GCVE - cpe:2.3:a:pepperl+fuchs:p+f_comtrol

Approved changes feed: RSS · Atom

cpe:2.3:a:pepperl+fuchs:p+f_comtrol_rocketlinx:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Pepperl+Fuchs (`9739a350-3a1c-589a-a37f-50f3931ada7b`)
Product	P+F Comtrol Rocketlinx (`33da3b5f-6b8c-5805-bd61-3c39605c0475`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2020-12504`	vulnerable	2026-06-03 14:41:34.790240	Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products CRITICAL (9.8) Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below has an active TFTP-Service. Published: 2020-10-15T18:42:59.041Z Updated: 2024-09-16T17:09:09.147Z Open on db.gcve.eu Reference links https://cert.vde.com/de-de/advisories/vde-2020-040 http://seclists.org/fulldisclosure/2021/Jun/0 http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/ https://cert.vde.com/en-us/advisories/vde-2020-053	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-12503`	vulnerable	2026-06-03 14:41:34.782560	Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products HIGH (7.2) Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to multiple authenticated command injections. Published: 2020-10-15T18:42:58.016Z Updated: 2024-09-17T04:24:41.310Z Open on db.gcve.eu Reference links https://cert.vde.com/de-de/advisories/vde-2020-040 http://seclists.org/fulldisclosure/2021/Jun/0 http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/ https://cert.vde.com/en-us/advisories/vde-2020-053	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-12502`	vulnerable	2026-06-03 14:41:34.759454	Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products HIGH (8.8) Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to unauthenticated device administration. Published: 2020-10-15T18:42:57.229Z Updated: 2024-09-16T18:43:33.813Z Open on db.gcve.eu Reference links https://cert.vde.com/de-de/advisories/vde-2020-040 http://seclists.org/fulldisclosure/2021/Jun/0 http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/ https://cert.vde.com/en-us/advisories/vde-2020-053	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-12501`	vulnerable	2026-06-03 14:41:34.740517	Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products CRITICAL (9.8) Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) use undocumented accounts. Published: 2020-10-15T18:42:56.306Z Updated: 2024-09-16T19:20:40.911Z Open on db.gcve.eu Reference links https://cert.vde.com/de-de/advisories/vde-2020-040 http://seclists.org/fulldisclosure/2021/Jun/0 http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/ http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-12500`	vulnerable	2026-06-03 14:41:34.715332	Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products CRITICAL (9.8) Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) allows unauthenticated device administration. Published: 2020-10-15T18:42:54.978Z Updated: 2024-09-17T01:10:49.072Z Open on db.gcve.eu Reference links https://cert.vde.com/de-de/advisories/vde-2020-040 http://seclists.org/fulldisclosure/2021/Jun/0 http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/ http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

P+F Comtrol Rocketlinx

PURL mappings

Vulnerability references

Contribute