Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-12511 (GCVE-0-2020-12511)
Vulnerability from cvelistv5 – Published: 2021-01-22 19:01 – Updated: 2024-09-17 01:12
VLAI
EPSS
Title
Pepper+Fuchs Comtrol IO-Link Master Cross-Site Request Forgery
Summary
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web interface.
Severity
8.8 (High)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cert.vde.com/en-us/advisories/vde-2020-038 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Pepper+Fuchs | Comtrol IO-Link Master |
Affected:
unspecified , ≤ 1.5.48
(custom)
|
Date Public
2021-01-04 00:00
Credits
T.Weber (SEC Consult Vulnerability Lab) reported this vulnerability. Coordinated by CERT@VDE.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:56:52.053Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-038"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Comtrol IO-Link Master",
"vendor": "Pepper+Fuchs",
"versions": [
{
"lessThanOrEqual": "1.5.48",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "T.Weber (SEC Consult Vulnerability Lab) reported this vulnerability. Coordinated by CERT@VDE."
}
],
"datePublic": "2021-01-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web interface."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-22T19:01:56.000Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-038"
}
],
"solutions": [
{
"lang": "en",
"value": "In order to prevent the exploitation of the reported vulnerabilities, we recommend that the\naffected units be updated with the following three firmware packages:\n\nU-Boot bootloader version 1.36 or newer\nSystem image version 1.52 or newer\nApplication base version 1.6.11 or newer"
}
],
"source": {
"advisory": "VDE-2020-038",
"defect": [
"VDE-2020-038"
],
"discovery": "EXTERNAL"
},
"title": "Pepper+Fuchs Comtrol IO-Link Master Cross-Site Request Forgery",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-01-04T11:00:00.000Z",
"ID": "CVE-2020-12511",
"STATE": "PUBLIC",
"TITLE": "Pepper+Fuchs Comtrol IO-Link Master Cross-Site Request Forgery"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Comtrol IO-Link Master",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.5.48"
}
]
}
}
]
},
"vendor_name": "Pepper+Fuchs"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "T.Weber (SEC Consult Vulnerability Lab) reported this vulnerability. Coordinated by CERT@VDE."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web interface."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en-us/advisories/vde-2020-038",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en-us/advisories/vde-2020-038"
}
]
},
"solution": [
{
"lang": "en",
"value": "In order to prevent the exploitation of the reported vulnerabilities, we recommend that the\naffected units be updated with the following three firmware packages:\n\nU-Boot bootloader version 1.36 or newer\nSystem image version 1.52 or newer\nApplication base version 1.6.11 or newer"
}
],
"source": {
"advisory": "VDE-2020-038",
"defect": [
"VDE-2020-038"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2020-12511",
"datePublished": "2021-01-22T19:01:56.348Z",
"dateReserved": "2020-04-30T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:12:08.951Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2020-12511",
"date": "2026-05-26",
"epss": "0.00141",
"percentile": "0.33755"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2020-12511\",\"sourceIdentifier\":\"info@cert.vde.com\",\"published\":\"2021-01-22T19:15:11.880\",\"lastModified\":\"2024-11-21T04:59:50.303\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web interface.\"},{\"lang\":\"es\",\"value\":\"Pepperl + Fuchs Comtrol IO-Link Master en la versi\u00f3n 1.5.48 y anteriores, es propenso a una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en la interfaz web\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-352\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-352\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:pepperl-fuchs:io-link_master_4-eip_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.5.48\",\"matchCriteriaId\":\"46C076A1-697F-4EBA-A6EF-C6ABC398B928\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:pepperl-fuchs:io-link_master_4-eip:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BBEBC489-E022-4DFC-9CEB-56CFE6390EFE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:pepperl-fuchs:io-link_master_8-eip_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.5.48\",\"matchCriteriaId\":\"368DCF20-3BD5-4708-9E5A-CC11EA0E6874\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:pepperl-fuchs:io-link_master_8-eip:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83573CB5-AEFE-496F-B5AC-218CDE60DC74\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:pepperl-fuchs:io-link_master_8-eip-l_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.5.48\",\"matchCriteriaId\":\"810C9D2D-23CD-4DB0-B1D0-6ED2DB5CCDCF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:pepperl-fuchs:io-link_master_8-eip-l:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E00DEDAE-F737-4E8B-8D75-5B00DC357DEB\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:pepperl-fuchs:io-link_master_dr-8-eip_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.5.48\",\"matchCriteriaId\":\"B2D4FF46-5477-41A9-A4BA-EC41FBB5F698\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:pepperl-fuchs:io-link_master_dr-8-eip:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA2F24AD-E230-47C9-A6C1-241649CC7C6A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:pepperl-fuchs:io-link_master_dr-8-eip-p_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.5.48\",\"matchCriteriaId\":\"BFBFCBE1-9F96-4EE7-B770-57F155725D46\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:pepperl-fuchs:io-link_master_dr-8-eip-p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E0C433E-211D-4618-A891-126067DBF78F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:pepperl-fuchs:io-link_master_dr-8-eip-t_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.5.48\",\"matchCriteriaId\":\"B14A1EE1-3125-47F0-854D-C7EE3015FB6A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:pepperl-fuchs:io-link_master_dr-8-eip-t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70A4F878-EB5A-4733-8882-93707F58C2C5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:pepperl-fuchs:io-link_master_4-pnio_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.5.48\",\"matchCriteriaId\":\"96C26EBC-226F-44F5-AA42-2351097F9EAE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:pepperl-fuchs:io-link_master_4-pnio:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E69B5DC-3B1C-4FDB-88B2-A8D9AB75C43E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:pepperl-fuchs:io-link_master_8-pnio_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.5.48\",\"matchCriteriaId\":\"99072498-E57B-44D6-9AE6-9BB07E235C04\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:pepperl-fuchs:io-link_master_8-pnio:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC03E5F9-08B6-4AE8-8B12-843E4A22FC67\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:pepperl-fuchs:io-link_master_8-pnio-l_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.5.48\",\"matchCriteriaId\":\"DD43FFB6-65FF-46AE-AFB4-96F3D52BD301\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:pepperl-fuchs:io-link_master_8-pnio-l:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD25566D-513D-4BA3-8035-CC724E523898\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:pepperl-fuchs:io-link_master_dr-8-pnio_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.5.48\",\"matchCriteriaId\":\"1FFC2CB0-17D0-499D-9878-CA385B59DE64\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:pepperl-fuchs:io-link_master_dr-8-pnio:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D97A0A5-3BA7-4D22-83EB-D3C856D641E6\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:pepperl-fuchs:io-link_master_dr-8-pnio-p_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.5.48\",\"matchCriteriaId\":\"ACE56879-B450-4683-9DEA-053260F1D47E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:pepperl-fuchs:io-link_master_dr-8-pnio-p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3F02A39-35DC-4D14-91A0-46C9448FA562\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:pepperl-fuchs:io-link_master_dr-8-pnio-t_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.5.48\",\"matchCriteriaId\":\"EBF13F83-C75D-45A2-97A6-B1B6595863B6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:pepperl-fuchs:io-link_master_dr-8-pnio-t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E91F7C2F-044D-496D-8086-8FE041EB930A\"}]}]}],\"references\":[{\"url\":\"https://cert.vde.com/en-us/advisories/vde-2020-038\",\"source\":\"info@cert.vde.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert.vde.com/en-us/advisories/vde-2020-038\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
FKIE_CVE-2020-12511
Vulnerability from fkie_nvd - Published: 2021-01-22 19:15 - Updated: 2024-11-21 04:59
Severity
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web interface.
References
| URL | Tags | ||
|---|---|---|---|
| info@cert.vde.com | https://cert.vde.com/en-us/advisories/vde-2020-038 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/en-us/advisories/vde-2020-038 | Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:pepperl-fuchs:io-link_master_4-eip_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46C076A1-697F-4EBA-A6EF-C6ABC398B928",
"versionEndIncluding": "1.5.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:pepperl-fuchs:io-link_master_4-eip:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BBEBC489-E022-4DFC-9CEB-56CFE6390EFE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:pepperl-fuchs:io-link_master_8-eip_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "368DCF20-3BD5-4708-9E5A-CC11EA0E6874",
"versionEndIncluding": "1.5.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:pepperl-fuchs:io-link_master_8-eip:-:*:*:*:*:*:*:*",
"matchCriteriaId": "83573CB5-AEFE-496F-B5AC-218CDE60DC74",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:pepperl-fuchs:io-link_master_8-eip-l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "810C9D2D-23CD-4DB0-B1D0-6ED2DB5CCDCF",
"versionEndIncluding": "1.5.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:pepperl-fuchs:io-link_master_8-eip-l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E00DEDAE-F737-4E8B-8D75-5B00DC357DEB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:pepperl-fuchs:io-link_master_dr-8-eip_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B2D4FF46-5477-41A9-A4BA-EC41FBB5F698",
"versionEndIncluding": "1.5.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:pepperl-fuchs:io-link_master_dr-8-eip:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA2F24AD-E230-47C9-A6C1-241649CC7C6A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:pepperl-fuchs:io-link_master_dr-8-eip-p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BFBFCBE1-9F96-4EE7-B770-57F155725D46",
"versionEndIncluding": "1.5.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:pepperl-fuchs:io-link_master_dr-8-eip-p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E0C433E-211D-4618-A891-126067DBF78F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:pepperl-fuchs:io-link_master_dr-8-eip-t_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B14A1EE1-3125-47F0-854D-C7EE3015FB6A",
"versionEndIncluding": "1.5.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:pepperl-fuchs:io-link_master_dr-8-eip-t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "70A4F878-EB5A-4733-8882-93707F58C2C5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:pepperl-fuchs:io-link_master_4-pnio_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96C26EBC-226F-44F5-AA42-2351097F9EAE",
"versionEndIncluding": "1.5.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:pepperl-fuchs:io-link_master_4-pnio:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E69B5DC-3B1C-4FDB-88B2-A8D9AB75C43E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:pepperl-fuchs:io-link_master_8-pnio_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99072498-E57B-44D6-9AE6-9BB07E235C04",
"versionEndIncluding": "1.5.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:pepperl-fuchs:io-link_master_8-pnio:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EC03E5F9-08B6-4AE8-8B12-843E4A22FC67",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:pepperl-fuchs:io-link_master_8-pnio-l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DD43FFB6-65FF-46AE-AFB4-96F3D52BD301",
"versionEndIncluding": "1.5.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:pepperl-fuchs:io-link_master_8-pnio-l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CD25566D-513D-4BA3-8035-CC724E523898",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:pepperl-fuchs:io-link_master_dr-8-pnio_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1FFC2CB0-17D0-499D-9878-CA385B59DE64",
"versionEndIncluding": "1.5.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:pepperl-fuchs:io-link_master_dr-8-pnio:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D97A0A5-3BA7-4D22-83EB-D3C856D641E6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:pepperl-fuchs:io-link_master_dr-8-pnio-p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ACE56879-B450-4683-9DEA-053260F1D47E",
"versionEndIncluding": "1.5.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:pepperl-fuchs:io-link_master_dr-8-pnio-p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3F02A39-35DC-4D14-91A0-46C9448FA562",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:pepperl-fuchs:io-link_master_dr-8-pnio-t_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EBF13F83-C75D-45A2-97A6-B1B6595863B6",
"versionEndIncluding": "1.5.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:pepperl-fuchs:io-link_master_dr-8-pnio-t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E91F7C2F-044D-496D-8086-8FE041EB930A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web interface."
},
{
"lang": "es",
"value": "Pepperl + Fuchs Comtrol IO-Link Master en la versi\u00f3n 1.5.48 y anteriores, es propenso a una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en la interfaz web"
}
],
"id": "CVE-2020-12511",
"lastModified": "2024-11-21T04:59:50.303",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-22T19:15:11.880",
"references": [
{
"source": "info@cert.vde.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-038"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-038"
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-WHQX-XF73-2457
Vulnerability from github – Published: 2022-05-24 17:40 – Updated: 2022-05-24 17:40
VLAI
Details
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web interface.
{
"affected": [],
"aliases": [
"CVE-2020-12511"
],
"database_specific": {
"cwe_ids": [
"CWE-352"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-01-22T19:15:00Z",
"severity": "HIGH"
},
"details": "Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web interface.",
"id": "GHSA-whqx-xf73-2457",
"modified": "2022-05-24T17:40:03Z",
"published": "2022-05-24T17:40:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12511"
},
{
"type": "WEB",
"url": "https://cert.vde.com/en-us/advisories/vde-2020-038"
}
],
"schema_version": "1.4.0",
"severity": []
}
GSD-2020-12511
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web interface.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-12511",
"description": "Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web interface.",
"id": "GSD-2020-12511",
"references": [
"https://packetstormsecurity.com/files/cve/CVE-2020-12511"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-12511"
],
"details": "Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web interface.",
"id": "GSD-2020-12511",
"modified": "2023-12-13T01:21:49.562107Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-01-04T11:00:00.000Z",
"ID": "CVE-2020-12511",
"STATE": "PUBLIC",
"TITLE": "Pepper+Fuchs Comtrol IO-Link Master Cross-Site Request Forgery"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Comtrol IO-Link Master",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.5.48"
}
]
}
}
]
},
"vendor_name": "Pepper+Fuchs"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "T.Weber (SEC Consult Vulnerability Lab) reported this vulnerability. Coordinated by CERT@VDE."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web interface."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en-us/advisories/vde-2020-038",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en-us/advisories/vde-2020-038"
}
]
},
"solution": [
{
"lang": "eng",
"value": "In order to prevent the exploitation of the reported vulnerabilities, we recommend that the\naffected units be updated with the following three firmware packages:\n\nU-Boot bootloader version 1.36 or newer\nSystem image version 1.52 or newer\nApplication base version 1.6.11 or newer"
}
],
"source": {
"advisory": "VDE-2020-038",
"defect": [
"VDE-2020-038"
],
"discovery": "EXTERNAL"
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:pepperl-fuchs:io-link_master_4-eip_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.5.48",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:pepperl-fuchs:io-link_master_4-eip:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:pepperl-fuchs:io-link_master_8-eip_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.5.48",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:pepperl-fuchs:io-link_master_8-eip:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:pepperl-fuchs:io-link_master_8-eip-l_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.5.48",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:pepperl-fuchs:io-link_master_8-eip-l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:pepperl-fuchs:io-link_master_dr-8-eip_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.5.48",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:pepperl-fuchs:io-link_master_dr-8-eip:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:pepperl-fuchs:io-link_master_dr-8-eip-p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.5.48",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:pepperl-fuchs:io-link_master_dr-8-eip-p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:pepperl-fuchs:io-link_master_dr-8-eip-t_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.5.48",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:pepperl-fuchs:io-link_master_dr-8-eip-t:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:pepperl-fuchs:io-link_master_4-pnio_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.5.48",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:pepperl-fuchs:io-link_master_4-pnio:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:pepperl-fuchs:io-link_master_8-pnio_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.5.48",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:pepperl-fuchs:io-link_master_8-pnio:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:pepperl-fuchs:io-link_master_8-pnio-l_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.5.48",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:pepperl-fuchs:io-link_master_8-pnio-l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:pepperl-fuchs:io-link_master_dr-8-pnio_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.5.48",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:pepperl-fuchs:io-link_master_dr-8-pnio:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:pepperl-fuchs:io-link_master_dr-8-pnio-p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.5.48",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:pepperl-fuchs:io-link_master_dr-8-pnio-p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:pepperl-fuchs:io-link_master_dr-8-pnio-t_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.5.48",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:pepperl-fuchs:io-link_master_dr-8-pnio-t:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"ID": "CVE-2020-12511"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en-us/advisories/vde-2020-038",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-038"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2021-01-27T21:31Z",
"publishedDate": "2021-01-22T19:15Z"
}
}
}
VDE-2020-038
Vulnerability from csaf_pepperlfuchsse - Published: 2021-01-04 13:01 - Updated: 2025-05-14 13:00Summary
Pepperl+Fuchs: Multiple vulnerabilites in Comtrol IO-Link Master
Notes
Summary: Several vulnerabilities exist within firmware versions up to and including v1.5.48.
Impact: Pepperl+Fuchs analyzed and identified affected devices.
Remote attackers may exploit multiple vulnerabilities to get access to the device and
execute any program and tap information.
Remediation: In order to prevent the exploitation of the reported vulnerabilities, we recommend that the
affected units be updated with the following three firmware packages:
- U-Boot bootloader version 1.36
- System image version 1.52
- Application base version 1.6.11
General Recommendation: 1. An external protective measure to be put in place.
Traffic from untrusted networks to the device should be blocked by a firewall.
Especially traffic targeting the administration webpage.
2. Device user accounts to be enabled with secure passwords.
If non-trusted people/applications have access to the network that the device is connected to, then configuring passwords for all three User Accounts is recommend.
8.8 (High)
Vendor Fix
In order to prevent the exploitation of the reported vulnerabilities, we recommend that the
affected units be updated with the following three firmware packages:
- U-Boot bootloader version 1.36
- System image version 1.52
- Application base version 1.6.11
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — | ||
| Unresolved product id: CSAFPID-31011 | — | ||
| Unresolved product id: CSAFPID-31012 | — |
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — | ||
| Unresolved product id: CSAFPID-32011 | — | ||
| Unresolved product id: CSAFPID-32012 | — | ||
| Unresolved product id: CSAFPID-32013 | — | ||
| Unresolved product id: CSAFPID-32014 | — |
8.8 (High)
Vendor Fix
In order to prevent the exploitation of the reported vulnerabilities, we recommend that the
affected units be updated with the following three firmware packages:
- U-Boot bootloader version 1.36
- System image version 1.52
- Application base version 1.6.11
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — | ||
| Unresolved product id: CSAFPID-31011 | — | ||
| Unresolved product id: CSAFPID-31012 | — |
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — | ||
| Unresolved product id: CSAFPID-32011 | — | ||
| Unresolved product id: CSAFPID-32012 | — | ||
| Unresolved product id: CSAFPID-32013 | — | ||
| Unresolved product id: CSAFPID-32014 | — |
7.5 (High)
Vendor Fix
In order to prevent the exploitation of the reported vulnerabilities, we recommend that the
affected units be updated with the following three firmware packages:
- U-Boot bootloader version 1.36
- System image version 1.52
- Application base version 1.6.11
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — | ||
| Unresolved product id: CSAFPID-31011 | — | ||
| Unresolved product id: CSAFPID-31012 | — |
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — | ||
| Unresolved product id: CSAFPID-32011 | — | ||
| Unresolved product id: CSAFPID-32012 | — | ||
| Unresolved product id: CSAFPID-32013 | — | ||
| Unresolved product id: CSAFPID-32014 | — |
7.5 (High)
Vendor Fix
In order to prevent the exploitation of the reported vulnerabilities, we recommend that the
affected units be updated with the following three firmware packages:
- U-Boot bootloader version 1.36
- System image version 1.52
- Application base version 1.6.11
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — | ||
| Unresolved product id: CSAFPID-31011 | — | ||
| Unresolved product id: CSAFPID-31012 | — |
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — | ||
| Unresolved product id: CSAFPID-32011 | — | ||
| Unresolved product id: CSAFPID-32012 | — | ||
| Unresolved product id: CSAFPID-32013 | — | ||
| Unresolved product id: CSAFPID-32014 | — |
5.4 (Medium)
Vendor Fix
In order to prevent the exploitation of the reported vulnerabilities, we recommend that the
affected units be updated with the following three firmware packages:
- U-Boot bootloader version 1.36
- System image version 1.52
- Application base version 1.6.11
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — | ||
| Unresolved product id: CSAFPID-31011 | — | ||
| Unresolved product id: CSAFPID-31012 | — |
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — | ||
| Unresolved product id: CSAFPID-32011 | — | ||
| Unresolved product id: CSAFPID-32012 | — | ||
| Unresolved product id: CSAFPID-32013 | — | ||
| Unresolved product id: CSAFPID-32014 | — |
4.9 (Medium)
Vendor Fix
In order to prevent the exploitation of the reported vulnerabilities, we recommend that the
affected units be updated with the following three firmware packages:
- U-Boot bootloader version 1.36
- System image version 1.52
- Application base version 1.6.11
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — | ||
| Unresolved product id: CSAFPID-31011 | — | ||
| Unresolved product id: CSAFPID-31012 | — |
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — | ||
| Unresolved product id: CSAFPID-32010 | — | ||
| Unresolved product id: CSAFPID-32011 | — | ||
| Unresolved product id: CSAFPID-32012 | — | ||
| Unresolved product id: CSAFPID-32013 | — | ||
| Unresolved product id: CSAFPID-32014 | — |
References
3 references
Acknowledgments
CERT@VDE
certvde.com
SEC Consult Vulnerability Lab
T.Weber
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
},
{
"names": [
"T.Weber"
],
"organization": "SEC Consult Vulnerability Lab",
"summary": "reported"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "Several vulnerabilities exist within firmware versions up to and including v1.5.48.",
"title": "Summary"
},
{
"category": "description",
"text": "Pepperl+Fuchs analyzed and identified affected devices.\nRemote attackers may exploit multiple vulnerabilities to get access to the device and\nexecute any program and tap information.",
"title": "Impact"
},
{
"category": "description",
"text": "In order to prevent the exploitation of the reported vulnerabilities, we recommend that the\naffected units be updated with the following three firmware packages:\n\n- U-Boot bootloader version 1.36\n\n- System image version 1.52\n\n- Application base version 1.6.11",
"title": "Remediation"
},
{
"category": "general",
"text": "1. An external protective measure to be put in place.\nTraffic from untrusted networks to the device should be blocked by a firewall.\nEspecially traffic targeting the administration webpage.\n2. Device user accounts to be enabled with secure passwords.\nIf non-trusted people/applications have access to the network that the device is connected to, then configuring passwords for all three User Accounts is recommend.",
"title": "General Recommendation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "cert@pepperl-fuchs.com",
"name": "Pepperl+Fuchs SE",
"namespace": "https://www.pepperl-fuchs.com"
},
"references": [
{
"category": "self",
"summary": "VDE-2020-038: Pepperl+Fuchs: Multiple vulnerabilites in Comtrol IO-Link Master - HTML",
"url": "https://certvde.com/de/advisories/VDE-2020-038/"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for Pepperl+Fuchs",
"url": "https://certvde.com/de/advisories/vendor/pepperl+fuchs/"
},
{
"category": "self",
"summary": "VDE-2020-038: Pepperl+Fuchs: Multiple vulnerabilites in Comtrol IO-Link Master - CSAF",
"url": "https://pepperl-fuchs.csaf-tp.certvde.com/.well-known/csaf/white/2021/vde-2020-038.json"
}
],
"title": "Pepperl+Fuchs: Multiple vulnerabilites in Comtrol IO-Link Master",
"tracking": {
"aliases": [
"VDE-2020-038"
],
"current_release_date": "2025-05-14T13:00:14.000Z",
"generator": {
"date": "2024-11-25T13:51:21.125Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.15"
}
},
"id": "VDE-2020-038",
"initial_release_date": "2021-01-04T13:01:00.000Z",
"revision_history": [
{
"date": "2021-01-04T13:01:00.000Z",
"number": "1",
"summary": "initial revision"
},
{
"date": "2025-02-12T16:57:59.000Z",
"number": "2",
"summary": "Fix: corrected self-reference, fixed version"
},
{
"date": "2025-05-14T13:00:14.000Z",
"number": "3",
"summary": "Fix: added distribution"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "IO-Link Master 4-EIP",
"product": {
"name": "IO-Link Master 4-EIP",
"product_id": "CSAFPID-11001"
}
},
{
"category": "product_name",
"name": "IO-Link Master 4-PNIO",
"product": {
"name": "IO-Link Master 4-PNIO",
"product_id": "CSAFPID-11002"
}
},
{
"category": "product_name",
"name": "IO-Link Master 8-EIP",
"product": {
"name": "IO-Link Master 8-EIP",
"product_id": "CSAFPID-11003"
}
},
{
"category": "product_name",
"name": "IO-Link Master 8-EIP-L",
"product": {
"name": "IO-Link Master 8-EIP-L",
"product_id": "CSAFPID-11004"
}
},
{
"category": "product_name",
"name": "IO-Link Master 8-PNIO",
"product": {
"name": "IO-Link Master 8-PNIO",
"product_id": "CSAFPID-11005"
}
},
{
"category": "product_name",
"name": "IO-Link Master 8-PNIO-L",
"product": {
"name": "IO-Link Master 8-PNIO-L",
"product_id": "CSAFPID-11006"
}
},
{
"category": "product_name",
"name": "IO-Link Master DR-8-EIP",
"product": {
"name": "IO-Link Master DR-8-EIP",
"product_id": "CSAFPID-11007"
}
},
{
"category": "product_name",
"name": "IO-Link Master DR-8-EIP-P",
"product": {
"name": "IO-Link Master DR-8-EIP-P",
"product_id": "CSAFPID-11008"
}
},
{
"category": "product_name",
"name": "IO-Link Master DR-8-EIP-T",
"product": {
"name": "IO-Link Master DR-8-EIP-T",
"product_id": "CSAFPID-11009"
}
},
{
"category": "product_name",
"name": "IO-Link Master DR-8-PNIO",
"product": {
"name": "IO-Link Master DR-8-PNIO",
"product_id": "CSAFPID-11010"
}
},
{
"category": "product_name",
"name": "IO-Link Master DR-8-PNIO-P",
"product": {
"name": "IO-Link Master DR-8-PNIO-P",
"product_id": "CSAFPID-11011"
}
},
{
"category": "product_name",
"name": "IO-Link Master DR-8-PNIO-T",
"product": {
"name": "IO-Link Master DR-8-PNIO-T",
"product_id": "CSAFPID-11012"
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=v1.5.48",
"product": {
"name": "Firmware \u003c=v1.5.48",
"product_id": "CSAFPID-21001"
}
},
{
"branches": [
{
"category": "product_version",
"name": "1.36",
"product": {
"name": "U-Boot bootloader 1.36",
"product_id": "CSAFPID-22001"
}
}
],
"category": "product_name",
"name": "U-Boot bootloader"
},
{
"branches": [
{
"category": "product_version",
"name": "1.52",
"product": {
"name": "System image 1.52",
"product_id": "CSAFPID-22002"
}
}
],
"category": "product_name",
"name": "System image"
},
{
"branches": [
{
"category": "product_version",
"name": "1.6.11",
"product": {
"name": "Application base 1.6.11",
"product_id": "CSAFPID-22003"
}
}
],
"category": "product_name",
"name": "Application base"
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "Pepperl+Fuchs"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012"
],
"summary": "Affected products."
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014"
],
"summary": "Fixed products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=v1.5.48 installed on IO-Link Master 4-EIP",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=v1.5.48 installed on IO-Link Master 4-PNIO",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=v1.5.48 installed on IO-Link Master 8-EIP",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=v1.5.48 installed on IO-Link Master 8-EIP-L",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=v1.5.48 installed on IO-Link Master 8-PNIO",
"product_id": "CSAFPID-31005"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=v1.5.48 installed on IO-Link Master 8-PNIO-L",
"product_id": "CSAFPID-31006"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=v1.5.48 installed on IO-Link Master DR-8-EIP",
"product_id": "CSAFPID-31007"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=v1.5.48 installed on IO-Link Master DR-8-EIP-P",
"product_id": "CSAFPID-31008"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=v1.5.48 installed on IO-Link Master DR-8-EIP-T",
"product_id": "CSAFPID-31009"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=v1.5.48 installed on IO-Link Master DR-8-PNIO",
"product_id": "CSAFPID-31010"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=v1.5.48 installed on IO-Link Master DR-8-PNIO-P",
"product_id": "CSAFPID-31011"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=v1.5.48 installed on IO-Link Master DR-8-PNIO-T",
"product_id": "CSAFPID-31012"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11012"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Application base 1.6.11 installed on System image 1.52",
"product_id": "CSAFPID-32001"
},
"product_reference": "CSAFPID-22003",
"relates_to_product_reference": "CSAFPID-22002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Application base 1.6.11 installed on System image 1.52 installed on U-Boot bootloader 1.36",
"product_id": "CSAFPID-32002"
},
"product_reference": "CSAFPID-32001",
"relates_to_product_reference": "CSAFPID-22001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Application base 1.6.11 installed on System image 1.52 installed on U-Boot bootloader 1.36 installed on IO-Link Master 4-EIP",
"product_id": "CSAFPID-32003"
},
"product_reference": "CSAFPID-32002",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Application base 1.6.11 installed on System image 1.52 installed on U-Boot bootloader 1.36 installed on IO-Link Master 4-PNIO",
"product_id": "CSAFPID-32004"
},
"product_reference": "CSAFPID-32002",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Application base 1.6.11 installed on System image 1.52 installed on U-Boot bootloader 1.36 installed on IO-Link Master 8-EIP",
"product_id": "CSAFPID-32005"
},
"product_reference": "CSAFPID-32002",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Application base 1.6.11 installed on System image 1.52 installed on U-Boot bootloader 1.36 installed on IO-Link Master 8-EIP-L",
"product_id": "CSAFPID-32006"
},
"product_reference": "CSAFPID-32002",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Application base 1.6.11 installed on System image 1.52 installed on U-Boot bootloader 1.36 installed on IO-Link Master 8-PNIO",
"product_id": "CSAFPID-32007"
},
"product_reference": "CSAFPID-32002",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Application base 1.6.11 installed on System image 1.52 installed on U-Boot bootloader 1.36 installed on IO-Link Master 8-PNIO-L",
"product_id": "CSAFPID-32008"
},
"product_reference": "CSAFPID-32002",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Application base 1.6.11 installed on System image 1.52 installed on U-Boot bootloader 1.36 installed on IO-Link Master DR-8-EIP",
"product_id": "CSAFPID-32009"
},
"product_reference": "CSAFPID-32002",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Application base 1.6.11 installed on System image 1.52 installed on U-Boot bootloader 1.36 installed on IO-Link Master DR-8-EIP-P",
"product_id": "CSAFPID-32010"
},
"product_reference": "CSAFPID-32002",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Application base 1.6.11 installed on System image 1.52 installed on U-Boot bootloader 1.36 installed on IO-Link Master DR-8-EIP-T",
"product_id": "CSAFPID-32011"
},
"product_reference": "CSAFPID-32002",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Application base 1.6.11 installed on System image 1.52 installed on U-Boot bootloader 1.36 installed on IO-Link Master DR-8-PNIO",
"product_id": "CSAFPID-32012"
},
"product_reference": "CSAFPID-32002",
"relates_to_product_reference": "CSAFPID-11010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Application base 1.6.11 installed on System image 1.52 installed on U-Boot bootloader 1.36 installed on IO-Link Master DR-8-PNIO-P",
"product_id": "CSAFPID-32013"
},
"product_reference": "CSAFPID-32002",
"relates_to_product_reference": "CSAFPID-11011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Application base 1.6.11 installed on System image 1.52 installed on U-Boot bootloader 1.36 installed on IO-Link Master DR-8-PNIO-T",
"product_id": "CSAFPID-32014"
},
"product_reference": "CSAFPID-32002",
"relates_to_product_reference": "CSAFPID-11012"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-12511",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"notes": [
{
"category": "summary",
"text": "Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web interface.",
"title": "Summary"
}
],
"product_status": {
"fixed": [
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "\nIn order to prevent the exploitation of the reported vulnerabilities, we recommend that the\naffected units be updated with the following three firmware packages:\n\n- U-Boot bootloader version 1.36\n- System image version 1.52\n- Application base version 1.6.11",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012"
]
}
],
"title": "CVE-2020-12511"
},
{
"cve": "CVE-2020-12513",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection.",
"title": "Summary"
}
],
"product_status": {
"fixed": [
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "\nIn order to prevent the exploitation of the reported vulnerabilities, we recommend that the\naffected units be updated with the following three firmware packages:\n\n- U-Boot bootloader version 1.36\n- System image version 1.52\n- Application base version 1.6.11",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012"
]
}
],
"title": "CVE-2020-12513"
},
{
"cve": "CVE-2018-20679",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "\nAn issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and relay) allows a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to verification in udhcp_get_option() in networking/udhcp/common.c that 4-byte options are indeed 4 bytes.",
"title": "Summary"
}
],
"product_status": {
"fixed": [
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "\nIn order to prevent the exploitation of the reported vulnerabilities, we recommend that the\naffected units be updated with the following three firmware packages:\n\n- U-Boot bootloader version 1.36\n- System image version 1.52\n- Application base version 1.6.11",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012"
]
}
],
"title": "CVE-2018-20679"
},
{
"cve": "CVE-2018-0732",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"notes": [
{
"category": "summary",
"text": "During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o).",
"title": "Summary"
}
],
"product_status": {
"fixed": [
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "\nIn order to prevent the exploitation of the reported vulnerabilities, we recommend that the\naffected units be updated with the following three firmware packages:\n\n- U-Boot bootloader version 1.36\n- System image version 1.52\n- Application base version 1.6.11",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012"
]
}
],
"title": "CVE-2018-0732"
},
{
"cve": "CVE-2020-12512",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting",
"title": "Summary"
}
],
"product_status": {
"fixed": [
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "\nIn order to prevent the exploitation of the reported vulnerabilities, we recommend that the\naffected units be updated with the following three firmware packages:\n\n- U-Boot bootloader version 1.36\n- System image version 1.52\n- Application base version 1.6.11",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.4,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"temporalScore": 5.4,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012"
]
}
],
"title": "CVE-2020-12512"
},
{
"cve": "CVE-2020-12514",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd",
"title": "Summary"
}
],
"product_status": {
"fixed": [
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009",
"CSAFPID-32010",
"CSAFPID-32011",
"CSAFPID-32012",
"CSAFPID-32013",
"CSAFPID-32014"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "\nIn order to prevent the exploitation of the reported vulnerabilities, we recommend that the\naffected units be updated with the following three firmware packages:\n\n- U-Boot bootloader version 1.36\n- System image version 1.52\n- Application base version 1.6.11",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 4.9,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"temporalScore": 4.9,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012"
]
}
],
"title": "CVE-2020-12514"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…