CVE-2020-12501

Published: Oct 15, 2020Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) use undocumented accounts.

Affected (26)

Products: Pepperl Fuchs: Es7510 Xt Firmware, Es8509 Xt Firmware, Es8510 Xt Firmware, Es9528 Xtv2 Firmware, Es7506 Firmware, Es7510 Firmware, Es7528 Firmware, Es8508 Firmware, Es8508f Firmware, Es8510 Firmware, Es8510 Xte Firmware, Es9528 Firmware, Es9528 Xt Firmware · Korenix: Jetnet5428g 20sfp Firmware, Jetnet5810g Firmware, Jetnet4510 Firmware, Jetnet5010 Firmware, Jetnet5310 Firmware, Jetnet6095 Firmware, Jetnet4706 Firmware, Jetwave 3220 Firmware, Jetwave 2311 Firmware, Jetnet4706f Firmware, Jetwave 2212s Firmware, Jetwave 2212g Firmware, Jetwave 2212x Firmware

13 products

13 products

Jetnet5428g 20sfp Firmware

Jetwave 3220 Firmware

Jetwave 2311 Firmware

Jetnet4706f Firmware

Jetwave 2212s Firmware

Jetwave 2212g Firmware

Jetwave 2212x Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Pepperl Fuchs Es7510 Xt Firmware	All versions

Running on/with	Platform Versions
Pepperl Fuchs Es7510 Xt	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Pepperl Fuchs Es8509 Xt Firmware	All versions

Running on/with	Platform Versions
Pepperl Fuchs Es8509 Xt	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Pepperl Fuchs Es8510 Xt Firmware	All versions

Running on/with	Platform Versions
Pepperl Fuchs Es8510 Xt	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Pepperl Fuchs Es9528 Xtv2 Firmware	All versions

Running on/with	Platform Versions
Pepperl Fuchs Es9528 Xtv2	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Pepperl Fuchs Es7506 Firmware	All versions

Running on/with	Platform Versions
Pepperl Fuchs Es7506	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Pepperl Fuchs Es7510 Firmware	All versions

Running on/with	Platform Versions
Pepperl Fuchs Es7510	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Pepperl Fuchs Es7528 Firmware	All versions

Running on/with	Platform Versions
Pepperl Fuchs Es7528	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Pepperl Fuchs Es8508 Firmware	All versions

Running on/with	Platform Versions
Pepperl Fuchs Es8508	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Pepperl Fuchs Es8508f Firmware	All versions

Running on/with	Platform Versions
Pepperl Fuchs Es8508f	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Pepperl Fuchs Es8510 Firmware	All versions

Running on/with	Platform Versions
Pepperl Fuchs Es8510	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Pepperl Fuchs Es8510 Xte Firmware	All versions

Running on/with	Platform Versions
Pepperl Fuchs Es8510 Xte	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Pepperl Fuchs Es9528 Firmware	All versions

Running on/with	Platform Versions
Pepperl Fuchs Es9528	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Pepperl Fuchs Es9528 Xt Firmware	All versions

Running on/with	Platform Versions
Pepperl Fuchs Es9528 Xt	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Korenix Jetnet5428g 20sfp Firmware	All versions

Running on/with	Platform Versions
Korenix Jetnet 5428g 20sfp	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Korenix Jetnet5810g Firmware	All versions

Running on/with	Platform Versions
Korenix Jetnet 5810g	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Korenix Jetnet4510 Firmware	All versions

Running on/with	Platform Versions
Korenix Jetnet 4510	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Korenix Jetnet5010 Firmware	All versions

Running on/with	Platform Versions
Korenix Jetnet 5010	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Korenix Jetnet5310 Firmware	All versions

Running on/with	Platform Versions
Korenix Jetnet 5310	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Korenix Jetnet6095 Firmware	All versions

Running on/with	Platform Versions
Korenix Jetnet 6095	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Korenix Jetnet4706 Firmware	All versions

Running on/with	Platform Versions
Korenix Jetnet 4706	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Korenix Jetwave 3220 Firmware	All versions

Running on/with	Platform Versions
Korenix Jetwave 3220	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Korenix Jetwave 2311 Firmware	All versions

Running on/with	Platform Versions
Korenix Jetwave 2311	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Korenix Jetnet4706f Firmware	All versions

Running on/with	Platform Versions
Korenix Jetnet 4706f	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Korenix Jetwave 2212s Firmware	All versions

Running on/with	Platform Versions
Korenix Jetwave 2212s	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Korenix Jetwave 2212g Firmware	All versions

Running on/with	Platform Versions
Korenix Jetwave 2212g	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Korenix Jetwave 2212x Firmware	All versions

Running on/with	Platform Versions
Korenix Jetwave 2212x	All versions

Related CWEs

CWE-798

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (14)

http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html

Source: info@cert.vde.com

ExploitThird Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html

Source: info@cert.vde.com

ExploitThird Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/167409/Korenix-JetPort-5601V3-Backdoor-Account.html

Source: info@cert.vde.com

ExploitThird Party Advisory

http://seclists.org/fulldisclosure/2021/Jun/0

Source: info@cert.vde.com

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2022/Jun/3

Source: info@cert.vde.com

ExploitMailing ListThird Party Advisory

https://cert.vde.com/de-de/advisories/vde-2020-040

Source: info@cert.vde.com

Third Party Advisory

https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/

Source: info@cert.vde.com

Third Party Advisory

http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html