Share: Email | Twitter

ID

VDE-2020-040

Published

2020-10-05 14:00 (CEST)

Last update

2020-10-08 08:18 (CEST)

Vendor(s)

PEPPERL+FUCHS

Product(s)

P+F Comtrol RocketLinx®:

  • ES7510-XT
  • ES8509-XT
  • ES8510-XT
  • ES9528-XTv2
  • ES7506
  • ES7510
  • ES7528
  • ES8508
  • ES8508F
  • ES8510
  • ES8510-XTE
  • ES9528/ES9528-XT

Summary

Several critical vulnerabilities within Firmware have been identified. Please consult the CVEs for details.

Vulnerabilities



Weakness
Hidden Functionality (CWE-912)
Summary
Active TFTP-Service
Weakness
Improper Authorization (CWE-285)
Summary

Unauthenticated Device Administration

Weakness
Use of Hardcoded Credentials (CWE-798)
Summary

Undocumented Accounts

Weakness
Cross-Site Request Forgery (CSRF) (CWE-352)
Summary

Unauthenticated Device Administration

Weakness
Improper Input Validation (CWE-20)
Summary

Multiple Authenticated Command Injections

Impact

Pepperl+Fuchs analyzed and identified affected devices.
Remote attackers may exploit multiple vulnerabilities to get access to the device and
execute any program and tap information.

Solution

An external protective measure is required.

1) Traffic from untrusted networks to the device should be blocked by a firewall. Especially
traffic targeting the administration webpage.

2) Administrator and user access should be protected by a secure password and only be
available to a very limited group of people.

Reported by

T. Weber of SEC Consult Vulnerability Lab reported this vulnerability.
Coordinated by CERT@VDE