Vulnerabilities > Pepperl Fuchs

DATE CVE VULNERABILITY TITLE RISK
2021-02-16 CVE-2021-20986 Out-of-bounds Write vulnerability in multiple products
A Denial of Service vulnerability was found in Hilscher PROFINET IO Device V3 in versions prior to V3.14.0.7.
network
low complexity
hilscher pepperl-fuchs CWE-787
5.0
2021-01-22 CVE-2020-12525 Deserialization of Untrusted Data vulnerability in multiple products
M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage.
6.8
2021-01-22 CVE-2020-12514 NULL Pointer Dereference vulnerability in Pepperl-Fuchs products
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd
network
low complexity
pepperl-fuchs CWE-476
4.0
2021-01-22 CVE-2020-12513 OS Command Injection vulnerability in Pepperl-Fuchs products
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection.
network
low complexity
pepperl-fuchs CWE-78
critical
9.0
2021-01-22 CVE-2020-12512 Cross-site Scripting vulnerability in Pepperl-Fuchs products
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting
3.5
2021-01-22 CVE-2020-12511 Cross-Site Request Forgery (CSRF) vulnerability in Pepperl-Fuchs products
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web interface.
6.8
2020-10-15 CVE-2020-12504 Hidden Functionality vulnerability in multiple products
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below has an active TFTP-Service.
network
low complexity
pepperl-fuchs korenix westermo CWE-912
7.5
2020-10-15 CVE-2020-12503 Incorrect Authorization vulnerability in multiple products
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to multiple authenticated command injections.
network
low complexity
pepperl-fuchs korenix CWE-863
6.5
2020-10-15 CVE-2020-12502 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to unauthenticated device administration.
6.8
2020-10-15 CVE-2020-12501 Use of Hard-coded Credentials vulnerability in multiple products
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) use undocumented accounts.
network
low complexity
pepperl-fuchs korenix CWE-798
7.5