CVE-2020-12501
high-risk
Published 2020-10-15
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) use undocumented accounts.
Do I need to act?
-
0.94% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (20)
Es7510-Xt Firmware
Es8509-Xt Firmware
Es8510-Xt Firmware
Es9528-Xtv2 Firmware
Es7506 Firmware
Es7510 Firmware
Es7528 Firmware
Es8508 Firmware
Es8508F Firmware
Es8510 Firmware
Es8510-Xte Firmware
Es9528 Firmware
Es9528-Xt Firmware
Jetnet5428G-20Sfp Firmware
Jetnet5810G Firmware
Jetnet4510 Firmware
Jetnet5010 Firmware
Jetnet5310 Firmware
Jetnet6095 Firmware
Jetnet4706 Firmware
Affected Vendors
References (14)
Mailing List
http://seclists.org/fulldisclosure/2021/Jun/0
Third Party Advisory
https://cert.vde.com/de-de/advisories/vde-2020-040
Third Party Advisory
https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabili...
Mailing List
http://seclists.org/fulldisclosure/2021/Jun/0
Third Party Advisory
https://cert.vde.com/de-de/advisories/vde-2020-040
Third Party Advisory
https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabili...
56
/ 100
high-risk
Severity
32/34 · Critical
Exploitability
3/34 · Minimal
Exposure
21/34 · High