PEPPERL+FUCHS: Multiple Products prone to multiple vulnerabilities in Comtrol RocketLinux (Update B)

VDE-2020-040 (2020-10-07 14:10 UTC+0100)

PEPPERL+FUCHS

P+F Comtrol RocketLinx®:

• ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2,
• ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE,
• ES9528/ES9528-XT

affected by: CVE-2020-12500, CVE-2020-12501, CVE-2020-12502, CVE-2020-12503, CVE-2020-12504

Update A, 2020-10-08

P+F Comtrol RocketLinx®:

• ICRL-M-8RJ45/4SFP-G-DIN Firmware 1.2.3 and previous
• ICRL-M-16RJ45/4CP-G-DIN Firmware 1.2.3 and previous

affected by: CVE-2020-12502, CVE-2020-12503, CVE-2020-12504

Several critical vulnerabilities within Firmware have been identified:

CVE: CVE-2020-12500
CVSS: 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Vuln-Type: CWE-285: Improper Authorization
Description: Unauthenticated Device Administration

CVE: CVE-2020-12501
CVSS: 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Vuln-Type: CWE-798: Use of Hardcoded Credentials
Description: Undocumented Accounts

CVE: CVE-2020-12502
CVSS: 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
Vuln-Type: CWE-352: Cross-Site Request Forgery (CSRF)
Description: Unauthenticated Device Administration

CVE: CVE-2020-12503
CVSS: 7.2 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
Vuln-Type: CWE-20: Improper Input Validation
Description: Multiple Authenticated Command Injections

CVE: CVE-2020-12504
CVSS: 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Vuln-Type: CWE-912: Hidden Functionality
Description: Active TFTP-Service

Pepperl+Fuchs analyzed and identified affected devices.
Remote attackers may exploit multiple vulnerabilities to get access to the device and
execute any program and tap information.

Update B, 2020-11-18

T. Weber (SEC Consult Vulnerability Lab)
Coordinated by CERT@VDE