VDE-2020-040
Vulnerability from csaf_pepperlfuchsse - Published: 2020-10-05 12:00 - Updated: 2020-10-05 12:00Summary
Pepperl+Fuchs: Multiple Products prone to multiple vulnerabilities in Comtrol RocketLinux
Notes
Summary: Several critical vulnerabilities within Firmware have been identified. Please consult the CVEs for details.
Impact: Pepperl+Fuchs analyzed and identified affected devices.
Remote attackers may exploit multiple vulnerabilities to get access to the device and
execute any program and tap information.
Mitigation: An external protective measure is required.
1) Traffic from untrusted networks to the device should be blocked by a firewall. Especially
traffic targeting the administration webpage.
2) Administrator and user access should be protected by a secure password and only be
available to a very limited group of people.
9.8 (Critical)
Mitigation
An external protective measure is required.
1) Traffic from untrusted networks to the device should be blocked by a firewall. Especially
traffic targeting the administration webpage.
2) Administrator and user access should be protected by a secure password and only be
available to a very limited group of people.
9.8 (Critical)
Vendor Fix
In order to prevent the exploitation of the reported vulnerabilities, we recommend that the
affected units be updated with the following three firmware packages:
- U-Boot bootloader version 1.36 or newer
- System image version 1.52 or newer
- Application base version 1.6.11 or newer
9.8 (Critical)
Mitigation
An external protective measure is required.
1) Traffic from untrusted networks to the device should be blocked by a firewall. Especially
traffic targeting the administration webpage.
2) Administrator and user access should be protected by a secure password and only be
available to a very limited group of people.
8.8 (High)
Mitigation
An external protective measure is required.
1) Traffic from untrusted networks to the device should be blocked by a firewall. Especially
traffic targeting the administration webpage.
2) Administrator and user access should be protected by a secure password and only be
available to a very limited group of people.
7.2 (High)
Mitigation
An external protective measure is required.
1) Traffic from untrusted networks to the device should be blocked by a firewall. Especially
traffic targeting the administration webpage.
2) Administrator and user access should be protected by a secure password and only be
available to a very limited group of people.
References
Acknowledgments
CERT@VDE
certvde.com
SEC Consult Vulnerability Lab
T.Weber
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
},
{
"names": [
"T.Weber"
],
"organization": "SEC Consult Vulnerability Lab",
"summary": "reported"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "Several critical vulnerabilities within Firmware have been identified. Please consult the CVEs for details.",
"title": "Summary"
},
{
"category": "description",
"text": "Pepperl+Fuchs analyzed and identified affected devices.\nRemote attackers may exploit multiple vulnerabilities to get access to the device and\nexecute any program and tap information.",
"title": "Impact"
},
{
"category": "description",
"text": "An external protective measure is required.\n\n1) Traffic from untrusted networks to the device should be blocked by a firewall. Especially\ntraffic targeting the administration webpage.\n\n2) Administrator and user access should be protected by a secure password and only be\navailable to a very limited group of people.",
"title": "Mitigation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "cert@pepperl-fuchs.com",
"name": "Pepperl+Fuchs SE",
"namespace": "https://www.pepperl-fuchs.com"
},
"references": [
{
"category": "external",
"summary": "CERT@VDE Security Advisories for Pepperl+Fuchs",
"url": "https://certvde.com/de/advisories/vendor/pepperl+fuchs/"
},
{
"category": "self",
"summary": "VDE-2020-040: Pepperl+Fuchs: Multiple Products prone to multiple vulnerabilities in Comtrol RocketLinux - CSAF",
"url": "https://pepperl-fuchs.csaf-tp.certvde.com/.well-known/csaf/white/2020/vde-2020-040.json"
},
{
"category": "self",
"summary": "VDE-2020-040: Pepperl+Fuchs: Multiple Products prone to multiple vulnerabilities in Comtrol RocketLinux - HTML",
"url": "https://certvde.com/de/advisories/VDE-2020-040/"
}
],
"title": "Pepperl+Fuchs: Multiple Products prone to multiple vulnerabilities in Comtrol RocketLinux",
"tracking": {
"aliases": [
"VDE-2020-040"
],
"current_release_date": "2020-10-05T12:00:00.000Z",
"generator": {
"date": "2025-02-27T15:51:08.443Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.20"
}
},
"id": "VDE-2020-040",
"initial_release_date": "2020-10-05T12:00:00.000Z",
"revision_history": [
{
"date": "2020-10-05T12:00:00.000Z",
"number": "1",
"summary": "initial revision"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "ES7506",
"product": {
"name": "ES7506",
"product_id": "CSAFPID-11001"
}
},
{
"category": "product_name",
"name": "ES7506",
"product": {
"name": "ES7506",
"product_id": "CSAFPID-11002"
}
},
{
"category": "product_name",
"name": "ES7510",
"product": {
"name": "ES7510",
"product_id": "CSAFPID-11003"
}
},
{
"category": "product_name",
"name": "ES7510-XT",
"product": {
"name": "ES7510-XT",
"product_id": "CSAFPID-11004"
}
},
{
"category": "product_name",
"name": "ES7528",
"product": {
"name": "ES7528",
"product_id": "CSAFPID-11005"
}
},
{
"category": "product_name",
"name": "ES8508",
"product": {
"name": "ES8508",
"product_id": "CSAFPID-11006"
}
},
{
"category": "product_name",
"name": "ES8508F",
"product": {
"name": "ES8508F",
"product_id": "CSAFPID-11007"
}
},
{
"category": "product_name",
"name": "ES8509-XT",
"product": {
"name": "ES8509-XT",
"product_id": "CSAFPID-11008"
}
},
{
"category": "product_name",
"name": "ES8510",
"product": {
"name": "ES8510",
"product_id": "CSAFPID-11009"
}
},
{
"category": "product_name",
"name": "ES8510-XT",
"product": {
"name": "ES8510-XT",
"product_id": "CSAFPID-11010"
}
},
{
"category": "product_name",
"name": "ES8510-XTE",
"product": {
"name": "ES8510-XTE",
"product_id": "CSAFPID-11011"
}
},
{
"category": "product_name",
"name": "ES9528/ES9528-XT",
"product": {
"name": "ES9528/ES9528-XT",
"product_id": "CSAFPID-11012"
}
},
{
"category": "product_name",
"name": "ES9528-XTv2",
"product": {
"name": "ES9528-XTv2",
"product_id": "CSAFPID-11013"
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Firmware vers:all/*",
"product_id": "CSAFPID-21001"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "Pepperl+Fuchs"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012"
],
"summary": "Affected products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on ES7506",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on ES7506",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on ES7510",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on ES7510-XT",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on ES7506",
"product_id": "CSAFPID-31005"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on ES8508",
"product_id": "CSAFPID-31006"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on ES8508F",
"product_id": "CSAFPID-31007"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on ES8509-XT",
"product_id": "CSAFPID-31008"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on ES8510",
"product_id": "CSAFPID-31009"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on ES8510-XT",
"product_id": "CSAFPID-31010"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on ES8510-XTE",
"product_id": "CSAFPID-31011"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on ES9528/ES9528-XT",
"product_id": "CSAFPID-31012"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11012"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on ES9528-XTv2",
"product_id": "CSAFPID-31013"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11013"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-12504",
"cwe": {
"id": "CWE-912",
"name": "Hidden Functionality"
},
"notes": [
{
"category": "summary",
"text": "Active TFTP-Service",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012"
]
},
"remediations": [
{
"category": "mitigation",
"details": "An external protective measure is required.\n\n1) Traffic from untrusted networks to the device should be blocked by a firewall. Especially\ntraffic targeting the administration webpage.\n\n2) Administrator and user access should be protected by a secure password and only be\navailable to a very limited group of people.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012"
]
}
],
"title": "CVE-2020-12504"
},
{
"cve": "CVE-2020-12513",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"notes": [
{
"category": "summary",
"text": "Unauthenticated Device Administration",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "\nIn order to prevent the exploitation of the reported vulnerabilities, we recommend that the\naffected units be updated with the following three firmware packages:\n\n- U-Boot bootloader version 1.36 or newer\n- System image version 1.52 or newer\n- Application base version 1.6.11 or newer",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012"
]
}
],
"title": "CVE-2020-12513"
},
{
"cve": "CVE-2020-12501",
"cwe": {
"id": "CWE-798",
"name": "Use of Hard-coded Credentials"
},
"notes": [
{
"category": "summary",
"text": "Undocumented Accounts",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012"
]
},
"remediations": [
{
"category": "mitigation",
"details": "An external protective measure is required.\n\n1) Traffic from untrusted networks to the device should be blocked by a firewall. Especially\ntraffic targeting the administration webpage.\n\n2) Administrator and user access should be protected by a secure password and only be\navailable to a very limited group of people.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012"
]
}
],
"title": "CVE-2020-12501"
},
{
"cve": "CVE-2020-12502",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"notes": [
{
"category": "summary",
"text": "Unauthenticated Device Administration",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012"
]
},
"remediations": [
{
"category": "mitigation",
"details": "An external protective measure is required.\n\n1) Traffic from untrusted networks to the device should be blocked by a firewall. Especially\ntraffic targeting the administration webpage.\n\n2) Administrator and user access should be protected by a secure password and only be\navailable to a very limited group of people.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012"
]
}
],
"title": "CVE-2020-12502"
},
{
"cve": "CVE-2020-12503",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Multiple Authenticated Command Injections",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012"
]
},
"remediations": [
{
"category": "mitigation",
"details": "An external protective measure is required.\n\n1) Traffic from untrusted networks to the device should be blocked by a firewall. Especially\ntraffic targeting the administration webpage.\n\n2) Administrator and user access should be protected by a secure password and only be\navailable to a very limited group of people.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.2,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"temporalScore": 7.2,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012"
]
}
],
"title": "CVE-2020-12503"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…