CVE-2020-12501

Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) use undocumented accounts.
References
Link Resource
http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/167409/Korenix-JetPort-5601V3-Backdoor-Account.html Exploit Third Party Advisory
http://seclists.org/fulldisclosure/2021/Jun/0 Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2022/Jun/3 Exploit Mailing List Third Party Advisory
https://cert.vde.com/de-de/advisories/vde-2020-040 Third Party Advisory
https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/ Third Party Advisory
http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/167409/Korenix-JetPort-5601V3-Backdoor-Account.html Exploit Third Party Advisory
http://seclists.org/fulldisclosure/2021/Jun/0 Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2022/Jun/3 Exploit Mailing List Third Party Advisory
https://cert.vde.com/de-de/advisories/vde-2020-040 Third Party Advisory
https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/ Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:pepperl-fuchs:es7510-xt_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:es7510-xt:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:pepperl-fuchs:es8509-xt_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:es8509-xt:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:pepperl-fuchs:es8510-xt_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:es8510-xt:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:pepperl-fuchs:es9528-xtv2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:es9528-xtv2:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:pepperl-fuchs:es7506_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:es7506:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:pepperl-fuchs:es7510_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:es7510:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:pepperl-fuchs:es7528_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:es7528:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:pepperl-fuchs:es8508_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:es8508:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:pepperl-fuchs:es8508f_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:es8508f:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:pepperl-fuchs:es8510_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:es8510:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:pepperl-fuchs:es8510-xte_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:es8510-xte:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:pepperl-fuchs:es9528_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:es9528:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:pepperl-fuchs:es9528-xt_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:es9528-xt:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:korenix:jetnet5428g-20sfp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetnet_5428g-20sfp:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:korenix:jetnet5810g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetnet_5810g:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:korenix:jetnet4510_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetnet_4510:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:korenix:jetnet5010_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetnet_5010:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:korenix:jetnet5310_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetnet_5310:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:korenix:jetnet6095_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetnet_6095:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:korenix:jetnet4706_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetnet_4706:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:korenix:jetwave_3220_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetwave_3220:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
cpe:2.3:o:korenix:jetwave_2311_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetwave_2311:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND
cpe:2.3:o:korenix:jetnet4706f_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetnet_4706f:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND
cpe:2.3:o:korenix:jetwave_2212s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetwave_2212s:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND
cpe:2.3:o:korenix:jetwave_2212g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetwave_2212g:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND
cpe:2.3:o:korenix:jetwave_2212x_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetwave_2212x:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:59

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html - Exploit, Third Party Advisory, VDB Entry () http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html - Exploit, Third Party Advisory, VDB Entry
References () http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html - Exploit, Third Party Advisory, VDB Entry () http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html - Exploit, Third Party Advisory, VDB Entry
References () http://packetstormsecurity.com/files/167409/Korenix-JetPort-5601V3-Backdoor-Account.html - Exploit, Third Party Advisory () http://packetstormsecurity.com/files/167409/Korenix-JetPort-5601V3-Backdoor-Account.html - Exploit, Third Party Advisory
References () http://seclists.org/fulldisclosure/2021/Jun/0 - Mailing List, Third Party Advisory () http://seclists.org/fulldisclosure/2021/Jun/0 - Mailing List, Third Party Advisory
References () http://seclists.org/fulldisclosure/2022/Jun/3 - Exploit, Mailing List, Third Party Advisory () http://seclists.org/fulldisclosure/2022/Jun/3 - Exploit, Mailing List, Third Party Advisory
References () https://cert.vde.com/de-de/advisories/vde-2020-040 - Third Party Advisory () https://cert.vde.com/de-de/advisories/vde-2020-040 - Third Party Advisory
References () https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/ - Third Party Advisory () https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/ - Third Party Advisory

17 Jan 2024, 15:05

Type Values Removed Values Added
First Time Korenix jetnet 5310
Korenix jetnet 4706f
Korenix jetnet 4706
Korenix jetnet 5010
Korenix jetnet 6095
Korenix jetnet 5428g-20sfp
Korenix jetnet 4510
Korenix jetnet 5810g
CPE cpe:2.3:h:korenix:jetnet4706f:-:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetnet5428g-20sfp:-:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetnet4706:-:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetnet4510:-:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetnet5810g:-:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetnet5010:-:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetnet6095:-:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetnet5310:-:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetnet_5428g-20sfp:-:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetnet_4706:-:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetnet_4510:-:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetnet_5810g:-:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetnet_5010:-:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetnet_4706f:-:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetnet_5310:-:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetnet_6095:-:*:*:*:*:*:*:*

Information

Published : 2020-10-15 19:15

Updated : 2024-11-21 04:59


NVD link : CVE-2020-12501

Mitre link : CVE-2020-12501

CVE.ORG link : CVE-2020-12501


JSON object : View

Products Affected

pepperl-fuchs

  • es8508_firmware
  • es7528
  • es8510
  • es7510_firmware
  • es7510-xt_firmware
  • es7528_firmware
  • es7510-xt
  • es9528-xtv2_firmware
  • es9528
  • es9528-xt_firmware
  • es8510_firmware
  • es8510-xte_firmware
  • es8508f_firmware
  • es9528_firmware
  • es8508f
  • es8510-xt_firmware
  • es8509-xt_firmware
  • es8510-xt
  • es7506_firmware
  • es8509-xt
  • es9528-xt
  • es7506
  • es9528-xtv2
  • es7510
  • es8510-xte
  • es8508

korenix

  • jetnet_4706
  • jetwave_2212g
  • jetnet4706f_firmware
  • jetnet_4706f
  • jetnet_5310
  • jetnet5428g-20sfp_firmware
  • jetnet_5010
  • jetwave_2311
  • jetnet6095_firmware
  • jetnet4706_firmware
  • jetwave_2212g_firmware
  • jetnet5310_firmware
  • jetnet4510_firmware
  • jetwave_2311_firmware
  • jetwave_3220_firmware
  • jetwave_2212s
  • jetnet_4510
  • jetnet5010_firmware
  • jetwave_2212x
  • jetnet5810g_firmware
  • jetwave_2212x_firmware
  • jetnet_5810g
  • jetnet_6095
  • jetwave_3220
  • jetwave_2212s_firmware
  • jetnet_5428g-20sfp
CWE
CWE-798

Use of Hard-coded Credentials