VDE-2020-053
Vulnerability from csaf_pepperlfuchsse - Published: 2021-03-08 13:44 - Updated: 2025-05-22 13:03Summary
Pepperl+Fuchs: Comtrol RocketLinx ICRL-M - Multiple Vulnerabilities
Notes
Summary: Several critical vulnerabilities within firmware.
Impact: Pepperl+Fuchs analyzed and identified affected devices.
Remote attackers may exploit multiple vulnerabilities to get access to the device and execute any program and tap information.
Remediations: For vulnerability CVE-2020-12502 'Cross-Site Request Forgery (CSRF)', CVE-2020- 12503 'Multiple Authenticated Command Injections' and CVE-2020-12504 'Active TFTP- Service'
1. Update following products to the respective Firmware Version:
| Product ID | Firmware Version |
|------------------------------|-------------------|
| ICRL-M-8RJ45/4SFP-G-DIN | 1.4.0 |
| ICRL-M-16RJ45/4CP-G-DIN | 1.4.0 |
2. Deactivate TFTP-Service
Active TFTP-Service
9.8 (Critical)
Vendor Fix
For vulnerability CVE-2020-12502 'Cross-Site Request Forgery (CSRF)', CVE-2020- 12503 'Multiple Authenticated Command Injections' and CVE-2020-12504 'Active TFTP- Service'
1. Update following products to the respective Firmware Version:
| Product ID | Firmware Version |
|------------------------------|-------------------|
| ICRL-M-8RJ45/4SFP-G-DIN | 1.4.0 |
| ICRL-M-16RJ45/4CP-G-DIN | 1.4.0 |
2. Deactivate TFTP-Service
Unauthenticated Device Administration
8.8 (High)
Vendor Fix
For vulnerability CVE-2020-12502 'Cross-Site Request Forgery (CSRF)', CVE-2020- 12503 'Multiple Authenticated Command Injections' and CVE-2020-12504 'Active TFTP- Service'
1. Update following products to the respective Firmware Version:
| Product ID | Firmware Version |
|------------------------------|-------------------|
| ICRL-M-8RJ45/4SFP-G-DIN | 1.4.0 |
| ICRL-M-16RJ45/4CP-G-DIN | 1.4.0 |
2. Deactivate TFTP-Service
Multiple Authenticated Command Injections
7.2 (High)
Vendor Fix
For vulnerability CVE-2020-12502 'Cross-Site Request Forgery (CSRF)', CVE-2020- 12503 'Multiple Authenticated Command Injections' and CVE-2020-12504 'Active TFTP- Service'
1. Update following products to the respective Firmware Version:
| Product ID | Firmware Version |
|------------------------------|-------------------|
| ICRL-M-8RJ45/4SFP-G-DIN | 1.4.0 |
| ICRL-M-16RJ45/4CP-G-DIN | 1.4.0 |
2. Deactivate TFTP-Service
References
Acknowledgments
CERT@VDE
certvde.com
SEC Consult Vulnerability Lab
T. Weber
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "the coordination and support with this publication.",
"urls": [
"https://certvde.com"
]
},
{
"names": [
"T. Weber"
],
"organization": "SEC Consult Vulnerability Lab",
"summary": "reported."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "Several critical vulnerabilities within firmware.",
"title": "Summary"
},
{
"category": "description",
"text": "Pepperl+Fuchs analyzed and identified affected devices.\nRemote attackers may exploit multiple vulnerabilities to get access to the device and execute any program and tap information.",
"title": "Impact"
},
{
"category": "description",
"text": "For vulnerability CVE-2020-12502 \u0027Cross-Site Request Forgery (CSRF)\u0027, CVE-2020- 12503 \u0027Multiple Authenticated Command Injections\u0027 and CVE-2020-12504 \u0027Active TFTP- Service\u0027\n\n1. Update following products to the respective Firmware Version:\n\n| Product ID | Firmware Version |\n|------------------------------|-------------------|\n| ICRL-M-8RJ45/4SFP-G-DIN | 1.4.0 |\n| ICRL-M-16RJ45/4CP-G-DIN | 1.4.0 |\n\n2. Deactivate TFTP-Service",
"title": "Remediations"
}
],
"publisher": {
"category": "vendor",
"contact_details": "cert@pepperl-fuchs.com",
"name": "Pepperl+Fuchs SE",
"namespace": "https://www.pepperl-fuchs.com"
},
"references": [
{
"category": "self",
"summary": "VDE-2020-053: Pepperl+Fuchs: Comtrol RocketLinx ICRL-M - Multiple Vulnerabilities - HTML",
"url": "https://certvde.com/en/advisories/VDE-2020-053/"
},
{
"category": "self",
"summary": "VDE-2020-053: Pepperl+Fuchs: Comtrol RocketLinx ICRL-M - Multiple Vulnerabilities - CSAF",
"url": "https://pepperl-fuchs.csaf-tp.certvde.com/.well-known/csaf/white/2021/vde-2020-053.json"
},
{
"category": "external",
"summary": "Pepperl+Fuchs advisory overview at CERT@VDE",
"url": "https://certvde.com/en/advisories/vendor/pepperl+fuchs/"
}
],
"source_lang": "en",
"title": "Pepperl+Fuchs: Comtrol RocketLinx ICRL-M - Multiple Vulnerabilities",
"tracking": {
"aliases": [
"VDE-2020-053"
],
"current_release_date": "2025-05-22T13:03:10.000Z",
"generator": {
"date": "2024-11-25T12:07:37.751Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.15"
}
},
"id": "VDE-2020-053",
"initial_release_date": "2021-03-08T13:44:00.000Z",
"revision_history": [
{
"date": "2021-03-08T13:44:00.000Z",
"number": "1",
"summary": "initial revision"
},
{
"date": "2025-02-12T16:48:47.000Z",
"number": "2",
"summary": "Fix: corrected self-reference, fixed version"
},
{
"date": "2025-05-22T13:03:10.000Z",
"number": "3",
"summary": "Fix: reference category, added distribution, quotation mark"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_family",
"name": "ICRL-M-16RJ45/4CP-G-DIN",
"product": {
"name": "Hardware ICRL-M-16RJ45/4CP-G-DIN",
"product_id": "CSAFPID-11001"
}
},
{
"category": "product_name",
"name": "ICRL-M-8RJ45/4SFP-G-DIN",
"product": {
"name": "Hardware ICRL-M-8RJ45/4SFP-G-DIN",
"product_id": "CSAFPID-11002"
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.3.1",
"product": {
"name": "Firmware \u003c=1.3.1",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version",
"name": "1.4.0",
"product": {
"name": "Firmware 1.4.0",
"product_id": "CSAFPID-22001"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "Pepperl+Fuchs SE"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002"
],
"summary": "Affected products."
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-32001",
"CSAFPID-32002"
],
"summary": "Fixed products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.3.1 installed on Hardware ICRL-M-16RJ45/4CP-G-DIN",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=1.3.1 installed on Hardware ICRL-M-8RJ45/4SFP-G-DIN",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.4.0 installed on Hardware ICRL-M-16RJ45/4CP-G-DIN",
"product_id": "CSAFPID-32001"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.4.0 installed on Hardware ICRL-M-8RJ45/4SFP-G-DIN",
"product_id": "CSAFPID-32002"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11002"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-12504",
"cwe": {
"id": "CWE-912",
"name": "Hidden Functionality"
},
"notes": [
{
"category": "description",
"text": "Active TFTP-Service",
"title": "Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "For vulnerability CVE-2020-12502 \u0027Cross-Site Request Forgery (CSRF)\u0027, CVE-2020- 12503 \u0027Multiple Authenticated Command Injections\u0027 and CVE-2020-12504 \u0027Active TFTP- Service\u0027\n\n1. Update following products to the respective Firmware Version:\n\n| Product ID | Firmware Version |\n|------------------------------|-------------------|\n| ICRL-M-8RJ45/4SFP-G-DIN | 1.4.0 |\n| ICRL-M-16RJ45/4CP-G-DIN | 1.4.0 |\n\n2. Deactivate TFTP-Service",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002"
]
}
],
"title": "CVE-2020-12504"
},
{
"cve": "CVE-2020-12502",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"notes": [
{
"category": "description",
"text": "Unauthenticated Device Administration",
"title": "Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "For vulnerability CVE-2020-12502 \u0027Cross-Site Request Forgery (CSRF)\u0027, CVE-2020- 12503 \u0027Multiple Authenticated Command Injections\u0027 and CVE-2020-12504 \u0027Active TFTP- Service\u0027\n\n1. Update following products to the respective Firmware Version:\n\n| Product ID | Firmware Version |\n|------------------------------|-------------------|\n| ICRL-M-8RJ45/4SFP-G-DIN | 1.4.0 |\n| ICRL-M-16RJ45/4CP-G-DIN | 1.4.0 |\n\n2. Deactivate TFTP-Service",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002"
]
}
],
"title": "CVE-2020-12502"
},
{
"cve": "CVE-2020-12503",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "description",
"text": "Multiple Authenticated Command Injections",
"title": "Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "For vulnerability CVE-2020-12502 \u0027Cross-Site Request Forgery (CSRF)\u0027, CVE-2020- 12503 \u0027Multiple Authenticated Command Injections\u0027 and CVE-2020-12504 \u0027Active TFTP- Service\u0027\n\n1. Update following products to the respective Firmware Version:\n\n| Product ID | Firmware Version |\n|------------------------------|-------------------|\n| ICRL-M-8RJ45/4SFP-G-DIN | 1.4.0 |\n| ICRL-M-16RJ45/4CP-G-DIN | 1.4.0 |\n\n2. Deactivate TFTP-Service",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.2,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"temporalScore": 7.2,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002"
]
}
],
"title": "CVE-2020-12503"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…