Search criteria
14 vulnerabilities by Pepperl+Fuchs
CVE-2025-41655 (GCVE-0-2025-41655)
Vulnerability from cvelistv5 – Published: 2025-05-26 08:22 – Updated: 2025-05-27 14:25
VLAI?
Summary
An unauthenticated remote attacker can access a URL which causes the device to reboot.
Severity ?
7.5 (High)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Pepperl+Fuchs | Profinet Gateway FB8122A.1.EL |
Affected:
0 , < V1.3.13
(semver)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41655",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-27T14:25:27.781540Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-27T14:25:34.580Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Profinet Gateway FB8122A.1.EL",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThan": "V1.3.13",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Profinet Gateway LB8122A.1.EL",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThan": "V1.3.13",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated remote attacker can access a URL which causes the device to reboot."
}
],
"value": "An unauthenticated remote attacker can access a URL which causes the device to reboot."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-26T08:22:13.883Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/en/advisories/VDE-2025-011"
}
],
"source": {
"advisory": "VDE-2025-011",
"defect": [
"CERT@VDE#641711"
],
"discovery": "UNKNOWN"
},
"title": "PEPPERL+FUCHS: Attacker can cause a DoS via URL",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41655",
"datePublished": "2025-05-26T08:22:13.883Z",
"dateReserved": "2025-04-16T11:17:48.306Z",
"dateUpdated": "2025-05-27T14:25:34.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41654 (GCVE-0-2025-41654)
Vulnerability from cvelistv5 – Published: 2025-05-26 08:21 – Updated: 2025-08-22 09:18
VLAI?
Summary
An unauthenticated remote attacker can access information about running processes via the SNMP protocol. The amount of returned data can trigger a reboot by the watchdog.
Severity ?
8.2 (High)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Pepperl+Fuchs | Profinet Gateway FB8122A.1.EL |
Affected:
0 , < V1.3.13
(semver)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41654",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-27T14:13:48.803600Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-27T14:13:53.729Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Profinet Gateway FB8122A.1.EL",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThan": "V1.3.13",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Profinet Gateway LB8122A.1.EL",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThan": "V1.3.13",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated remote attacker can access information about running processes via the SNMP protocol. The amount of returned data can trigger a reboot by the watchdog."
}
],
"value": "An unauthenticated remote attacker can access information about running processes via the SNMP protocol. The amount of returned data can trigger a reboot by the watchdog."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-22T09:18:26.543Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2025-011"
}
],
"source": {
"advisory": "VDE-2025-011",
"defect": [
"CERT@VDE#641711"
],
"discovery": "UNKNOWN"
},
"title": "PEPPERL+FUCHS: Profinet Gateway LB8122A.1.EL \u2013 Device is affected by information disclosure via the SNMP protocol",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41654",
"datePublished": "2025-05-26T08:21:54.033Z",
"dateReserved": "2025-04-16T11:17:48.306Z",
"dateUpdated": "2025-08-22T09:18:26.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1985 (GCVE-0-2025-1985)
Vulnerability from cvelistv5 – Published: 2025-05-26 08:21 – Updated: 2025-05-27 14:18
VLAI?
Summary
Due to improper neutralization of input during web page generation (XSS) an unauthenticated remote attacker can inject HTML code into the Web-UI in the affected device.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Pepperl+Fuchs | Profinet Gateway FB8122A.1.EL |
Affected:
0 , < V1.3.13
(semver)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1985",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-27T14:18:06.220613Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-27T14:18:17.838Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Profinet Gateway FB8122A.1.EL",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThan": "V1.3.13",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Profinet Gateway LB8122A.1.EL",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThan": "V1.3.13",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Due to improper neutralization of input during web page generation (XSS) an unauthenticated remote attacker can inject HTML code into the Web-UI in the affected device."
}
],
"value": "Due to improper neutralization of input during web page generation (XSS) an unauthenticated remote attacker can inject HTML code into the Web-UI in the affected device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-26T08:21:34.217Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2025-011"
}
],
"source": {
"advisory": "VDE-2025-011",
"defect": [
"CERT@VDE#641711"
],
"discovery": "UNKNOWN"
},
"title": "PEPPERL+FUCHS: Profinet Gateway LB8122A.1.EL \u2013 Device is affected by XSS vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-1985",
"datePublished": "2025-05-26T08:21:34.217Z",
"dateReserved": "2025-03-05T14:01:01.177Z",
"dateUpdated": "2025-05-27T14:18:17.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38502 (GCVE-0-2024-38502)
Vulnerability from cvelistv5 – Published: 2024-08-13 12:33 – Updated: 2024-08-13 13:28
VLAI?
Summary
An unauthenticated remote attacker may use stored XSS vulnerability to obtain information from a user or reboot the affected device once.
Severity ?
7.1 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Pepperl+Fuchs | ICDM-RX/TCP-DB9/RJ45-DIN |
Affected:
SocketServer , ≤ 11.65
(semver)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Christopher Di-Nozzi
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38502",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-13T13:28:15.420369Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T13:28:24.550Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/TCP-DB9/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "11.65",
"status": "affected",
"version": "SocketServer",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/TCP-ST/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "11.65",
"status": "affected",
"version": "SocketServer",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/TCP-4DB9/2RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "11.65",
"status": "affected",
"version": "SocketServer",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/TCP-DB9/RJ45-PM",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "11.65",
"status": "affected",
"version": "SocketServer",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/TCP-2DB9/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "11.65",
"status": "affected",
"version": "SocketServer",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/TCP-2ST/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "11.65",
"status": "affected",
"version": "SocketServer",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/TCP-4DB9/2RJ45-PM",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "11.65",
"status": "affected",
"version": "SocketServer",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/TCP-8DB9/2RJ45-PM",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "11.65",
"status": "affected",
"version": "SocketServer",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/TCP-16RJ45/RJ45-RM",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "11.65",
"status": "affected",
"version": "SocketServer",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/TCP-16DB9/RJ45-RM",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "11.65",
"status": "affected",
"version": "SocketServer",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/TCP-32RJ45/RJ45-RM",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "11.65",
"status": "affected",
"version": "SocketServer",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/TCP-DB9/RJ45-PM2",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "11.65",
"status": "affected",
"version": "SocketServer",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/TCP-16RJ45/2RJ45-PM",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "11.65",
"status": "affected",
"version": "SocketServer",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/PN-DB9/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v3.4.9",
"status": "affected",
"version": "PROFINET",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/PN-ST/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v3.4.9",
"status": "affected",
"version": "PROFINET",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/PN-4DB9/2RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v3.4.9",
"status": "affected",
"version": "PROFINET",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/PN-DB9/RJ45-PM",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v3.4.9",
"status": "affected",
"version": "PROFINET",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/PN-2DB9/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v3.4.9",
"status": "affected",
"version": "PROFINET",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/PN-2ST/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v3.4.9",
"status": "affected",
"version": "PROFINET",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/PN1-DB9/RJ45-PM",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v1.0.7",
"status": "affected",
"version": "PROFINET/Modbus",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/PN1-DB9/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v1.0.7",
"status": "affected",
"version": "PROFINET/Modbus",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/PN1-ST/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v1.0.7",
"status": "affected",
"version": "PROFINET/Modbus",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/PN1-2DB9/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v1.0.7",
"status": "affected",
"version": "PROFINET/Modbus",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/PN1-4DB9/2RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v1.0.7",
"status": "affected",
"version": "PROFINET/Modbus",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/PN1-2ST/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v1.0.7",
"status": "affected",
"version": "PROFINET/Modbus",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/EN-DB9/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v7.22",
"status": "affected",
"version": "EtherNet/IP",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/EN-ST/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v7.22",
"status": "affected",
"version": "EtherNet/IP",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/EN-4DB9/2RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v7.22",
"status": "affected",
"version": "EtherNet/IP",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/EN-DB9/RJ45-PM",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v7.22",
"status": "affected",
"version": "EtherNet/IP",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/EN-2DB9/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v7.22",
"status": "affected",
"version": "EtherNet/IP",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/EN-2ST/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v7.22",
"status": "affected",
"version": "EtherNet/IP",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/EN1-DB9/RJ45-PM",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v1.08",
"status": "affected",
"version": "EIP/Modbus",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/EN1-DB9/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v1.08",
"status": "affected",
"version": "EIP/Modbus",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/EN1-ST/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v1.08",
"status": "affected",
"version": "EIP/Modbus",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/EN1-2DB9/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v1.08",
"status": "affected",
"version": "EIP/Modbus",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/EN1-4DB9/2RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v1.08",
"status": "affected",
"version": "EIP/Modbus",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/EN1-2ST/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v1.08",
"status": "affected",
"version": "EIP/Modbus",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/MOD-DB9/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v7.09",
"status": "affected",
"version": "Modbus Router",
"versionType": "semver"
},
{
"lessThanOrEqual": "v7.11",
"status": "affected",
"version": "Modbus Server",
"versionType": "semver"
},
{
"lessThanOrEqual": "v7.11",
"status": "affected",
"version": "Modbus TCP",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/MOD-ST/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v7.09",
"status": "affected",
"version": "Modbus Router",
"versionType": "semver"
},
{
"lessThanOrEqual": "v7.11",
"status": "affected",
"version": "Modbus Server",
"versionType": "semver"
},
{
"lessThanOrEqual": "v7.11",
"status": "affected",
"version": "Modbus TCP",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/MOD-4DB9/2RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v7.09",
"status": "affected",
"version": "Modbus Router",
"versionType": "semver"
},
{
"lessThanOrEqual": "v7.11",
"status": "affected",
"version": "Modbus Server",
"versionType": "semver"
},
{
"lessThanOrEqual": "v7.11",
"status": "affected",
"version": "Modbus TCP",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/MOD-DB9/RJ45-PM",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v7.09",
"status": "affected",
"version": "Modbus Router",
"versionType": "semver"
},
{
"lessThanOrEqual": "v7.11",
"status": "affected",
"version": "Modbus Server",
"versionType": "semver"
},
{
"lessThanOrEqual": "v7.11",
"status": "affected",
"version": "Modbus TCP",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/MOD-2DB9/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v7.09",
"status": "affected",
"version": "Modbus Router",
"versionType": "semver"
},
{
"lessThanOrEqual": "v7.11",
"status": "affected",
"version": "Modbus Server",
"versionType": "semver"
},
{
"lessThanOrEqual": "v7.11",
"status": "affected",
"version": "Modbus TCP",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/MOD-2ST/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v7.09",
"status": "affected",
"version": "Modbus Router",
"versionType": "semver"
},
{
"lessThanOrEqual": "v7.11",
"status": "affected",
"version": "Modbus Server",
"versionType": "semver"
},
{
"lessThanOrEqual": "v7.11",
"status": "affected",
"version": "Modbus TCP",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/MOD-16RJ45/2RJ45-PM",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v7.09",
"status": "affected",
"version": "Modbus Router",
"versionType": "semver"
},
{
"lessThanOrEqual": "v7.11",
"status": "affected",
"version": "Modbus Server",
"versionType": "semver"
},
{
"lessThanOrEqual": "v7.11",
"status": "affected",
"version": "Modbus TCP",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Christopher Di-Nozzi"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn unauthenticated remote attacker may use stored XSS vulnerability to obtain information from a user or reboot the affected device once.\u003c/p\u003e"
}
],
"value": "An unauthenticated remote attacker may use stored XSS vulnerability to obtain information from a user or reboot the affected device once."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T12:33:30.908Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-033"
}
],
"source": {
"advisory": "VDE-2024-033",
"defect": [
"CERT@VDE#641631"
],
"discovery": "UNKNOWN"
},
"title": "Pepperl+Fuchs: Device Master ICDM-RX/* XSS vulnerability allows stored XSS",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2024-38502",
"datePublished": "2024-08-13T12:33:30.908Z",
"dateReserved": "2024-06-18T07:56:44.761Z",
"dateUpdated": "2024-08-13T13:28:24.550Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38501 (GCVE-0-2024-38501)
Vulnerability from cvelistv5 – Published: 2024-08-13 12:33 – Updated: 2024-08-13 13:31
VLAI?
Summary
An unauthenticated remote attacker may use a HTML injection vulnerability with limited length to inject malicious HTML code and gain low-privileged access on the affected device.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Pepperl+Fuchs | ICDM-RX/TCP-DB9/RJ45-DIN |
Affected:
SocketServer , ≤ 11.65
(semver)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Christopher Di-Nozzi
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38501",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-13T13:31:15.575746Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T13:31:52.009Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/TCP-DB9/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "11.65",
"status": "affected",
"version": "SocketServer",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/TCP-ST/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "11.65",
"status": "affected",
"version": "SocketServer",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/TCP-4DB9/2RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "11.65",
"status": "affected",
"version": "SocketServer",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/TCP-DB9/RJ45-PM",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "11.65",
"status": "affected",
"version": "SocketServer",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/TCP-2DB9/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "11.65",
"status": "affected",
"version": "SocketServer",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/TCP-2ST/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "11.65",
"status": "affected",
"version": "SocketServer",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/TCP-4DB9/2RJ45-PM",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "11.65",
"status": "affected",
"version": "SocketServer",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/TCP-8DB9/2RJ45-PM",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "11.65",
"status": "affected",
"version": "SocketServer",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/TCP-16RJ45/RJ45-RM",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "11.65",
"status": "affected",
"version": "SocketServer",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/TCP-16DB9/RJ45-RM",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "11.65",
"status": "affected",
"version": "SocketServer",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/TCP-32RJ45/RJ45-RM",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "11.65",
"status": "affected",
"version": "SocketServer",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/TCP-DB9/RJ45-PM2",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "11.65",
"status": "affected",
"version": "SocketServer",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/TCP-16RJ45/2RJ45-PM",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "11.65",
"status": "affected",
"version": "SocketServer",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/PN-DB9/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v3.4.9",
"status": "affected",
"version": "PROFINET",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/PN-ST/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v3.4.9",
"status": "affected",
"version": "PROFINET",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/PN-4DB9/2RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v3.4.9",
"status": "affected",
"version": "PROFINET",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/PN-DB9/RJ45-PM",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v3.4.9",
"status": "affected",
"version": "PROFINET",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/PN-2DB9/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v3.4.9",
"status": "affected",
"version": "PROFINET",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/PN-2ST/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v3.4.9",
"status": "affected",
"version": "PROFINET",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/PN1-DB9/RJ45-PM",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v1.0.7",
"status": "affected",
"version": "PROFINET/Modbus",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/PN1-DB9/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v1.0.7",
"status": "affected",
"version": "PROFINET/Modbus",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/PN1-ST/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v1.0.7",
"status": "affected",
"version": "PROFINET/Modbus",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/PN1-2DB9/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v1.0.7",
"status": "affected",
"version": "PROFINET/Modbus",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/PN1-4DB9/2RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v1.0.7",
"status": "affected",
"version": "PROFINET/Modbus",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/PN1-2ST/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v1.0.7",
"status": "affected",
"version": "PROFINET/Modbus",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/EN-DB9/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v7.22",
"status": "affected",
"version": "EtherNet/IP",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/EN-ST/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v7.22",
"status": "affected",
"version": "EtherNet/IP",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/EN-4DB9/2RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v7.22",
"status": "affected",
"version": "EtherNet/IP",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/EN-DB9/RJ45-PM",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v7.22",
"status": "affected",
"version": "EtherNet/IP",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/EN-2DB9/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v7.22",
"status": "affected",
"version": "EtherNet/IP",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/EN-2ST/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v7.22",
"status": "affected",
"version": "EtherNet/IP",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/EN1-DB9/RJ45-PM",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v1.08",
"status": "affected",
"version": "EIP/Modbus",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/EN1-DB9/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v1.08",
"status": "affected",
"version": "EIP/Modbus",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/EN1-ST/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v1.08",
"status": "affected",
"version": "EIP/Modbus",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/EN1-2DB9/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v1.08",
"status": "affected",
"version": "EIP/Modbus",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/EN1-4DB9/2RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v1.08",
"status": "affected",
"version": "EIP/Modbus",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/EN1-2ST/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v1.08",
"status": "affected",
"version": "EIP/Modbus",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/MOD-DB9/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v7.09",
"status": "affected",
"version": "Modbus Router",
"versionType": "semver"
},
{
"lessThanOrEqual": "v7.11",
"status": "affected",
"version": "Modbus Server",
"versionType": "semver"
},
{
"lessThanOrEqual": "v7.11",
"status": "affected",
"version": "Modbus TCP",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/MOD-ST/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v7.09",
"status": "affected",
"version": "Modbus Router",
"versionType": "semver"
},
{
"lessThanOrEqual": "v7.11",
"status": "affected",
"version": "Modbus Server",
"versionType": "semver"
},
{
"lessThanOrEqual": "v7.11",
"status": "affected",
"version": "Modbus TCP",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/MOD-4DB9/2RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v7.09",
"status": "affected",
"version": "Modbus Router",
"versionType": "semver"
},
{
"lessThanOrEqual": "v7.11",
"status": "affected",
"version": "Modbus Server",
"versionType": "semver"
},
{
"lessThanOrEqual": "v7.11",
"status": "affected",
"version": "Modbus TCP",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/MOD-DB9/RJ45-PM",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v7.09",
"status": "affected",
"version": "Modbus Router",
"versionType": "semver"
},
{
"lessThanOrEqual": "v7.11",
"status": "affected",
"version": "Modbus Server",
"versionType": "semver"
},
{
"lessThanOrEqual": "v7.11",
"status": "affected",
"version": "Modbus TCP",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/MOD-2DB9/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v7.09",
"status": "affected",
"version": "Modbus Router",
"versionType": "semver"
},
{
"lessThanOrEqual": "v7.11",
"status": "affected",
"version": "Modbus Server",
"versionType": "semver"
},
{
"lessThanOrEqual": "v7.11",
"status": "affected",
"version": "Modbus TCP",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/MOD-2ST/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v7.09",
"status": "affected",
"version": "Modbus Router",
"versionType": "semver"
},
{
"lessThanOrEqual": "v7.11",
"status": "affected",
"version": "Modbus Server",
"versionType": "semver"
},
{
"lessThanOrEqual": "v7.11",
"status": "affected",
"version": "Modbus TCP",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/MOD-16RJ45/2RJ45-PM",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v7.09",
"status": "affected",
"version": "Modbus Router",
"versionType": "semver"
},
{
"lessThanOrEqual": "v7.11",
"status": "affected",
"version": "Modbus Server",
"versionType": "semver"
},
{
"lessThanOrEqual": "v7.11",
"status": "affected",
"version": "Modbus TCP",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Christopher Di-Nozzi"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn unauthenticated remote attacker may use a HTML injection vulnerability with limited length to inject malicious HTML code and gain low-privileged access on the affected device.\u003c/p\u003e"
}
],
"value": "An unauthenticated remote attacker may use a HTML injection vulnerability with limited length to inject malicious HTML code and gain low-privileged access on the affected device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T12:33:00.703Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-033"
}
],
"source": {
"advisory": "VDE-2024-033",
"defect": [
"CERT@VDE#641631"
],
"discovery": "UNKNOWN"
},
"title": "Pepperl+Fuchs: Device Master ICDM-RX/* XSS vulnerability allows HTML injection",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2024-38501",
"datePublished": "2024-08-13T12:33:00.703Z",
"dateReserved": "2024-06-18T07:56:44.761Z",
"dateUpdated": "2024-08-13T13:31:52.009Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5849 (GCVE-0-2024-5849)
Vulnerability from cvelistv5 – Published: 2024-08-13 12:32 – Updated: 2024-08-15 14:14
VLAI?
Summary
An unauthenticated remote attacker may use a reflected XSS vulnerability to obtain information from a user or reboot the affected device once.
Severity ?
7.1 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Pepperl+Fuchs | ICDM-RX/TCP-DB9/RJ45-DIN |
Affected:
SocketServer , ≤ 11.65
(semver)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Christopher Di-Nozzi
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5849",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-15T14:14:27.392489Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T14:14:42.465Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/TCP-DB9/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "11.65",
"status": "affected",
"version": "SocketServer",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/TCP-ST/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "11.65",
"status": "affected",
"version": "SocketServer",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/TCP-4DB9/2RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "11.65",
"status": "affected",
"version": "SocketServer",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/TCP-DB9/RJ45-PM",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "11.65",
"status": "affected",
"version": "SocketServer",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/TCP-2DB9/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "11.65",
"status": "affected",
"version": "SocketServer",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/TCP-2ST/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "11.65",
"status": "affected",
"version": "SocketServer",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/TCP-4DB9/2RJ45-PM",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "11.65",
"status": "affected",
"version": "SocketServer",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/TCP-8DB9/2RJ45-PM",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "11.65",
"status": "affected",
"version": "SocketServer",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/TCP-16RJ45/RJ45-RM",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "11.65",
"status": "affected",
"version": "SocketServer",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/TCP-16DB9/RJ45-RM",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "11.65",
"status": "affected",
"version": "SocketServer",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/TCP-32RJ45/RJ45-RM",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "11.65",
"status": "affected",
"version": "SocketServer",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/TCP-DB9/RJ45-PM2",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "11.65",
"status": "affected",
"version": "SocketServer",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/TCP-16RJ45/2RJ45-PM",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "11.65",
"status": "affected",
"version": "SocketServer",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/PN-DB9/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v3.4.9",
"status": "affected",
"version": "PROFINET",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/PN-ST/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v3.4.9",
"status": "affected",
"version": "PROFINET",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/PN-4DB9/2RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v3.4.9",
"status": "affected",
"version": "PROFINET",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/PN-DB9/RJ45-PM",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v3.4.9",
"status": "affected",
"version": "PROFINET",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/PN-2DB9/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v3.4.9",
"status": "affected",
"version": "PROFINET",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/PN-2ST/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v3.4.9",
"status": "affected",
"version": "PROFINET",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/PN1-DB9/RJ45-PM",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v1.0.7",
"status": "affected",
"version": "PROFINET/Modbus",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/PN1-DB9/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v1.0.7",
"status": "affected",
"version": "PROFINET/Modbus",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/PN1-ST/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v1.0.7",
"status": "affected",
"version": "PROFINET/Modbus",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/PN1-2DB9/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v1.0.7",
"status": "affected",
"version": "PROFINET/Modbus",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/PN1-4DB9/2RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v1.0.7",
"status": "affected",
"version": "PROFINET/Modbus",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/PN1-2ST/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v1.0.7",
"status": "affected",
"version": "PROFINET/Modbus",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/EN-DB9/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v7.22",
"status": "affected",
"version": "EtherNet/IP",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/EN-ST/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v7.22",
"status": "affected",
"version": "EtherNet/IP",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/EN-4DB9/2RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v7.22",
"status": "affected",
"version": "EtherNet/IP",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/EN-DB9/RJ45-PM",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v7.22",
"status": "affected",
"version": "EtherNet/IP",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/EN-2DB9/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v7.22",
"status": "affected",
"version": "EtherNet/IP",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/EN-2ST/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v7.22",
"status": "affected",
"version": "EtherNet/IP",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/EN1-DB9/RJ45-PM",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v1.08",
"status": "affected",
"version": "EIP/Modbus",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/EN1-DB9/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v1.08",
"status": "affected",
"version": "EIP/Modbus",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/EN1-ST/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v1.08",
"status": "affected",
"version": "EIP/Modbus",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/EN1-2DB9/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v1.08",
"status": "affected",
"version": "EIP/Modbus",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/EN1-4DB9/2RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v1.08",
"status": "affected",
"version": "EIP/Modbus",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/EN1-2ST/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v1.08",
"status": "affected",
"version": "EIP/Modbus",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/MOD-DB9/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v7.09",
"status": "affected",
"version": "Modbus Router",
"versionType": "semver"
},
{
"lessThanOrEqual": "v7.11",
"status": "affected",
"version": "Modbus Server",
"versionType": "semver"
},
{
"lessThanOrEqual": "v7.11",
"status": "affected",
"version": "Modbus TCP",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/MOD-ST/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v7.09",
"status": "affected",
"version": "Modbus Router",
"versionType": "semver"
},
{
"lessThanOrEqual": "v7.11",
"status": "affected",
"version": "Modbus Server",
"versionType": "semver"
},
{
"lessThanOrEqual": "v7.11",
"status": "affected",
"version": "Modbus TCP",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/MOD-4DB9/2RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v7.09",
"status": "affected",
"version": "Modbus Router",
"versionType": "semver"
},
{
"lessThanOrEqual": "v7.11",
"status": "affected",
"version": "Modbus Server",
"versionType": "semver"
},
{
"lessThanOrEqual": "v7.11",
"status": "affected",
"version": "Modbus TCP",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/MOD-DB9/RJ45-PM",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v7.09",
"status": "affected",
"version": "Modbus Router",
"versionType": "semver"
},
{
"lessThanOrEqual": "v7.11",
"status": "affected",
"version": "Modbus Server",
"versionType": "semver"
},
{
"lessThanOrEqual": "v7.11",
"status": "affected",
"version": "Modbus TCP",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/MOD-2DB9/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v7.09",
"status": "affected",
"version": "Modbus Router",
"versionType": "semver"
},
{
"lessThanOrEqual": "v7.11",
"status": "affected",
"version": "Modbus Server",
"versionType": "semver"
},
{
"lessThanOrEqual": "v7.11",
"status": "affected",
"version": "Modbus TCP",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/MOD-2ST/RJ45-DIN",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v7.09",
"status": "affected",
"version": "Modbus Router",
"versionType": "semver"
},
{
"lessThanOrEqual": "v7.11",
"status": "affected",
"version": "Modbus Server",
"versionType": "semver"
},
{
"lessThanOrEqual": "v7.11",
"status": "affected",
"version": "Modbus TCP",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ICDM-RX/MOD-16RJ45/2RJ45-PM",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "v7.09",
"status": "affected",
"version": "Modbus Router",
"versionType": "semver"
},
{
"lessThanOrEqual": "v7.11",
"status": "affected",
"version": "Modbus Server",
"versionType": "semver"
},
{
"lessThanOrEqual": "v7.11",
"status": "affected",
"version": "Modbus TCP",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Christopher Di-Nozzi"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn unauthenticated remote attacker may use a reflected XSS vulnerability to obtain information from a user or reboot the affected device once.\u003c/p\u003e"
}
],
"value": "An unauthenticated remote attacker may use a reflected XSS vulnerability to obtain information from a user or reboot the affected device once."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T12:32:37.130Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-033"
}
],
"source": {
"advisory": "VDE-2024-033",
"defect": [
"CERT@VDE#641631"
],
"discovery": "UNKNOWN"
},
"title": "Pepperl+Fuchs: Device Master ICDM-RX/* XSS vulnerability allows reflected XSS",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2024-5849",
"datePublished": "2024-08-13T12:32:37.130Z",
"dateReserved": "2024-06-11T07:44:37.199Z",
"dateUpdated": "2024-08-15T14:14:42.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6422 (GCVE-0-2024-6422)
Vulnerability from cvelistv5 – Published: 2024-07-10 07:37 – Updated: 2024-08-01 21:41
VLAI?
Summary
An unauthenticated remote attacker can manipulate the device via Telnet, stop processes, read, delete and change data.
Severity ?
9.8 (Critical)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Pepperl+Fuchs | OIT1500-F113-B12-CB |
Affected:
0 , ≤ V2.11.0
(semver)
|
|||||||||||||||||
|
|||||||||||||||||||
Credits
BMW AG
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6422",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-23T18:31:19.777298Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-23T18:31:29.464Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:41:03.408Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2024-038"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OIT1500-F113-B12-CB",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "V2.11.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "OIT200-F113-B12-CB",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "V2.11.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "OIT500-F113-B12-CB",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "V2.11.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "OIT700-F113-B12-CB",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "V2.11.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "BMW AG"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated remote attacker can manipulate the device via Telnet, stop processes, read, delete and change data."
}
],
"value": "An unauthenticated remote attacker can manipulate the device via Telnet, stop processes, read, delete and change data."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T07:37:03.147Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-038"
}
],
"source": {
"advisory": "VDE-204-038",
"defect": [
"CERT@VDE#641655"
],
"discovery": "UNKNOWN"
},
"title": "Pepperl+Fuchs: OIT Products can be manipulated via unintended Telnet access",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2024-6422",
"datePublished": "2024-07-10T07:37:03.147Z",
"dateReserved": "2024-07-01T07:38:23.446Z",
"dateUpdated": "2024-08-01T21:41:03.408Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6421 (GCVE-0-2024-6421)
Vulnerability from cvelistv5 – Published: 2024-07-10 07:36 – Updated: 2025-08-22 07:00
VLAI?
Summary
An unauthenticated remote attacker can read out sensitive device information through a incorrectly configured FTP service.
Severity ?
7.5 (High)
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Pepperl+Fuchs | OIT1500-F113-B12-CB |
Affected:
0 , ≤ V2.11.0
(semver)
|
|||||||||||||||||
|
|||||||||||||||||||
Credits
BMW AG
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:pepperl-fuchs:oit1500-f113-b12-cb_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "oit1500-f113-b12-cb_firmware",
"vendor": "pepperl-fuchs",
"versions": [
{
"lessThanOrEqual": "V2.11.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:pepperl-fuchs:oit200-f113-b12-cb_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "oit200-f113-b12-cb_firmware",
"vendor": "pepperl-fuchs",
"versions": [
{
"lessThanOrEqual": "V2.11.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:pepperl-fuchs:oit500-f113-b12-cb_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "oit500-f113-b12-cb_firmware",
"vendor": "pepperl-fuchs",
"versions": [
{
"lessThanOrEqual": "V2.11.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:pepperl-fuchs:oit700-f113-b12-cb_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "oit700-f113-b12-cb_firmware",
"vendor": "pepperl-fuchs",
"versions": [
{
"lessThanOrEqual": "V2.11.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6421",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-10T14:15:26.548063Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T14:33:22.935Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:41:03.308Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2024-038"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OIT1500-F113-B12-CB",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "V2.11.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "OIT200-F113-B12-CB",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "V2.11.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "OIT500-F113-B12-CB",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "V2.11.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "OIT700-F113-B12-CB",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "V2.11.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "BMW AG"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated remote attacker can read out sensitive device information through a incorrectly configured FTP service."
}
],
"value": "An unauthenticated remote attacker can read out sensitive device information through a incorrectly configured FTP service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-22T07:00:50.289Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-038"
}
],
"source": {
"advisory": "VDE-2024-038",
"defect": [
"CERT@VDE#641655"
],
"discovery": "UNKNOWN"
},
"title": "Pepperl+Fuchs: Incorrectly configured FTP-Server in OIT Products",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2024-6421",
"datePublished": "2024-07-10T07:36:52.119Z",
"dateReserved": "2024-07-01T07:38:21.490Z",
"dateUpdated": "2025-08-22T07:00:50.289Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20988 (GCVE-0-2021-20988)
Vulnerability from cvelistv5 – Published: 2021-05-13 13:45 – Updated: 2024-09-16 17:49
VLAI?
Summary
In Hilscher rcX RTOS versions prios to V2.1.14.1 the actual UDP packet length is not verified against the length indicated by the packet. This may lead to a denial of service of the affected device.
Severity ?
8.6 (High)
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Hilscher | rcX RTOS |
Affected:
unspecified , < V2.1.14.1
(custom)
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:23.157Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.hilscher.com/display/ISMS/2019-04-10+Wrong+handling+of+the+UDP+checksum"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-018"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "rcX RTOS",
"vendor": "Hilscher",
"versions": [
{
"lessThan": "V2.1.14.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Ethernet IO Modules ICE1-16",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "F10017",
"status": "affected",
"version": "ICE1-16DI-G60L-V1D",
"versionType": "custom"
},
{
"lessThanOrEqual": "F10017",
"status": "affected",
"version": "ICE1-16DIO-G60L-C1-V1D",
"versionType": "custom"
},
{
"lessThanOrEqual": "F10017",
"status": "affected",
"version": "ICE1-16DIO-G60L-V1D",
"versionType": "custom"
}
]
},
{
"product": "Ethernet IO Modules ICE1-8",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "F10017",
"status": "affected",
"version": "ICE1-8DI8DO-G60L-C1-V1D",
"versionType": "custom"
},
{
"lessThanOrEqual": "F10017",
"status": "affected",
"version": "ICE1-8DI8DO-G60L-V1D",
"versionType": "custom"
},
{
"lessThanOrEqual": "F10017",
"status": "affected",
"version": "ICE1-8IOL-G30L-V1D",
"versionType": "custom"
},
{
"lessThanOrEqual": "F10017",
"status": "affected",
"version": "ICE1-8IOL-G60L-V1D",
"versionType": "custom"
},
{
"lessThanOrEqual": "F10017",
"status": "affected",
"version": "ICE1-8IOL-S2-G60L-V1D",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-02-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Hilscher rcX RTOS versions prios to V2.1.14.1 the actual UDP packet length is not verified against the length indicated by the packet. This may lead to a denial of service of the affected device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-13T13:45:24",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.hilscher.com/display/ISMS/2019-04-10+Wrong+handling+of+the+UDP+checksum"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-018"
}
],
"source": {
"advisory": "vde-2021-018",
"defect": [
"vde-2021-018"
],
"discovery": "UNKNOWN"
},
"title": "Hilscher rcX RTOS: Wrong handling of the UDP checksum",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-02-15T13:00:00.000Z",
"ID": "CVE-2021-20988",
"STATE": "PUBLIC",
"TITLE": "Hilscher rcX RTOS: Wrong handling of the UDP checksum"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "rcX RTOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "V2.1.14.1"
}
]
}
}
]
},
"vendor_name": "Hilscher"
},
{
"product": {
"product_data": [
{
"product_name": "Ethernet IO Modules ICE1-16",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "ICE1-16DI-G60L-V1D",
"version_value": "F10017"
},
{
"version_affected": "\u003c=",
"version_name": "ICE1-16DIO-G60L-C1-V1D",
"version_value": "F10017"
},
{
"version_affected": "\u003c=",
"version_name": "ICE1-16DIO-G60L-V1D",
"version_value": "F10017"
}
]
}
},
{
"product_name": "Ethernet IO Modules ICE1-8",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "ICE1-8DI8DO-G60L-C1-V1D",
"version_value": "F10017"
},
{
"version_affected": "\u003c=",
"version_name": "ICE1-8DI8DO-G60L-V1D",
"version_value": "F10017"
},
{
"version_affected": "\u003c=",
"version_name": "ICE1-8IOL-G30L-V1D",
"version_value": "F10017"
},
{
"version_affected": "\u003c=",
"version_name": "ICE1-8IOL-G60L-V1D",
"version_value": "F10017"
},
{
"version_affected": "\u003c=",
"version_name": "ICE1-8IOL-S2-G60L-V1D",
"version_value": "F10017"
}
]
}
}
]
},
"vendor_name": "Pepperl+Fuchs"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Hilscher rcX RTOS versions prios to V2.1.14.1 the actual UDP packet length is not verified against the length indicated by the packet. This may lead to a denial of service of the affected device."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.hilscher.com/display/ISMS/2019-04-10+Wrong+handling+of+the+UDP+checksum",
"refsource": "CONFIRM",
"url": "https://kb.hilscher.com/display/ISMS/2019-04-10+Wrong+handling+of+the+UDP+checksum"
},
{
"name": "https://cert.vde.com/de-de/advisories/vde-2021-018",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/de-de/advisories/vde-2021-018"
}
]
},
"source": {
"advisory": "vde-2021-018",
"defect": [
"vde-2021-018"
],
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-20988",
"datePublished": "2021-05-13T13:45:24.410430Z",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-09-16T17:49:09.628Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12504 (GCVE-0-2020-12504)
Vulnerability from cvelistv5 – Published: 2020-10-15 18:42 – Updated: 2024-09-16 17:09
VLAI?
Summary
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below has an active TFTP-Service.
Severity ?
9.8 (Critical)
CWE
- CWE-912 - Hidden Functionality
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Pepperl+Fuchs | P+F Comtrol RocketLinx |
Affected:
ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510-XTE, ES9528/ES9528-XT all
Affected: ES7510-XT , < 2.1.1 (custom) Affected: ES8510 , < 3.1.1 (custom) |
|||||||||||||||||
|
|||||||||||||||||||
Credits
T. Weber (SEC Consult Vulnerability Lab)
Coordinated by CERT@VDE
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:56:52.052Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2020-040"
},
{
"name": "20210601 SEC Consult SA-20210601-0 :: Multiple critical vulnerabilities in Korenix Technology JetNet Series",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Jun/0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-053"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "P+F Comtrol RocketLinx",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"status": "affected",
"version": "ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510-XTE, ES9528/ES9528-XT all"
},
{
"lessThan": "2.1.1",
"status": "affected",
"version": "ES7510-XT",
"versionType": "custom"
},
{
"lessThan": "3.1.1",
"status": "affected",
"version": "ES8510",
"versionType": "custom"
}
]
},
{
"product": "P+F Comtrol RocketLinx",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "1.2.3",
"status": "affected",
"version": "ICRL-M-8RJ45/4SFP-G-DIN",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.2.3",
"status": "affected",
"version": "ICRL-M-16RJ45/4CP-G-DIN",
"versionType": "custom"
}
]
},
{
"product": "JetNet",
"vendor": "Korenix",
"versions": [
{
"lessThanOrEqual": "V1.0",
"status": "affected",
"version": "5428G-20SFP",
"versionType": "custom"
},
{
"lessThanOrEqual": "V1.1",
"status": "affected",
"version": "5810G",
"versionType": "custom"
},
{
"lessThanOrEqual": "V2.3b",
"status": "affected",
"version": "4706F",
"versionType": "custom"
},
{
"lessThanOrEqual": "V3.0b",
"status": "affected",
"version": "4510",
"versionType": "custom"
},
{
"lessThan": "V1.6",
"status": "affected",
"version": "5310",
"versionType": "custom"
}
]
},
{
"product": "PMI-110-F2G",
"vendor": "Westermo",
"versions": [
{
"lessThan": "V1.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "T. Weber (SEC Consult Vulnerability Lab)"
},
{
"lang": "en",
"value": "Coordinated by CERT@VDE"
}
],
"datePublic": "2020-10-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below has an active TFTP-Service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-912",
"description": "CWE-912 Hidden Functionality",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-04T19:06:15",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2020-040"
},
{
"name": "20210601 SEC Consult SA-20210601-0 :: Multiple critical vulnerabilities in Korenix Technology JetNet Series",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Jun/0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-053"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html"
}
],
"solutions": [
{
"lang": "en",
"value": "For ICRL-M-8RJ45/4SFP-G-DIN and ICRL-M-16RJ45/4CP-G-DIN:\nUpdate to Firmware 1.3.1 and deactivate TFTP-Service.\n\nFor all other devices:\nAn external protective measure is required.\n\n1) Traffic from untrusted networks to the device should be blocked by a firewall. Especially\ntraffic targeting the administration webpage.\n\n2) Administrator and user access should be protected by a secure password and only be\navailable to a very limited group of people."
}
],
"source": {
"advisory": "VDE-2020-040",
"discovery": "EXTERNAL"
},
"title": "Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2020-10-07T13:10:00.000Z",
"ID": "CVE-2020-12504",
"STATE": "PUBLIC",
"TITLE": "Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "P+F Comtrol RocketLinx",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510-XTE, ES9528/ES9528-XT",
"version_value": "all"
},
{
"version_affected": "\u003c",
"version_name": "ES7510-XT",
"version_value": "2.1.1"
},
{
"version_affected": "\u003c",
"version_name": "ES8510",
"version_value": "3.1.1"
}
]
}
},
{
"product_name": "P+F Comtrol RocketLinx",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "ICRL-M-8RJ45/4SFP-G-DIN",
"version_value": "1.2.3"
},
{
"version_affected": "\u003c=",
"version_name": "ICRL-M-16RJ45/4CP-G-DIN",
"version_value": "1.2.3"
}
]
}
}
]
},
"vendor_name": "Pepperl+Fuchs"
},
{
"product": {
"product_data": [
{
"product_name": "JetNet",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "5428G-20SFP",
"version_value": "V1.0"
},
{
"version_affected": "\u003c=",
"version_name": "5810G",
"version_value": "V1.1"
},
{
"version_affected": "\u003c=",
"version_name": "4706F",
"version_value": "V2.3b"
},
{
"version_affected": "\u003c=",
"version_name": "4510",
"version_value": "V3.0b"
},
{
"version_affected": "\u003c",
"version_name": "5310",
"version_value": "V1.6"
}
]
}
}
]
},
"vendor_name": "Korenix"
},
{
"product": {
"product_data": [
{
"product_name": "PMI-110-F2G",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "V1.8"
}
]
}
}
]
},
"vendor_name": "Westermo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "T. Weber (SEC Consult Vulnerability Lab)"
},
{
"lang": "eng",
"value": "Coordinated by CERT@VDE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below has an active TFTP-Service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-912 Hidden Functionality"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/de-de/advisories/vde-2020-040",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/de-de/advisories/vde-2020-040"
},
{
"name": "20210601 SEC Consult SA-20210601-0 :: Multiple critical vulnerabilities in Korenix Technology JetNet Series",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Jun/0"
},
{
"name": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html"
},
{
"name": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/",
"refsource": "CONFIRM",
"url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/"
},
{
"name": "https://cert.vde.com/en-us/advisories/vde-2020-053",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en-us/advisories/vde-2020-053"
},
{
"name": "http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "For ICRL-M-8RJ45/4SFP-G-DIN and ICRL-M-16RJ45/4CP-G-DIN:\nUpdate to Firmware 1.3.1 and deactivate TFTP-Service.\n\nFor all other devices:\nAn external protective measure is required.\n\n1) Traffic from untrusted networks to the device should be blocked by a firewall. Especially\ntraffic targeting the administration webpage.\n\n2) Administrator and user access should be protected by a secure password and only be\navailable to a very limited group of people."
}
],
"source": {
"advisory": "VDE-2020-040",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2020-12504",
"datePublished": "2020-10-15T18:42:59.041481Z",
"dateReserved": "2020-04-30T00:00:00",
"dateUpdated": "2024-09-16T17:09:09.147Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12503 (GCVE-0-2020-12503)
Vulnerability from cvelistv5 – Published: 2020-10-15 18:42 – Updated: 2024-09-17 04:24
VLAI?
Summary
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to multiple authenticated command injections.
Severity ?
7.2 (High)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Pepperl+Fuchs | P+F Comtrol RocketLinx |
Affected:
ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510-XTE, ES9528/ES9528-XT all
Affected: ES7510-XT , < 2.1.1 (custom) Affected: ES8510 , < 3.1.1 (custom) |
|||||||||||||||||
|
|||||||||||||||||||
Credits
T. Weber (SEC Consult Vulnerability Lab)
Coordinated by CERT@VDE
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:56:52.086Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2020-040"
},
{
"name": "20210601 SEC Consult SA-20210601-0 :: Multiple critical vulnerabilities in Korenix Technology JetNet Series",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Jun/0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-053"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "P+F Comtrol RocketLinx",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"status": "affected",
"version": "ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510-XTE, ES9528/ES9528-XT all"
},
{
"lessThan": "2.1.1",
"status": "affected",
"version": "ES7510-XT",
"versionType": "custom"
},
{
"lessThan": "3.1.1",
"status": "affected",
"version": "ES8510",
"versionType": "custom"
}
]
},
{
"product": "P+F Comtrol RocketLinx",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "1.2.3",
"status": "affected",
"version": "ICRL-M-8RJ45/4SFP-G-DIN",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.2.3",
"status": "affected",
"version": "ICRL-M-16RJ45/4CP-G-DIN",
"versionType": "custom"
}
]
},
{
"product": "JetNet",
"vendor": "Korenix",
"versions": [
{
"lessThanOrEqual": "V1.0",
"status": "affected",
"version": "5428G-20SFP",
"versionType": "custom"
},
{
"lessThanOrEqual": "V1.1",
"status": "affected",
"version": "5810G",
"versionType": "custom"
},
{
"lessThanOrEqual": "V2.3b",
"status": "affected",
"version": "4706F",
"versionType": "custom"
},
{
"lessThanOrEqual": "V3.0b",
"status": "affected",
"version": "4510",
"versionType": "custom"
},
{
"lessThan": "V1.6",
"status": "affected",
"version": "5310",
"versionType": "custom"
}
]
},
{
"product": "PMI-110-F2G",
"vendor": "Westermo",
"versions": [
{
"lessThan": "V1.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "T. Weber (SEC Consult Vulnerability Lab)"
},
{
"lang": "en",
"value": "Coordinated by CERT@VDE"
}
],
"datePublic": "2020-10-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to multiple authenticated command injections."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-04T19:06:09",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2020-040"
},
{
"name": "20210601 SEC Consult SA-20210601-0 :: Multiple critical vulnerabilities in Korenix Technology JetNet Series",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Jun/0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-053"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html"
}
],
"solutions": [
{
"lang": "en",
"value": "An external protective measure is required.\n\n1) Traffic from untrusted networks to the device should be blocked by a firewall. Especially\ntraffic targeting the administration webpage.\n\n2) Administrator and user access should be protected by a secure password and only be\navailable to a very limited group of people."
}
],
"source": {
"advisory": "VDE-2020-040",
"discovery": "EXTERNAL"
},
"title": "Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2020-10-07T13:10:00.000Z",
"ID": "CVE-2020-12503",
"STATE": "PUBLIC",
"TITLE": "Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "P+F Comtrol RocketLinx",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510-XTE, ES9528/ES9528-XT",
"version_value": "all"
},
{
"version_affected": "\u003c",
"version_name": "ES7510-XT",
"version_value": "2.1.1"
},
{
"version_affected": "\u003c",
"version_name": "ES8510",
"version_value": "3.1.1"
}
]
}
},
{
"product_name": "P+F Comtrol RocketLinx",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "ICRL-M-8RJ45/4SFP-G-DIN",
"version_value": "1.2.3"
},
{
"version_affected": "\u003c=",
"version_name": "ICRL-M-16RJ45/4CP-G-DIN",
"version_value": "1.2.3"
}
]
}
}
]
},
"vendor_name": "Pepperl+Fuchs"
},
{
"product": {
"product_data": [
{
"product_name": "JetNet",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "5428G-20SFP",
"version_value": "V1.0"
},
{
"version_affected": "\u003c=",
"version_name": "5810G",
"version_value": "V1.1"
},
{
"version_affected": "\u003c=",
"version_name": "4706F",
"version_value": "V2.3b"
},
{
"version_affected": "\u003c=",
"version_name": "4510",
"version_value": "V3.0b"
},
{
"version_affected": "\u003c",
"version_name": "5310",
"version_value": "V1.6"
}
]
}
}
]
},
"vendor_name": "Korenix"
},
{
"product": {
"product_data": [
{
"product_name": "PMI-110-F2G",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "V1.8"
}
]
}
}
]
},
"vendor_name": "Westermo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "T. Weber (SEC Consult Vulnerability Lab)"
},
{
"lang": "eng",
"value": "Coordinated by CERT@VDE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to multiple authenticated command injections."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/de-de/advisories/vde-2020-040",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/de-de/advisories/vde-2020-040"
},
{
"name": "20210601 SEC Consult SA-20210601-0 :: Multiple critical vulnerabilities in Korenix Technology JetNet Series",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Jun/0"
},
{
"name": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html"
},
{
"name": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/",
"refsource": "CONFIRM",
"url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/"
},
{
"name": "https://cert.vde.com/en-us/advisories/vde-2020-053",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en-us/advisories/vde-2020-053"
},
{
"name": "http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "An external protective measure is required.\n\n1) Traffic from untrusted networks to the device should be blocked by a firewall. Especially\ntraffic targeting the administration webpage.\n\n2) Administrator and user access should be protected by a secure password and only be\navailable to a very limited group of people."
}
],
"source": {
"advisory": "VDE-2020-040",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2020-12503",
"datePublished": "2020-10-15T18:42:58.016798Z",
"dateReserved": "2020-04-30T00:00:00",
"dateUpdated": "2024-09-17T04:24:41.310Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12502 (GCVE-0-2020-12502)
Vulnerability from cvelistv5 – Published: 2020-10-15 18:42 – Updated: 2024-09-16 18:43
VLAI?
Summary
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to unauthenticated device administration.
Severity ?
8.8 (High)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Pepperl+Fuchs | P+F Comtrol RocketLinx |
Affected:
ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510-XTE, ES9528/ES9528-XT all
Affected: ES7510-XT , < 2.1.1 (custom) Affected: ES8510 , < 3.1.1 (custom) |
|||||||||||||||||
|
|||||||||||||||||||
Credits
T. Weber (SEC Consult Vulnerability Lab)
Coordinated by CERT@VDE
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:56:52.083Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2020-040"
},
{
"name": "20210601 SEC Consult SA-20210601-0 :: Multiple critical vulnerabilities in Korenix Technology JetNet Series",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Jun/0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-053"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "P+F Comtrol RocketLinx",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"status": "affected",
"version": "ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510-XTE, ES9528/ES9528-XT all"
},
{
"lessThan": "2.1.1",
"status": "affected",
"version": "ES7510-XT",
"versionType": "custom"
},
{
"lessThan": "3.1.1",
"status": "affected",
"version": "ES8510",
"versionType": "custom"
}
]
},
{
"product": "P+F Comtrol RocketLinx",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"lessThanOrEqual": "1.2.3",
"status": "affected",
"version": "ICRL-M-8RJ45/4SFP-G-DIN",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.2.3",
"status": "affected",
"version": "ICRL-M-16RJ45/4CP-G-DIN",
"versionType": "custom"
}
]
},
{
"product": "JetNet",
"vendor": "Korenix",
"versions": [
{
"lessThanOrEqual": "V1.0",
"status": "affected",
"version": "5428G-20SFP",
"versionType": "custom"
},
{
"lessThanOrEqual": "V1.1",
"status": "affected",
"version": "5810G",
"versionType": "custom"
},
{
"lessThanOrEqual": "V2.3b",
"status": "affected",
"version": "4706F",
"versionType": "custom"
},
{
"lessThanOrEqual": "V3.0b",
"status": "affected",
"version": "4510",
"versionType": "custom"
},
{
"lessThan": "V1.6",
"status": "affected",
"version": "5310",
"versionType": "custom"
}
]
},
{
"product": "PMI-110-F2G",
"vendor": "Westermo",
"versions": [
{
"lessThan": "V1.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "T. Weber (SEC Consult Vulnerability Lab)"
},
{
"lang": "en",
"value": "Coordinated by CERT@VDE"
}
],
"datePublic": "2020-10-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to unauthenticated device administration."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-04T19:06:11",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2020-040"
},
{
"name": "20210601 SEC Consult SA-20210601-0 :: Multiple critical vulnerabilities in Korenix Technology JetNet Series",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Jun/0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-053"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html"
}
],
"solutions": [
{
"lang": "en",
"value": "An external protective measure is required.\n\n1) Traffic from untrusted networks to the device should be blocked by a firewall. Especially\ntraffic targeting the administration webpage.\n\n2) Administrator and user access should be protected by a secure password and only be\navailable to a very limited group of people."
}
],
"source": {
"advisory": "VDE-2020-040",
"discovery": "EXTERNAL"
},
"title": "Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2020-10-07T13:10:00.000Z",
"ID": "CVE-2020-12502",
"STATE": "PUBLIC",
"TITLE": "Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "P+F Comtrol RocketLinx",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510-XTE, ES9528/ES9528-XT",
"version_value": "all"
},
{
"version_affected": "\u003c",
"version_name": "ES7510-XT",
"version_value": "2.1.1"
},
{
"version_affected": "\u003c",
"version_name": "ES8510",
"version_value": "3.1.1"
}
]
}
},
{
"product_name": "P+F Comtrol RocketLinx",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "ICRL-M-8RJ45/4SFP-G-DIN",
"version_value": "1.2.3"
},
{
"version_affected": "\u003c=",
"version_name": "ICRL-M-16RJ45/4CP-G-DIN",
"version_value": "1.2.3"
}
]
}
}
]
},
"vendor_name": "Pepperl+Fuchs"
},
{
"product": {
"product_data": [
{
"product_name": "JetNet",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "5428G-20SFP",
"version_value": "V1.0"
},
{
"version_affected": "\u003c=",
"version_name": "5810G",
"version_value": "V1.1"
},
{
"version_affected": "\u003c=",
"version_name": "4706F",
"version_value": "V2.3b"
},
{
"version_affected": "\u003c=",
"version_name": "4510",
"version_value": "V3.0b"
},
{
"version_affected": "\u003c",
"version_name": "5310",
"version_value": "V1.6"
}
]
}
}
]
},
"vendor_name": "Korenix"
},
{
"product": {
"product_data": [
{
"product_name": "PMI-110-F2G",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "V1.8"
}
]
}
}
]
},
"vendor_name": "Westermo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "T. Weber (SEC Consult Vulnerability Lab)"
},
{
"lang": "eng",
"value": "Coordinated by CERT@VDE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to unauthenticated device administration."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/de-de/advisories/vde-2020-040",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/de-de/advisories/vde-2020-040"
},
{
"name": "20210601 SEC Consult SA-20210601-0 :: Multiple critical vulnerabilities in Korenix Technology JetNet Series",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Jun/0"
},
{
"name": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html"
},
{
"name": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/",
"refsource": "CONFIRM",
"url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/"
},
{
"name": "https://cert.vde.com/en-us/advisories/vde-2020-053",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en-us/advisories/vde-2020-053"
},
{
"name": "http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "An external protective measure is required.\n\n1) Traffic from untrusted networks to the device should be blocked by a firewall. Especially\ntraffic targeting the administration webpage.\n\n2) Administrator and user access should be protected by a secure password and only be\navailable to a very limited group of people."
}
],
"source": {
"advisory": "VDE-2020-040",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2020-12502",
"datePublished": "2020-10-15T18:42:57.229561Z",
"dateReserved": "2020-04-30T00:00:00",
"dateUpdated": "2024-09-16T18:43:33.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12501 (GCVE-0-2020-12501)
Vulnerability from cvelistv5 – Published: 2020-10-15 18:42 – Updated: 2024-09-16 19:20
VLAI?
Summary
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) use undocumented accounts.
Severity ?
9.8 (Critical)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Pepperl+Fuchs | P+F Comtrol RocketLinx |
Affected:
ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510-XTE, ES9528/ES9528-XT all
Affected: ES7510-XT , < 2.1.1 (custom) Affected: ES8510 , < 3.1.1 (custom) |
||||||||||||
|
||||||||||||||
Credits
T. Weber (SEC Consult Vulnerability Lab)
Coordinated by CERT@VDE
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:56:52.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2020-040"
},
{
"name": "20210601 SEC Consult SA-20210601-0 :: Multiple critical vulnerabilities in Korenix Technology JetNet Series",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Jun/0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html"
},
{
"name": "20220603 SEC Consult SA-20220531-0 :: Backdoor account in Korenix JetPort 5601V3",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Jun/3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/167409/Korenix-JetPort-5601V3-Backdoor-Account.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "P+F Comtrol RocketLinx",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"status": "affected",
"version": "ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510-XTE, ES9528/ES9528-XT all"
},
{
"lessThan": "2.1.1",
"status": "affected",
"version": "ES7510-XT",
"versionType": "custom"
},
{
"lessThan": "3.1.1",
"status": "affected",
"version": "ES8510",
"versionType": "custom"
}
]
},
{
"product": "JetNet",
"vendor": "Korenix",
"versions": [
{
"lessThanOrEqual": "V1.0",
"status": "affected",
"version": "5428G-20SFP",
"versionType": "custom"
},
{
"lessThanOrEqual": "V1.1",
"status": "affected",
"version": "5810G",
"versionType": "custom"
},
{
"lessThanOrEqual": "V2.3b",
"status": "affected",
"version": "4706F",
"versionType": "custom"
},
{
"lessThanOrEqual": "V3.0b",
"status": "affected",
"version": "4510",
"versionType": "custom"
},
{
"lessThan": "V1.6",
"status": "affected",
"version": "5310",
"versionType": "custom"
}
]
},
{
"product": "PMI-110-F2G",
"vendor": "Westermo",
"versions": [
{
"lessThan": "V1.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "T. Weber (SEC Consult Vulnerability Lab)"
},
{
"lang": "en",
"value": "Coordinated by CERT@VDE"
}
],
"datePublic": "2020-10-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) use undocumented accounts."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-06T16:06:23",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2020-040"
},
{
"name": "20210601 SEC Consult SA-20210601-0 :: Multiple critical vulnerabilities in Korenix Technology JetNet Series",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Jun/0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html"
},
{
"name": "20220603 SEC Consult SA-20220531-0 :: Backdoor account in Korenix JetPort 5601V3",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2022/Jun/3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/167409/Korenix-JetPort-5601V3-Backdoor-Account.html"
}
],
"solutions": [
{
"lang": "en",
"value": "An external protective measure is required.\n\n1) Traffic from untrusted networks to the device should be blocked by a firewall. Especially\ntraffic targeting the administration webpage.\n\n2) Administrator and user access should be protected by a secure password and only be\navailable to a very limited group of people."
}
],
"source": {
"advisory": "VDE-2020-040",
"discovery": "EXTERNAL"
},
"title": "Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2020-10-07T13:10:00.000Z",
"ID": "CVE-2020-12501",
"STATE": "PUBLIC",
"TITLE": "Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "P+F Comtrol RocketLinx",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510-XTE, ES9528/ES9528-XT",
"version_value": "all"
},
{
"version_affected": "\u003c",
"version_name": "ES7510-XT",
"version_value": "2.1.1"
},
{
"version_affected": "\u003c",
"version_name": "ES8510",
"version_value": "3.1.1"
}
]
}
}
]
},
"vendor_name": "Pepperl+Fuchs"
},
{
"product": {
"product_data": [
{
"product_name": "JetNet",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "5428G-20SFP",
"version_value": "V1.0"
},
{
"version_affected": "\u003c=",
"version_name": "5810G",
"version_value": "V1.1"
},
{
"version_affected": "\u003c=",
"version_name": "4706F",
"version_value": "V2.3b"
},
{
"version_affected": "\u003c=",
"version_name": "4510",
"version_value": "V3.0b"
},
{
"version_affected": "\u003c",
"version_name": "5310",
"version_value": "V1.6"
}
]
}
}
]
},
"vendor_name": "Korenix"
},
{
"product": {
"product_data": [
{
"product_name": "PMI-110-F2G",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "V1.8"
}
]
}
}
]
},
"vendor_name": "Westermo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "T. Weber (SEC Consult Vulnerability Lab)"
},
{
"lang": "eng",
"value": "Coordinated by CERT@VDE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) use undocumented accounts."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798 Use of Hard-coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/de-de/advisories/vde-2020-040",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/de-de/advisories/vde-2020-040"
},
{
"name": "20210601 SEC Consult SA-20210601-0 :: Multiple critical vulnerabilities in Korenix Technology JetNet Series",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Jun/0"
},
{
"name": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html"
},
{
"name": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/",
"refsource": "CONFIRM",
"url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/"
},
{
"name": "http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html"
},
{
"name": "20220603 SEC Consult SA-20220531-0 :: Backdoor account in Korenix JetPort 5601V3",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2022/Jun/3"
},
{
"name": "http://packetstormsecurity.com/files/167409/Korenix-JetPort-5601V3-Backdoor-Account.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/167409/Korenix-JetPort-5601V3-Backdoor-Account.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "An external protective measure is required.\n\n1) Traffic from untrusted networks to the device should be blocked by a firewall. Especially\ntraffic targeting the administration webpage.\n\n2) Administrator and user access should be protected by a secure password and only be\navailable to a very limited group of people."
}
],
"source": {
"advisory": "VDE-2020-040",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2020-12501",
"datePublished": "2020-10-15T18:42:56.306067Z",
"dateReserved": "2020-04-30T00:00:00",
"dateUpdated": "2024-09-16T19:20:40.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12500 (GCVE-0-2020-12500)
Vulnerability from cvelistv5 – Published: 2020-10-15 18:42 – Updated: 2024-09-17 01:10
VLAI?
Summary
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) allows unauthenticated device administration.
Severity ?
9.8 (Critical)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Pepperl+Fuchs | P+F Comtrol RocketLinx |
Affected:
ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510-XTE, ES9528/ES9528-XT all
Affected: ES7510-XT , < 2.1.1 (custom) Affected: ES8510 , < 3.1.1 (custom) |
||||||||||||
|
||||||||||||||
Credits
T. Weber (SEC Consult Vulnerability Lab)
Coordinated by CERT@VDE
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:56:52.048Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2020-040"
},
{
"name": "20210601 SEC Consult SA-20210601-0 :: Multiple critical vulnerabilities in Korenix Technology JetNet Series",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Jun/0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "P+F Comtrol RocketLinx",
"vendor": "Pepperl+Fuchs",
"versions": [
{
"status": "affected",
"version": "ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510-XTE, ES9528/ES9528-XT all"
},
{
"lessThan": "2.1.1",
"status": "affected",
"version": "ES7510-XT",
"versionType": "custom"
},
{
"lessThan": "3.1.1",
"status": "affected",
"version": "ES8510",
"versionType": "custom"
}
]
},
{
"product": "JetNet",
"vendor": "Korenix",
"versions": [
{
"lessThanOrEqual": "V1.0",
"status": "affected",
"version": "5428G-20SFP",
"versionType": "custom"
},
{
"lessThanOrEqual": "V1.1",
"status": "affected",
"version": "5810G",
"versionType": "custom"
},
{
"lessThanOrEqual": "V2.3b",
"status": "affected",
"version": "4706F",
"versionType": "custom"
},
{
"lessThanOrEqual": "V3.0b",
"status": "affected",
"version": "4510",
"versionType": "custom"
},
{
"lessThan": "V1.6",
"status": "affected",
"version": "5310",
"versionType": "custom"
}
]
},
{
"product": "PMI-110-F2G",
"vendor": "Westermo",
"versions": [
{
"lessThan": "V1.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "T. Weber (SEC Consult Vulnerability Lab)"
},
{
"lang": "en",
"value": "Coordinated by CERT@VDE"
}
],
"datePublic": "2020-10-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) allows unauthenticated device administration."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-04T19:06:13",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2020-040"
},
{
"name": "20210601 SEC Consult SA-20210601-0 :: Multiple critical vulnerabilities in Korenix Technology JetNet Series",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Jun/0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html"
}
],
"solutions": [
{
"lang": "en",
"value": "An external protective measure is required.\n\n1) Traffic from untrusted networks to the device should be blocked by a firewall. Especially\ntraffic targeting the administration webpage.\n\n2) Administrator and user access should be protected by a secure password and only be\navailable to a very limited group of people."
}
],
"source": {
"advisory": "VDE-2020-040",
"discovery": "EXTERNAL"
},
"title": "Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2020-10-07T13:10:00.000Z",
"ID": "CVE-2020-12500",
"STATE": "PUBLIC",
"TITLE": "Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "P+F Comtrol RocketLinx",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510-XTE, ES9528/ES9528-XT",
"version_value": "all"
},
{
"version_affected": "\u003c",
"version_name": "ES7510-XT",
"version_value": "2.1.1"
},
{
"version_affected": "\u003c",
"version_name": "ES8510",
"version_value": "3.1.1"
}
]
}
}
]
},
"vendor_name": "Pepperl+Fuchs"
},
{
"product": {
"product_data": [
{
"product_name": "JetNet",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "5428G-20SFP",
"version_value": "V1.0"
},
{
"version_affected": "\u003c=",
"version_name": "5810G",
"version_value": "V1.1"
},
{
"version_affected": "\u003c=",
"version_name": "4706F",
"version_value": "V2.3b"
},
{
"version_affected": "\u003c=",
"version_name": "4510",
"version_value": "V3.0b"
},
{
"version_affected": "\u003c",
"version_name": "5310",
"version_value": "V1.6"
}
]
}
}
]
},
"vendor_name": "Korenix"
},
{
"product": {
"product_data": [
{
"product_name": "PMI-110-F2G",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "V1.8"
}
]
}
}
]
},
"vendor_name": "Westermo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "T. Weber (SEC Consult Vulnerability Lab)"
},
{
"lang": "eng",
"value": "Coordinated by CERT@VDE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) allows unauthenticated device administration."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306 Missing Authentication for Critical Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/de-de/advisories/vde-2020-040",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/de-de/advisories/vde-2020-040"
},
{
"name": "20210601 SEC Consult SA-20210601-0 :: Multiple critical vulnerabilities in Korenix Technology JetNet Series",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Jun/0"
},
{
"name": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html"
},
{
"name": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/",
"refsource": "CONFIRM",
"url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/"
},
{
"name": "http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "An external protective measure is required.\n\n1) Traffic from untrusted networks to the device should be blocked by a firewall. Especially\ntraffic targeting the administration webpage.\n\n2) Administrator and user access should be protected by a secure password and only be\navailable to a very limited group of people."
}
],
"source": {
"advisory": "VDE-2020-040",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2020-12500",
"datePublished": "2020-10-15T18:42:54.978315Z",
"dateReserved": "2020-04-30T00:00:00",
"dateUpdated": "2024-09-17T01:10:49.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}