CVE-2020-12504 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CERTVDE	CNA	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 79%

Vendor	Product	Version
pepperl-fuchs	es7510-xt_firmware	𝑥 < 2.1.1
pepperl-fuchs	es8509-xt_firmware	*
pepperl-fuchs	es8510-xt_firmware	*
pepperl-fuchs	es9528-xtv2_firmware	*
pepperl-fuchs	es7506_firmware	*
pepperl-fuchs	es7510_firmware	*
pepperl-fuchs	es7528_firmware	*
pepperl-fuchs	es8508_firmware	*
pepperl-fuchs	es8508f_firmware	*
pepperl-fuchs	es8510_firmware	𝑥 < 3.1.1
pepperl-fuchs	es8510-xte_firmware	*
pepperl-fuchs	es9528_firmware	*
pepperl-fuchs	es9528-xt_firmware	*
pepperl-fuchs	icrl-m-8rj45\/4sfp-g-din_firmware	𝑥 ≤ 1.2.3
pepperl-fuchs	icrl-m-16rj45\/4cp-g-din_firmware	𝑥 ≤ 1.2.3
korenix	jetwave_2212s_firmware	1.5
korenix	jetwave_2212g_firmware	1.4
korenix	jetwave_2311_firmware	1.2
korenix	jetwave_3220_firmware	1.2
korenix	jetwave_3420_firmware	1.1.3t:t
korenix	jetwave_2212x_firmware	1.5
korenix	jetwave_5428g-20sfp_firmware	1.0
korenix	jetwave_5810g_firmware	1.1
korenix	jetwave_5310_firmware	1.5
korenix	jetwave_5010_firmware	3.1a:a
korenix	jetwave_4706f_firmware	2.3b:b
korenix	jetwave_4706_firmware	2.3b:b
korenix	jetwave_4510_firmware	3.0b:b
westermo	pmi-110-f2g_firmware	1.5

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-912 - Hidden Functionality
The software contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the software's users or administrators.

References

http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html

http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html

http://seclists.org/fulldisclosure/2021/Jun/0

https://cert.vde.com/de-de/advisories/vde-2020-040

https://cert.vde.com/en-us/advisories/vde-2020-053

https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/

http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html

http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html

http://seclists.org/fulldisclosure/2021/Jun/0

https://cert.vde.com/de-de/advisories/vde-2020-040

https://cert.vde.com/en-us/advisories/vde-2020-053

https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/