CVE-2020-12502
high-risk
Published 2020-10-15
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to unauthenticated device administration.
Do I need to act?
-
0.67% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10
High
NETWORK
/ LOW complexity
Affected Products (20)
Es7510-Xt Firmware
Es8509-Xt Firmware
Es8510-Xt Firmware
Es9528-Xtv2 Firmware
Es7506 Firmware
Es7510 Firmware
Es7528 Firmware
Es8508 Firmware
Es8508F Firmware
Es8510 Firmware
Es8510-Xte Firmware
Es9528 Firmware
Es9528-Xt Firmware
Icrl-M-8Rj45\/4Sfp-G-Din Firmware
Icrl-M-16Rj45\/4Cp-G-Din Firmware
Jetnet 5428G-20Sfp Firmware
Jetnet 5810G Firmware
Jetnet 4706F Firmware
Jetnet 4706 Firmware
Jetnet 4510 Firmware
Affected Vendors
References (12)
Mailing List
http://seclists.org/fulldisclosure/2021/Jun/0
Third Party Advisory
https://cert.vde.com/de-de/advisories/vde-2020-040
Third Party Advisory
https://cert.vde.com/en-us/advisories/vde-2020-053
Mailing List
http://seclists.org/fulldisclosure/2021/Jun/0
Third Party Advisory
https://cert.vde.com/de-de/advisories/vde-2020-040
Third Party Advisory
https://cert.vde.com/en-us/advisories/vde-2020-053
53
/ 100
high-risk
Severity
30/34 · Critical
Exploitability
2/34 · Minimal
Exposure
21/34 · High