Hidden functionality in PEPPERL+FUCHS products - CVE-2020-12504
Published: October 7, 2020
Vulnerability identifier: #VU47409
CSH Severity: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2020-12504
CWE-ID: CWE-912
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
RocketLinx ES7510-XT
RocketLinx ES8509-XT
RocketLinx ES8510-XT
RocketLinx ES9528-XTv2
RocketLinx ES7506
RocketLinx ES7510
RocketLinx ES7528
RocketLinx ES8508
RocketLinx ES8508F
RocketLinx ES8510
RocketLinx ES8510-XTE
RocketLinx ES9528/ES9528-XT
RocketLinx ES7510-XT
RocketLinx ES8509-XT
RocketLinx ES8510-XT
RocketLinx ES9528-XTv2
RocketLinx ES7506
RocketLinx ES7510
RocketLinx ES7528
RocketLinx ES8508
RocketLinx ES8508F
RocketLinx ES8510
RocketLinx ES8510-XTE
RocketLinx ES9528/ES9528-XT
Software vendor:
PEPPERL+FUCHS
PEPPERL+FUCHS
Description
The vulnerability allows a remote attacker to compromise vulnerable system
The vulnerability exists due to hidden functionality (backdoor) is present in software. A remote attacker can use this functionality to gain full access to the application and compromise the affected system.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.