PEPPERL+FUCHS: Multiple Products prone to multiple vulnerabilities in Comtrol RocketLinux (Update B)
VDE-2020-040 (2020-10-07 14:10 UTC+0100)
Affected Vendors
PEPPERL+FUCHS
Affected Products
P+F Comtrol RocketLinx®:
- ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2,
- ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE,
- ES9528/ES9528-XT
affected by: CVE-2020-12500, CVE-2020-12501, CVE-2020-12502, CVE-2020-12503, CVE-2020-12504
Update A, 2020-10-08
P+F Comtrol RocketLinx®:
- ICRL-M-8RJ45/4SFP-G-DIN Firmware 1.2.3 and previous
- ICRL-M-16RJ45/4CP-G-DIN Firmware 1.2.3 and previous
affected by: CVE-2020-12502, CVE-2020-12503, CVE-2020-12504
Vulnerability Type
Improper Authorization (CWE-285)
Summary
Several critical vulnerabilities within Firmware have been identified:
CVE: CVE-2020-12500
CVSS: 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Vuln-Type: CWE-285: Improper Authorization
Description: Unauthenticated Device Administration
CVE: CVE-2020-12501
CVSS: 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Vuln-Type: CWE-798: Use of Hardcoded Credentials
Description: Undocumented Accounts
CVE: CVE-2020-12502
CVSS: 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
Vuln-Type: CWE-352: Cross-Site Request Forgery (CSRF)
Description: Unauthenticated Device Administration
CVE: CVE-2020-12503
CVSS: 7.2 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
Vuln-Type: CWE-20: Improper Input Validation
Description: Multiple Authenticated Command Injections
CVE: CVE-2020-12504
CVSS: 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Vuln-Type: CWE-912: Hidden Functionality
Description: Active TFTP-Service
Impact
Pepperl+Fuchs analyzed and identified affected devices.
Remote attackers may exploit multiple vulnerabilities to get access to the device and
execute any program and tap information.
Solution
Update B, 2020-11-18
For vulnerabilities
- CVE-2020-12502 “Cross-Site Request Forgery (CSRF)”
- CVE-2020-12503 “Multiple Authenticated Command Injections”
CVE-2020-12504 “Active TFTPService”
Step 1) Update following products to the respective Firmware Version:
Product ID | Firmware Version |
ICRL-M-8RJ45/4SFP-G-DIN | 1.4.0 |
ICRL-M-16RJ45/4CP-G-DIN | 1.4.0 |
Step 2) Deactivate TFTP-Service
Reported by
T. Weber (SEC Consult Vulnerability Lab)
Coordinated by CERT@VDE