CVE-2020-12502

Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to unauthenticated device administration.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:pepperl-fuchs:es7510-xt_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:es7510-xt:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:pepperl-fuchs:es8509-xt_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:es8509-xt:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:pepperl-fuchs:es8510-xt_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:es8510-xt:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:pepperl-fuchs:es9528-xtv2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:es9528-xtv2:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:pepperl-fuchs:es7506_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:es7506:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:pepperl-fuchs:es7510_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:es7510:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:pepperl-fuchs:es7528_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:es7528:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:pepperl-fuchs:es8508_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:es8508:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:pepperl-fuchs:es8508f_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:es8508f:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:pepperl-fuchs:es8510_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:es8510:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:pepperl-fuchs:es8510-xte_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:es8510-xte:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:pepperl-fuchs:es9528_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:es9528:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:pepperl-fuchs:es9528-xt_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:es9528-xt:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:pepperl-fuchs:icrl-m-8rj45\/4sfp-g-din_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icrl-m-8rj45\/4sfp-g-din:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:pepperl-fuchs:icrl-m-16rj45\/4cp-g-din_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icrl-m-16rj45\/4cp-g-din:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:korenix:jetnet_5428g-20sfp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetnet_5428g-20sfp:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:korenix:jetnet_5810g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetnet_5810g:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:korenix:jetnet_4706f_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetnet_4706f:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:korenix:jetnet_4706_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetnet_4706:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:korenix:jetnet_4510_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetnet_4510:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:korenix:jetnet_5010_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetnet_5010:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
cpe:2.3:o:korenix:jetnet_5310_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetnet_5310:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND
cpe:2.3:o:korenix:jetnet_6095_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetnet_6095:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND
cpe:2.3:o:pepperl-fuchs:icrl-m-8rj45\/4sfp-g-din_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icrl-m-8rj45\/4sfp-g-din:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND
cpe:2.3:o:pepperl-fuchs:icrl-m-16rj45\/4cp-g-din_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icrl-m-16rj45\/4cp-g-din:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-10-15 19:15

Updated : 2024-02-28 18:08


NVD link : CVE-2020-12502

Mitre link : CVE-2020-12502

CVE.ORG link : CVE-2020-12502


JSON object : View

Products Affected

pepperl-fuchs

  • es7528
  • es7528_firmware
  • es8509-xt_firmware
  • es9528_firmware
  • icrl-m-8rj45\/4sfp-g-din_firmware
  • es7506_firmware
  • es8510-xt_firmware
  • es8509-xt
  • es7510-xt
  • icrl-m-16rj45\/4cp-g-din_firmware
  • es7510_firmware
  • es8510-xte
  • icrl-m-16rj45\/4cp-g-din
  • es8510
  • es9528-xtv2
  • es8508_firmware
  • es8508f
  • es7510-xt_firmware
  • es9528-xt
  • es9528
  • es7510
  • es8510-xt
  • es8508f_firmware
  • es9528-xt_firmware
  • es8508
  • es9528-xtv2_firmware
  • icrl-m-8rj45\/4sfp-g-din
  • es8510_firmware
  • es7506
  • es8510-xte_firmware

korenix

  • jetnet_5310_firmware
  • jetnet_5428g-20sfp
  • jetnet_6095
  • jetnet_4706_firmware
  • jetnet_4706f_firmware
  • jetnet_6095_firmware
  • jetnet_5810g
  • jetnet_4510_firmware
  • jetnet_5428g-20sfp_firmware
  • jetnet_5310
  • jetnet_5010_firmware
  • jetnet_5010
  • jetnet_4510
  • jetnet_4706f
  • jetnet_5810g_firmware
  • jetnet_4706
CWE
CWE-352

Cross-Site Request Forgery (CSRF)