with the following three firmware packages:\n\nU-Boot bootloader version 1.36 or newer\nSystem image version 1.52 or newer\nApplication base version 1.6.11 or newer"
          }
        ],
        "source": {
          "advisory": "VDE-2020-038",
          "defect": [
            "VDE-2020-038"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2020-12513",
    "datePublished": "2021-01-22T19:01:56.657Z",
    "dateReserved": "2020-04-30T00:00:00.000Z",
    "dateUpdated": "2024-09-16T17:13:55.439Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

VDE-2020-040

CVE-2020-12501 (GCVE-0-2020-12501)

CVE-2020-12502 (GCVE-0-2020-12502)

CVE-2020-12503 (GCVE-0-2020-12503)

CVE-2020-12504 (GCVE-0-2020-12504)

CVE-2020-12513 (GCVE-0-2020-12513)

Tags

Sightings

Nomenclature