CVE-2020-12502

Public Exploit
Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products

Description

Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to unauthenticated device administration.

Remediation

Solution:

  • An external protective measure is required. 1) Traffic from untrusted networks to the device should be blocked by a firewall. Especially traffic targeting the administration webpage. 2) Administrator and user access should be protected by a secure password and only be available to a very limited group of people.

Category

8.8
CVSS
Severity: High
CVSS 3.1 •
CVSS 2.0 •
EPSS 0.67% Top 30%
Third-Party Advisory packetstormsecurity.com Third-Party Advisory packetstormsecurity.com Third-Party Advisory seclists.org Third-Party Advisory vde.com Third-Party Advisory vde.com Third-Party Advisory sec-consult.com
Affected: Pepperl+Fuchs P+F Comtrol RocketLinx
Affected: Pepperl+Fuchs P+F Comtrol RocketLinx
Affected: Korenix JetNet
Affected: Westermo PMI-110-F2G
Published at:
Updated at:

References

Link Tags
https://cert.vde.com/de-de/advisories/vde-2020-040 third party advisory
http://seclists.org/fulldisclosure/2021/Jun/0 third party advisory mailing list
http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html third party advisory vdb entry exploit
https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/ third party advisory exploit
https://cert.vde.com/en-us/advisories/vde-2020-053 third party advisory
http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html third party advisory vdb entry exploit

Frequently Asked Questions

What is the severity of CVE-2020-12502?
CVE-2020-12502 has been scored as a high severity vulnerability.
How to fix CVE-2020-12502?
To fix CVE-2020-12502: An external protective measure is required. 1) Traffic from untrusted networks to the device should be blocked by a firewall. Especially traffic targeting the administration webpage. 2) Administrator and user access should be protected by a secure password and only be available to a very limited group of people.
Is CVE-2020-12502 being actively exploited in the wild?
It is possible that CVE-2020-12502 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~1% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2020-12502?
CVE-2020-12502 affects Pepperl+Fuchs P+F Comtrol RocketLinx, Pepperl+Fuchs P+F Comtrol RocketLinx, Korenix JetNet, Westermo PMI-110-F2G.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.