CVE-2020-12502

Name of the Vulnerable Software and Affected Versions Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT versions all ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN versions 1.2.3 and below

Description The issue is related to an Improper Authorization vulnerability, which allows for unauthenticated device administration. This means that an attacker could potentially access and manage the device without proper credentials.

Recommendations For Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT, consider restricting access to the device administration interface until a fix is available. For ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN versions 1.2.3 and below, update to a version above 1.2.3 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability for the RocketLinx devices.