CVE-2020-12504
high-risk
Published 2020-10-15
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below has an active TFTP-Service.
Do I need to act?
-
0.55% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (20)
Es7510-Xt Firmware
Es8509-Xt Firmware
Es8510-Xt Firmware
Es9528-Xtv2 Firmware
Es7506 Firmware
Es7510 Firmware
Es7528 Firmware
Es8508 Firmware
Es8508F Firmware
Es8510 Firmware
Es8510-Xte Firmware
Es9528 Firmware
Es9528-Xt Firmware
Icrl-M-8Rj45\/4Sfp-G-Din Firmware
Icrl-M-16Rj45\/4Cp-G-Din Firmware
Jetwave 2212S Firmware
Jetwave 2212G Firmware
Jetwave 2311 Firmware
Jetwave 3220 Firmware
Jetwave 3420 Firmware
Affected Vendors
References (12)
Third Party Advisory
https://cert.vde.com/de-de/advisories/vde-2020-040
Third Party Advisory
https://cert.vde.com/en-us/advisories/vde-2020-053
Third Party Advisory
https://cert.vde.com/de-de/advisories/vde-2020-040
Third Party Advisory
https://cert.vde.com/en-us/advisories/vde-2020-053
56
/ 100
high-risk
Severity
32/34 · Critical
Exploitability
2/34 · Minimal
Exposure
22/34 · High