CVE-2020-12504

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2020-12504
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below has an active TFTP-Service.

9.8 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
https://cert.vde.com/de-de/advisories/vde-2020-040 Third Party Advisory
http://seclists.org/fulldisclosure/2021/Jun/0 Exploit Mailing List Third Party Advisory
http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html Exploit Third Party Advisory VDB Entry
https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/ Exploit Third Party Advisory
https://cert.vde.com/en-us/advisories/vde-2020-053 Third Party Advisory
http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html Exploit Third Party Advisory VDB Entry
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:pepperl-fuchs:es7510-xt_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:es7510-xt:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:pepperl-fuchs:es8509-xt_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:es8509-xt:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:pepperl-fuchs:es8510-xt_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:es8510-xt:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:pepperl-fuchs:es9528-xtv2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:es9528-xtv2:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:pepperl-fuchs:es7506_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:es7506:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:pepperl-fuchs:es7510_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:es7510:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:pepperl-fuchs:es7528_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:es7528:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:pepperl-fuchs:es8508_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:es8508:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:pepperl-fuchs:es8508f_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:es8508f:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:pepperl-fuchs:es8510_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:es8510:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:pepperl-fuchs:es8510-xte_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:es8510-xte:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:pepperl-fuchs:es9528_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:es9528:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:pepperl-fuchs:es9528-xt_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:es9528-xt:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:pepperl-fuchs:icrl-m-8rj45\/4sfp-g-din_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icrl-m-8rj45\/4sfp-g-din:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:pepperl-fuchs:icrl-m-16rj45\/4cp-g-din_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:pepperl-fuchs:icrl-m-16rj45\/4cp-g-din:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:korenix:jetwave_2212s_firmware:1.5:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetwave_2212s:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:korenix:jetwave_2212g_firmware:1.4:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetwave_2212g:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:korenix:jetwave_2311_firmware:1.2:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetwave_2311:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:korenix:jetwave_3220_firmware:1.2:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetwave_3220:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:korenix:jetwave_3420_firmware:1.1.3t:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetwave_3420:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:korenix:jetwave_2212x_firmware:1.5:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetwave_2212x:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
cpe:2.3:o:korenix:jetwave_5428g-20sfp_firmware:1.0:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetwave_5428g-20sfp:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND
cpe:2.3:o:korenix:jetwave_5810g_firmware:1.1:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetwave_5810g:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND
cpe:2.3:o:korenix:jetwave_5310_firmware:1.5:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetwave_5310:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND
cpe:2.3:o:korenix:jetwave_5010_firmware:3.1a:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetwave_5010:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND
cpe:2.3:o:korenix:jetwave_4706f_firmware:2.3b:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetwave_4706f:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND
cpe:2.3:o:korenix:jetwave_4706_firmware:2.3b:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetwave_4706:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND
cpe:2.3:o:korenix:jetwave_4510_firmware:3.0b:*:*:*:*:*:*:*
cpe:2.3:h:korenix:jetwave_4510:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND
cpe:2.3:o:westermo:pmi-110-f2g_firmware:1.5:*:*:*:*:*:*:*
cpe:2.3:h:westermo:pmi-110-f2g:-:*:*:*:*:*:*:*
Information

Published : 2020-10-15 12:15

Updated : 2022-03-16 07:02

NVD link : CVE-2020-12504

Mitre link : CVE-2020-12504

JSON object : View

CWE
CWE-912

Hidden Functionality

Advertisement

dedicated server usa
Products Affected

korenix

  • jetwave_2212s
  • jetwave_2311
  • jetwave_5010_firmware
  • jetwave_5010
  • jetwave_5810g
  • jetwave_4706f
  • jetwave_5810g_firmware
  • jetwave_4706_firmware
  • jetwave_3220
  • jetwave_4706
  • jetwave_4510
  • jetwave_3220_firmware
  • jetwave_2212x
  • jetwave_5428g-20sfp_firmware
  • jetwave_2212x_firmware
  • jetwave_3420
  • jetwave_2212g_firmware
  • jetwave_5428g-20sfp
  • jetwave_5310_firmware
  • jetwave_4510_firmware
  • jetwave_2311_firmware
  • jetwave_2212g
  • jetwave_4706f_firmware
  • jetwave_5310
  • jetwave_2212s_firmware
  • jetwave_3420_firmware

pepperl-fuchs

  • icrl-m-16rj45\/4cp-g-din
  • icrl-m-16rj45\/4cp-g-din_firmware
  • es7506
  • es8510-xt_firmware
  • es8510-xt
  • es8508f_firmware
  • es8510
  • es8508
  • es7510-xt_firmware
  • es7510
  • es7506_firmware
  • es8508_firmware
  • es9528-xt
  • es9528_firmware
  • icrl-m-8rj45\/4sfp-g-din_firmware
  • es9528-xt_firmware
  • es9528
  • es8510-xte
  • es7528
  • es9528-xtv2_firmware
  • es8510-xte_firmware
  • es8509-xt_firmware
  • es7510-xt
  • es8510_firmware
  • es7510_firmware
  • es9528-xtv2
  • es8508f
  • icrl-m-8rj45\/4sfp-g-din
  • es7528_firmware
  • es8509-xt

westermo

  • pmi-110-f2g_firmware
  • pmi-110-f2g