Vulnerabilities > Pepperl Fuchs
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-16 | CVE-2021-20986 | Out-of-bounds Write vulnerability in multiple products A Denial of Service vulnerability was found in Hilscher PROFINET IO Device V3 in versions prior to V3.14.0.7. | 5.0 |
| 2021-01-22 | CVE-2020-12525 | Deserialization of Untrusted Data vulnerability in multiple products M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage. | 6.8 |
| 2021-01-22 | CVE-2020-12514 | NULL Pointer Dereference vulnerability in Pepperl-Fuchs products Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd | 4.0 |
| 2021-01-22 | CVE-2020-12513 | OS Command Injection vulnerability in Pepperl-Fuchs products Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection. | 9.0 |
| 2021-01-22 | CVE-2020-12512 | Cross-site Scripting vulnerability in Pepperl-Fuchs products Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting | 3.5 |
| 2021-01-22 | CVE-2020-12511 | Cross-Site Request Forgery (CSRF) vulnerability in Pepperl-Fuchs products Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web interface. | 6.8 |
| 2020-10-15 | CVE-2020-12504 | Hidden Functionality vulnerability in multiple products Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below has an active TFTP-Service. | 7.5 |
| 2020-10-15 | CVE-2020-12503 | Incorrect Authorization vulnerability in multiple products Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to multiple authenticated command injections. | 6.5 |
| 2020-10-15 | CVE-2020-12502 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to unauthenticated device administration. | 6.8 |
| 2020-10-15 | CVE-2020-12501 | Use of Hard-coded Credentials vulnerability in multiple products Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) use undocumented accounts. | 9.8 |