CVE-2020-12503
high-risk
Published 2020-10-15
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to multiple authenticated command injections.
Do I need to act?
~
6.4% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.2/10
High
NETWORK
/ LOW complexity
Affected Products (20)
Es7510-Xt Firmware
Es8509-Xt Firmware
Es8510-Xt Firmware
Es9528-Xtv2 Firmware
Es7506 Firmware
Es7510 Firmware
Es7528 Firmware
Es8508 Firmware
Es8508F Firmware
Es8510 Firmware
Es8510-Xte Firmware
Es9528 Firmware
Es9528-Xt Firmware
Icrl-M-8Rj45\/4Sfp-G-Din Firmware
Icrl-M-16Rj45\/4Cp-G-Din Firmware
Jetnet 5428G-20Sfp Firmware
Jetnet 5810G Firmware
Jetnet 4706F Firmware
Jetnet 4706 Firmware
Jetnet 4510 Firmware
Affected Vendors
References (12)
Mailing List
http://seclists.org/fulldisclosure/2021/Jun/0
Third Party Advisory
https://cert.vde.com/de-de/advisories/vde-2020-040
Third Party Advisory
https://cert.vde.com/en-us/advisories/vde-2020-053
Third Party Advisory
https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabili...
Mailing List
http://seclists.org/fulldisclosure/2021/Jun/0
Third Party Advisory
https://cert.vde.com/de-de/advisories/vde-2020-040
Third Party Advisory
https://cert.vde.com/en-us/advisories/vde-2020-053
Third Party Advisory
https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabili...
57
/ 100
high-risk
Severity
26/34 · High
Exploitability
9/34 · Low
Exposure
22/34 · High