MidnightBSD

Advisories for pepperl-fuchs

CVE-2017-5753 MEDIUM

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.6 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N 1.1 4.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-203,

Products Affected

Vendor Product Version
intel core_i3 4158u
intel core_i5 4308u
suse suse_linux_enterprise_software_development_kit 11
synology vs960hd_firmware -
intel xeon_e5_1620_v4 -
intel core_i7 7700t
intel xeon_e3_1270_v2 -
intel atom_c c3950
intel core_i7 5557u
debian debian_linux 9.0
intel xeon_e5_2643_v4 -
intel xeon_bronze_3106 -
intel xeon_e5_2450_v2 -
phoenixcontact bl_rackmount_4u_firmware -
intel xeon_e3_1501l_v6 -
intel core_i7 4510u
phoenixcontact valueline_ipc_firmware -
intel core_i5 4300y
intel atom_z z3785
intel core_i5 3320m
intel xeon_gold 6128
intel core_i5 3330s
intel core_i7 3840qm
intel core_i5 6350hq
suse suse_linux_enterprise_desktop 12
intel atom_c c3958
intel core_i7 720qm
intel xeon_e5 2660
intel atom_c c3858
intel atom_c c3955
intel xeon_e3_1245 -
intel xeon_e7 8880_v2
intel core_i5 4200m
intel core_i7 4712hq
intel xeon_gold 6146
synology diskstation_manager *
intel xeon_e5 4655_v4
intel xeon x5550
intel core_i5 2450p
intel xeon_e5_1660_v2 -
intel xeon_e3_1271_v3 -
intel core_i5 4590t
intel atom_z z3530
intel core_i5 3610me
intel core_i7 660lm
intel xeon_e5_2650l_v3 -
phoenixcontact bl_bpc_2001_firmware -
intel xeon_e5 2699_v4
pepperl-fuchs visunet_rm_shell -
intel core_i7 4558u
phoenixcontact vl2_bpc_9000_firmware -
intel xeon_e3 1515m_v5
intel xeon_phi 7230f
intel xeon_e5_1660_v4 -
intel xeon_e7 2870_v2
intel core_m 5y10
intel xeon_e3_1268l_v3 -
intel xeon_e3_1241_v3 -
intel atom_e e3815
intel core_i7 4500u
intel xeon_e3 1535m_v6
intel core_i7 7500u
intel xeon x3440
intel xeon_e3_1230_v3 -
intel xeon_e5_2620_v3 -
intel core_i3 6098p
phoenixcontact vl2_bpc_7000_firmware -
intel core_i5 8250u
intel xeon_silver 4110
intel core_i3 2100t
intel atom_z z3460
intel core_i5 6400t
intel xeon_e3_1280_v2 -
intel core_i5 8350u
intel core_i3 2130
intel celeron_n n4100
intel core_i5 2400s
intel core_m 5y71
intel core_i3 2102
intel xeon_e5_2450l_v2 -
phoenixcontact bl2_bpc_7000_firmware -
intel celeron_n n2910
intel xeon_bronze_3104 -
intel xeon_e5_2608l_v4 -
phoenixcontact vl2_ppc7_1000_firmware -
intel core_i7 3540m
intel atom_z z2480
intel xeon_e5_2403 -
intel core_i5 4670t
intel pentium_n n3540
phoenixcontact vl_ipc_p7000_firmware -
intel xeon_gold 6126
intel core_i3 6100t
intel atom_x3 c3235rk
intel core_i5 2300
intel core_i3 4102e
intel core_i3 390m
intel core_i3 2330e
intel xeon e5507
intel xeon_e3_1220_v5 -
intel xeon_e7 8891_v3
intel core_i7 7700
intel core_i5 3570
intel core_m 5y51
intel core_i5 4288u
intel xeon l5638
intel xeon_e5_2648l_v4 -
intel core_i7 2635qm
intel core_i7 2637m
intel xeon_e5 2699a_v4
intel xeon_e5_1428l_v2 -
intel core_i5 4260u
intel xeon_e3_1220 -
intel core_i5 2380p
intel xeon x5667
canonical ubuntu_linux 17.10
intel celeron_j j4105
intel xeon_e5_2630_v2 -
intel core_i5 4690t
phoenixcontact vl_bpc_2000_firmware -
intel xeon_e5_2418l_v3 -
arm cortex-r7_firmware -
intel atom_c c2316
intel xeon e5620
intel xeon_e5 2683_v4
intel xeon_e5_2430l -
phoenixcontact bl_ppc_7000_firmware -
intel xeon_e3_1220_v2 -
intel xeon_silver 4108
intel celeron_n n2808
intel xeon_e3_1276_v3 -
intel core_i7 5850eq
intel xeon_e3_1240 -
intel core_i7 620le
intel xeon_e7 8837
intel core_i3 4120u
intel xeon_e5_1650_v4 -
intel xeon_e5_2628l_v2 -
intel atom_x7-e3950 -
intel core_i3 380um
intel core_i3 4170t
intel core_i5 4570
intel core_i7 3667u
intel atom_z z3480
intel xeon e5520
intel xeon x5690
intel xeon_e3_12201 -
phoenixcontact bl_ppc15_3000_firmware -
intel xeon_e7 8857_v2
intel xeon_e3_1265l_v3 -
intel xeon x7560
intel core_i7 870
intel xeon_e3_1235 -
intel core_i7 3720qm
intel core_i5 6500te
intel core_i5 4570te
intel core_i7 4702ec
intel core_i7 2675qm
intel xeon_phi 7290
intel core_i7 2860qm
intel xeon_e5 2687w_v3
intel core_i5 2550k
intel xeon_gold 5119t
intel core_i5 6685r
intel xeon l5630
arm cortex-r8_firmware -
intel xeon_e5 2695_v2
intel xeon_e5 2667_v3
phoenixcontact bl2_ppc_2000_firmware -
intel xeon_e5_2420 -
intel core_i7 970
arm cortex-a77_firmware -
phoenixcontact dl_ppc15m_7000_firmware -
intel core_i5 4302y
intel core_i7 4600m
intel core_i7 4790s
intel xeon_e5_2428l_v2 -
intel xeon_e7 2860
intel core_i5 2510e
intel celeron_n n2830
intel core_m 5y10c
intel core_i3 4025u
intel core_i5 480m
intel core_i5 470um
intel core_i3 4160t
intel core_i7 3610qm
intel xeon_e3_1240l_v3 -
intel core_i3 2310m
intel core_i5 3450s
intel xeon_e5 2699r_v4
intel core_i7 4710mq
intel core_i3 4160
phoenixcontact bl_ppc17_7000_firmware -
intel xeon e6540
intel xeon_e3_1245_v6 -
pepperl-fuchs btc12_firmware -
intel core_i7 990x
intel core_i5 4258u
intel core_i7 4600u
intel core_i5 5675r
intel core_i5 4460
intel xeon_e7 4870_v2
intel xeon_e3_1501m_v6 -
intel xeon_platinum 8170m
intel xeon_e5_2408l_v3 -
intel xeon_e5_2618l_v4 -
intel xeon_e5_1630_v3 -
intel xeon_e7 8894_v4
intel xeon_e5_2603_v3 -
intel xeon_phi 7235
intel core_i3 2100
intel xeon_e3_1230 -
intel xeon_e5 4669_v3
arm cortex-a76_firmware -
intel xeon_e5 2680_v4
oracle local_service_management_system 13.1
arm cortex-a12_firmware -
intel core_i5 4440
intel xeon_e3_1226_v3 -
intel core_i5 560m
intel xeon_phi 7250f
intel pentium_n n3520
intel xeon_e5 2680_v3
intel xeon_e3_1275_v6 -
intel xeon_e3_1240_v2 -
phoenixcontact vl_bpc_1000_firmware -
intel core_i7 930
intel xeon x5660
intel celeron_j j1800
intel core_i7 4860hq
intel xeon_platinum 8153
phoenixcontact dl_ppc18.5m_7000_firmware -
intel core_i5 4210m
intel core_i5 430um
intel atom_c c2338
intel xeon_gold 6148f
phoenixcontact bl_rackmount_2u_firmware -
intel core_i5 4200y
intel core_i5 3360m
intel xeon_e5_1660 -
intel xeon_e5 4640_v4
intel xeon_e5_2470 -
intel xeon_phi 7285
intel xeon_e5 2670_v2
intel core_i5 2520m
phoenixcontact bl2_ppc_1000_firmware -
intel core_i7 7820hq
intel core_i3 3210
intel core_i7 4650u
intel xeon_e5_2440_v2 -
intel xeon_e7 4850_v3
intel core_i5 2310
intel atom_e e3845
intel core_i7 7600u
intel xeon_e5 4640
intel core_i5 4460t
intel xeon x3480
intel core_i7 2920xm
intel xeon_e5_2630l_v3 -
intel core_i3 3220t
intel core_i7 4810mq
intel core_m5 6y57
intel xeon x5560
intel xeon_e5_2630l_v2 -
intel core_i5 520e
intel xeon_e5_2620_v2 -
intel xeon_e7 4807
phoenixcontact dl_ppc21.5m_7000_firmware -
arm cortex-a78_firmware -
intel xeon e5649
intel xeon_gold 6148
intel core_i5 3470
intel xeon x5670
intel xeon_silver 4116
intel atom_z z2420
intel xeon_platinum 8160f
intel core_i5 2500s
intel atom_c c3508
intel core_i7 5950hq
intel pentium_j j4205
intel atom_c c2358
intel celeron_n n2807
intel core_i7 4770hq
phoenixcontact vl2_ppc_3000_firmware -
intel core_i7 620ue
intel core_i7 4790k
intel core_i3 2120
intel core_m5 6y54
intel xeon_gold 6138
intel celeron_n n3000
intel atom_c c2730
intel xeon_e5 2690_v4
intel xeon_gold 5120t
intel core_i7 840qm
intel xeon_e3 1585_v5
intel core_i3 4100e
intel core_i5 4300u
arm cortex-x1_firmware -
intel xeon_e5 4660_v3
intel xeon_e5_2630_v3 -
siemens simatic_winac_rtx_(f)_2010_firmware *
intel core_i7 4700eq
debian debian_linux 8.0
intel xeon_e7 8870_v2
intel celeron_j j1900
intel xeon_e7 8890_v4
intel xeon e5630
intel core_i3 6167u
intel xeon_e7 4830_v4
intel celeron_n n2815
intel core_i5 6600
intel core_i5 560um
intel xeon_e5_2643_v2 -
intel core_i7 920
intel atom_z z3590
intel xeon x7550
intel xeon_e3_1225_v3 -
intel xeon_e5 2680
intel core_i7 960
intel xeon_e5 2667_v2
intel core_i3 3250t
intel xeon_e5_2440 -
intel core_i5 5675c
intel xeon_e5 4640_v2
intel atom_z z3740
intel core_i3 4330t
intel core_i7 3517ue
intel xeon_e5_2630_v4 -
intel core_i5 3470t
intel core_i5 6200u
intel xeon_platinum 8160m
intel celeron_n n2930
intel core_i5 540m
intel xeon_e5_2438l_v3 -
intel xeon_platinum 8164
vmware esxi 6.0
intel xeon_e5 4607_v2
intel xeon_e7 8893_v2
intel xeon w3690
intel core_i7 860s
intel core_i7 3689y
intel xeon_e5 4620_v4
intel xeon_e5 2680_v2
arm cortex-a78ae_firmware -
intel xeon_e3_1240l_v5 -
intel core_i3 4100u
intel xeon_e3_1270_v5 -
intel core_i5 2405s
intel core_i5 680
intel core_i7 3615qm
intel xeon_e5 2697_v3
intel core_i5 3470s
intel xeon_e3_1280_v3 -
intel xeon_e5_2418l -
intel core_i5 2390t
intel atom_z z3736g
intel core_i7 4770r
intel core_i3 6320
phoenixcontact bl_ppc15_1000_firmware -
intel core_i5 3475s
intel core_i5 661
siemens simatic_itc2200_firmware *
intel atom_z z2560
intel xeon_e5_2418l_v2 -
intel core_i5 2430m
intel core_i5 2410m
intel core_i7 4771
phoenixcontact vl2_bpc_3000_firmware -
intel xeon_e5_2609_v3 -
intel xeon_e5 2658_v4
intel core_i7 3635qm
intel xeon_e7 4850_v2
intel core_i3 6100e
intel xeon_e5 2687w_v4
intel xeon_e3_1270_v3 -
intel xeon_e3_1275 -
intel xeon_e5 4667_v4
intel xeon_e5_2609 -
intel core_i7 7920hq
intel xeon_e5_2609_v2 -
intel xeon_e5 4624l_v2
intel xeon_e5 4603_v2
intel core_i5 4202y
intel core_i7 5775c
intel atom_z z3735d
intel core_i7 4960hq
intel core_i3 2340ue
intel xeon x5677
intel xeon e5503
intel core_i5 6400
intel xeon_e5_1680_v3 -
intel xeon_e3_1290_v2 -
intel core_i3 4360
intel xeon e5603
intel core_i3 330um
intel xeon_e5 4610_v2
intel atom_c c3808
intel xeon_e7 8867_v4
intel core_i5 520m
intel core_i5 4670
intel celeron_n n3060
intel xeon l5506
intel atom_z z3795
intel core_i7 8700
intel xeon_e5 4650l
intel core_i7 3615qe
intel xeon_e3_1286_v3 -
intel xeon_e3_1285_v4 -
intel xeon_e3 1545m_v5
intel xeon_e5_2628l_v3 -
intel core_i5 4590
intel xeon_e7 4820_v3
intel xeon_phi 7290f
intel core_i5 3317u
intel xeon_e5_1650_v2 -
intel xeon_e7 2850_v2
intel core_i7 870s
phoenixcontact bl_ppc15_7000_firmware -
intel core_m3 7y30
intel xeon_e5_2643 -
intel core_i3 5015u
intel xeon_e3_1265l_v4 -
intel atom_c c3308
intel xeon x5680
intel xeon_e7 8890_v2
intel celeron_n n2820
intel core_i5 5250u
intel core_i3 4330
phoenixcontact vl2_bpc_1000_firmware -
intel celeron_n n2805
vmware workstation *
intel core_i5 6442eq
intel xeon_gold 6152
intel xeon_e5 4657l_v2
intel core_i5 3230m
intel core_i3 4370
intel core_i7 4700hq
intel xeon_e5 2683_v3
intel xeon e5530
intel core_i5 5575r
intel core_i5 6267u
intel core_i7 2600k
intel core_i7 4702hq
intel xeon e5645
intel core_i3 3229y
intel core_i5 3339y
intel xeon_gold 6150
intel xeon_e5_2630 -
intel core_i5 3330
intel xeon_e3 1585l_v5
intel xeon_e5 4660_v4
intel xeon_platinum 8156
intel core_i7 980x
intel xeon_e7 4809_v2
intel xeon_e5_2643_v3 -
phoenixcontact vl2_bpc_2000_firmware -
intel core_i3 4350
intel core_i7 4785t
intel xeon x3470
intel xeon_e3 1578l_v5
intel xeon_e3 1535m_v5
intel core_i7 4850hq
intel xeon w3680
intel core_i3 4150
intel core_i7 5600u
intel core_i3 2370m
intel xeon_e3_1245_v2 -
intel core_i5 2450m
intel xeon x5687
intel xeon_e5_2420_v2 -
intel core_i7 4770s
canonical ubuntu_linux 12.04
intel core_i3 540
intel core_i5 2500t
intel core_i3 3217ue
intel core_i7 2710qe
intel core_i3 3240
intel core_i7 2760qm
intel atom_z z2520
intel xeon w5590
intel core_i3 4112e
intel core_i7 950
intel core_i7 3770s
intel core_i5 4440s
intel core_i5 4690
intel core_i7 5750hq
intel pentium_n n3510
phoenixcontact vl2_ppc12_1000_firmware -
intel xeon_e5_1620 -
intel xeon_platinum 8160
intel xeon_e5_2608l_v3 -
intel xeon_gold 6154
intel xeon x6550
intel xeon_e3_1220l_v3 -
intel celeron_n n4000
arm cortex-a9_firmware -
phoenixcontact bl_ppc12_1000_firmware -
intel xeon_gold 5122
intel xeon_phi 7210f
intel core_i7 2620m
intel xeon_e5_2630l_v4 -
intel core_i5 4570s
intel core_i3 2377m
intel core_i3 4012y
phoenixcontact bl_bpc_7000_firmware -
intel core_i3 2312m
intel atom_c c2508
intel core_i7 640lm
canonical ubuntu_linux 16.04
intel xeon e5540
intel xeon_e5_2640 -
intel atom_c c3338
intel core_i5 6300u
intel core_i3 4150t
intel core_i5 520um
intel core_i5 4400e
intel xeon_e5 4655_v3
intel core_i3 3217u
intel core_i7 7560u
intel core_i7 4800mq
intel core_m 5y10a
intel atom_z z3775
intel xeon_e5 4620_v2
intel xeon e5607
vmware fusion *
intel xeon_e7 8891_v2
phoenixcontact el_ppc_1000/m_firmware -
oracle solaris 11.3
intel core_i3 4020y
intel xeon_e5_1620_v2 -
intel core_i3 6100h
intel xeon_e5_2603_v4 -
intel core_i3 3240t
intel pentium_n n3710
intel xeon_e5 2695_v3
intel xeon_platinum 8170
intel xeon_e5_2618l_v3 -
intel xeon_e5 2658_v2
intel xeon_e5 2658a_v3
intel xeon l5508
intel xeon_e3_1280_v5 -
intel xeon_platinum 8168
intel core_i5 5350u
intel xeon_gold 6130t
intel core_i5 3340
intel xeon_e3_1246_v3 -
intel xeon_gold 6142f
intel core_i7 740qm
intel xeon_gold 6140m
intel xeon_silver 4116t
phoenixcontact el_ppc_1000_firmware -
intel atom_x3 c3230rk
intel core_i5 3550
intel core_i7 5500u
intel xeon_e3_1505l_v6 -
intel atom_x5-e3940 -
intel core_i5 460m
intel xeon_gold 6130f
intel xeon_e5_2603_v2 -
intel core_i5 4200u
intel xeon_e5_2637_v4 -
intel core_i5 4402ec
intel core_i7 4770t
intel core_i7 7567u
intel core_i7 4610m
intel xeon_e5 2670_v3
intel xeon_e5_1660_v3 -
intel core_i7 3612qm
intel core_i7 7y75
intel atom_x3 c3130
intel xeon_e5 2690
intel xeon_e5_2403_v2 -
intel core_i3 4340te
intel xeon ec5509
intel atom_z z3560
intel core_i7 4722hq
phoenixcontact bl_ppc17_1000_firmware -
intel xeon_e5 4667_v3
phoenixcontact bl_ppc17_3000_firmware -
intel core_i5 6585r
intel xeon_e3_1258l_v4 -
intel core_i5 6402p
intel xeon_gold 6130
intel xeon_e3_1245_v5 -
suse suse_linux_enterprise_server 11
intel xeon_e3_1240_v5 -
intel xeon_e5 4620
intel xeon_platinum 8176m
intel core_i5 4350u
intel xeon_e3 1575m_v5
intel xeon_e5 4617
intel xeon_gold 6142m
intel core_i3 4330te
intel atom_x3 c3205rk
intel xeon_e5_2648l -
intel core_i3 4010u
intel xeon e5502
intel celeron_n n3160
intel xeon_e5 4648_v3
intel core_i7 3770
intel xeon_e7 2820
intel core_i3 3245
intel xeon_e5_2650l -
intel atom_z z2460
intel xeon_e7 2850
intel core_i5 3210m
intel atom_c c2718
intel xeon_e7 8860
intel xeon_e3_1125c -
netapp solidfire -
intel xeon_e5_2450 -
intel xeon_e7 2890_v2
intel xeon_gold 6140
pepperl-fuchs btc14_firmware -
intel xeon e7540
intel core_i5 450m
siemens simatic_itc1500_pro_firmware *
intel xeon_e5 2687w
intel atom_c c2758
intel atom_z z3745
phoenixcontact bl2_bpc_1000_firmware -
intel core_i5 750s
intel core_i7 640um
intel celeron_n n2840
intel pentium_n n4200
intel xeon_e5 2650l_v4
intel xeon_e5 2667_v4
netapp hci -
intel core_i7 3610qe
intel xeon_silver 4114t
intel xeon_e5 2695_v4
intel core_i3 3250
intel xeon l5618
intel xeon_e3_1220_v6 -
intel xeon_e3_1290 -
vmware esxi 5.5.0
intel core_i7 3687u
intel xeon_e5_2428l_v3 -
intel xeon_e5_2628l_v4 -
intel xeon_e7 8891_v4
intel atom_x3 c3295rk
canonical ubuntu_linux 17.04
intel xeon_e7 4809_v4
intel celeron_j j3455
intel core_i5 3337u
intel celeron_j j4005
intel celeron_j j1850
intel core_i5 660
intel core_i5 4670s
intel xeon_e3_1285_v3 -
intel xeon_e5_2470_v2 -
intel core_i3 4005u
intel core_i5 3340s
intel core_i5 4310u
intel core_i5 6600k
intel xeon_e5 2697a_v4
intel core_i7 3630qm
intel xeon_e3_1230l_v3 -
intel core_i3 550
intel xeon_e5 2660_v4
intel xeon e5504
intel xeon_e5_2650_v2 -
intel xeon x5650
intel core_i7 940
intel atom_e e3827
intel xeon_e3 1558l_v5
intel core_i7 2600s
intel xeon_e3_1270_v6 -
intel core_i7 4712mq
intel atom_z z3740d
intel core_i3 6300
intel core_i7 4790t
intel atom_e e3805
opensuse leap 42.3
intel xeon_e5 4669_v4
intel core_i5 3350p
intel celeron_n n3450
intel core_i5 430m
intel core_i7 4770k
intel xeon_e3_1278l_v4 -
intel xeon l3406
intel xeon_gold 6126t
intel xeon_e3_1225_v2 -
intel core_i3 4170
intel core_i3 4100m
intel xeon_e5 2665
intel core_i5 4340m
intel xeon_gold 6134m
intel xeon lc5518
intel core_i5 3570s
synology skynas -
intel xeon l5530
intel core_i5 4410e
intel core_i7 2960xm
intel core_i7 880
intel core_i7 4770
intel core_i5 8600k
intel xeon_e7 4820
intel xeon_e3_1265l_v2 -
intel xeon l3426
siemens simatic_itc1900_pro_firmware *
intel xeon_platinum 8160t
intel core_i3 4030y
intel core_i5 3437u
intel core_i5 6600t
intel celeron_j j1750
intel xeon_e3_1281_v3 -
intel core_i3 3115c
intel core_i5 2537m
intel atom_x3 c3405
intel core_i7 2629m
intel xeon_e5 2690_v2
oracle solaris 10
phoenixcontact vl2_ppc_1000_firmware -
intel xeon_e5_2407 -
intel core_i3 4110m
intel core_i5 3570k
intel core_i7 860
intel xeon_e5_2430l_v2 -
intel xeon_e7 4890_v2
intel core_i3 560
intel xeon_e5 2658
intel xeon l5640
intel atom_c c3850
intel xeon_e3_1260l_v5 -
phoenixcontact dl_ppc15_1000_firmware -
intel core_i5 4570t
intel core_i5 2467m
intel xeon_e7 4850_v4
intel xeon_e7 4870
intel xeon x5570
intel xeon_e5 2667
siemens simatic_itc2200_pro_firmware *
intel xeon_e7 4860
phoenixcontact bl_bpc_3000_firmware -
intel xeon_e5 2698_v3
intel xeon_e5_2430 -
intel core_i3 6100
intel xeon e6510
intel xeon_gold 6138t
intel xeon_e5_2650 -
intel core_i5 3427u
intel xeon_e5_2430_v2 -
intel core_i5 3450
intel xeon_e5 4603
intel atom_z z3736f
intel xeon_e7 4830
intel core_i7 2720qm
intel pentium_n n3700
intel core_i5 8400
intel core_i5 5350h
intel atom_z z3735e
intel celeron_n n3050
intel core_i3 4010y
intel xeon lc5528
intel atom_z z3745d
intel xeon_e5 4650_v2
intel core_i7 4610y
intel xeon_e5 2660_v3
intel xeon_gold 6142
intel xeon l5518
intel xeon_e5 2660_v2
intel xeon_gold 5120
intel xeon_e3_1275_v3 -
intel xeon_e5_2637 -
intel core_i5 6500
intel atom_c c3708
intel xeon e5606
intel celeron_n n2920
intel xeon_e5_2603 -
intel core_i5 760
intel xeon_silver 4114
intel xeon_e3_1505m_v5 -
intel core_i3 2375m
intel core_i5 4570r
phoenixcontact vl_ppc_3000_firmware -
intel xeon_e7 4830_v3
intel core_i7 610e
intel core_i3 4360t
intel xeon_silver 4109t
intel xeon_e5_2640_v2 -
intel core_i7 7700k
intel core_i7 3770t
intel xeon_e7 4820_v2
intel xeon_gold 5115
intel core_i7 2630qm
intel core_i7 4770te
intel atom_c c2558
intel xeon_e3_1240_v6 -
intel xeon_e7 8850
intel core_i7 820qm
intel xeon l5520
intel xeon_e3_1285_v6 -
intel core_i7 3555le
intel atom_x3 c3200rk
intel xeon_e3_1260l -
intel xeon_e5_2620 -
intel xeon_e5 4610_v3
intel core_i3 4000m
intel core_i7 2655le
intel core_i3 6157u
intel atom_e e3825
intel xeon_e3_12201_v2 -
intel xeon_e7 8880_v4
intel core_i5 4310m
siemens simatic_itc1900_firmware *
intel celeron_j j3060
intel core_i3 4130
intel core_i3 4350t
intel core_i3 6100u
intel xeon_e3_1235l_v5 -
intel xeon_e7 8870_v3
intel core_i5 2515e
intel xeon_e5 4627_v2
arm neoverse_n2_firmware -
intel core_i3 4370t
intel core_i7 2677m
intel core_i7 4700mq
intel core_i7 4750hq
intel atom_z z3775d
intel core_i5 580m
intel core_i5 2500
intel core_i5 6440eq
intel xeon ec5539
intel xeon_phi 7250
intel core_m3 6y30
intel core_m3 7y32
intel xeon_e5 4627_v4
suse suse_linux_enterprise_software_development_kit 12
intel xeon_e3_1125c_v2 -
intel xeon_e3 1505m_v6
intel xeon_gold 6132
intel xeon_e5_1680_v4 -
intel core_i5 2400
intel core_i5 4430
phoenixcontact bl_bpc_3001_firmware -
intel core_i5 6260u
intel core_m 5y31
intel xeon_e3_1275_v5 -
intel core_i5 2435m
intel xeon_e5 4620_v3
suse suse_linux_enterprise_server 12
intel core_i7 660um
intel xeon_e5 2658_v3
intel atom_z z3735g
intel core_i3 2348m
intel core_i5 4220y
intel xeon_e7 8867l
intel core_i7 4550u
intel core_i7 4700ec
intel atom_z z3570
intel core_i7 4578u
intel core_i3 3120m
siemens simatic_winac_rtx_(f)_2010_firmware 2010
intel xeon_e3_1285l_v3 -
intel xeon_e5 4627_v3
intel core_i3 2310e
intel xeon_e5 4650
intel core_i5 6360u
intel core_i7 8550u
intel core_i7 620m
intel xeon_e5_2609_v4 -
intel xeon_e5_2623_v3 -
intel core_i5 4670r
arm neoverse_n1_firmware -
intel atom_c c2738
intel core_i7 620um
intel xeon e5506
intel core_i7 5650u
intel xeon_e5_2618l_v2 -
intel atom_c c2538
intel celeron_j j3160
intel core_i3 350m
intel core_i3 6102e
intel xeon_e3_1270 -
intel core_i7 640m
intel core_i5 4300m
intel xeon_e3_1280 -
intel xeon_e7 8860_v3
intel core_i7 3537u
intel xeon_e3_1268l_v5 -
intel core_i5 4670k
intel xeon x3460
intel core_i7 680um
intel xeon_platinum 8180
intel core_i3 3220
intel xeon_e7 8830
intel xeon_e5_2648l_v2 -
intel xeon_e7 8870_v4
intel atom_z z2760
intel xeon_e5_2650l_v2 -
intel xeon_e5_2620_v4 -
intel core_i7 965
intel xeon_e7 8880_v3
intel core_i3 6006u
intel core_i3 370m
intel core_i5 6500t
intel core_m7 6y75
intel core_i3 2115c
intel core_i3 2365m
intel core_i3 5157u
intel xeon_e7 4830_v2
intel core_i7 3632qm
intel celeron_n n2806
intel xeon_e3_1275_v2 -
intel xeon_e7 8867_v3
intel core_i5 3439y
intel core_i7 3520m
intel xeon x3430
intel core_i5 655k
intel xeon_e5 4650_v3
intel xeon_e7 4880_v2
intel core_i7 5550u
intel xeon_e5_2623_v4 -
intel xeon_e7 2870
siemens simatic_itc1500_firmware *
phoenixcontact el_ppc_1000/wt_firmware -
intel core_i7 2617m
intel xeon_e3_1225 -
intel xeon_gold 6126f
intel xeon_e7 2880_v2
intel pentium_n n3530
intel core_i5 5257u
intel core_i7 3820qm
intel celeron_n n2810
intel core_i5 3380m
intel xeon_e3_1240_v3 -
intel core_i3 2330m
phoenixcontact bl2_ppc_7000_firmware -
intel xeon l7555
intel xeon_e7 2803
intel xeon_e3_1231_v3 -
intel core_i3 3225
intel xeon_platinum 8158
intel core_i5 6440hq
intel core_i7 4910mq
intel atom_c c3750
intel core_i5 650
intel xeon_gold 6134
arm cortex-a73_firmware -
intel core_i3 6300t
intel core_i7 4702mq
intel atom_e e3826
intel core_i5 750
intel core_i5 6287u
intel core_i7 2715qe
intel xeon e7520
intel xeon_e3_1220_v3 -
intel core_i3 2105
intel xeon l7545
intel xeon x3450
intel xeon_phi 7295
intel xeon_e3_1105c_v2 -
intel atom_c c3830
intel atom_z z3735f
synology virtual_machine_manager *
intel atom_c c2516
intel atom_c c2518
intel core_i5 3550s
intel core_i7 3612qe
intel atom_c c2530
intel xeon_e3_1275l_v3 -
intel xeon_e5 2699_v3
synology vs360hd_firmware -
intel xeon_e3_1280_v6 -
intel xeon_e5 4640_v3
oracle local_service_management_system 13.2
intel xeon_platinum 8176f
intel xeon_gold 6144
intel xeon_e5_1630_v4 -
intel xeon_e7 8870
intel xeon w5580
arm cortex-a72_firmware -
intel core_i5 2320
intel core_i3 5010u
intel celeron_n n3150
phoenixcontact vl_ppc_2000_firmware -
intel core_i7 2820qm
intel core_i7 7660u
intel xeon_silver 4112
intel xeon_e5_2640_v4 -
intel core_i7 2649m
intel xeon_e7 2830
intel core_i3 2125
intel core_i3 8350k
intel core_i5 4278u
intel xeon_e7 4860_v2
intel core_i7 940xm
intel core_i5 4210h
intel core_i3 8100
intel core_i3 3120me
intel xeon_e5_2448l -
intel xeon_e5_2448l_v2 -
intel core_i5 2500k
intel core_i3 2328m
intel xeon_e5_2650_v3 -
intel core_i7 660ue
intel core_i7 4980hq
intel core_i5 4430s
arm cortex-a75_firmware -
intel core_i5 2540m
intel pentium_j j2850
intel atom_c c3558
intel atom_z z3770d
intel xeon_e7 8890_v3
intel xeon_e5_2450l -
arm cortex-a8_firmware -
intel core_i5 3340m
intel atom_c c2750
synology router_manager *
intel core_i7 3517u
intel core_i5 540um
intel atom_z z2580
intel core_i5 4690s
intel xeon_e3_1245_v3 -
intel xeon e5640
intel celeron_n n3350
intel xeon_e5 4607
intel core_i5 4210u
intel core_i5 4200h
intel core_i7 5700eq
phoenixcontact bl_bpc_2000_firmware -
intel xeon_e3_1230_v5 -
intel core_i3 4130t
phoenixcontact bl_bpc_7001_firmware -
intel xeon w3670
intel xeon_gold 6138f
intel xeon x5647
intel xeon_gold 5118
intel xeon_e3_1230_v2 -
intel core_i7 3740qm
intel core_i7 4870hq
intel xeon_e5_2428l -
intel atom_c c2550
phoenixcontact vl2_ppc_2000_firmware -
intel xeon_e5_1650_v3 -
vmware esxi 6.5
phoenixcontact vl_bpc_3000_firmware -
intel xeon_e7 8893_v4
intel xeon_e7 8860_v4
intel xeon_platinum 8176
intel core_i5 4690k
intel core_i7 8700k
intel core_i5 4590s
intel xeon_phi 7230
intel pentium_j j2900
intel core_i5 5300u
intel xeon_e3_1230_v6 -
intel xeon_e5_2640_v3 -
intel core_i7 4950hq
intel core_i5 670
intel core_i7 975
intel core_i7 3770k
intel xeon_e3_1505l_v5 -
intel xeon_e5 2698_v4
intel core_i7 4720hq
intel celeron_n n3010
intel core_i7 5700hq
intel xeon_e3_1286l_v3 -
intel pentium_j j3710
intel core_i3 2367m
intel xeon ec5549
phoenixcontact vl2_ppc_9000_firmware -
intel xeon_e5_2630l -
intel xeon_gold 6136
intel xeon_e-1105c -
intel core_i7 8650u
intel xeon_phi 7210
intel core_i3 530
intel core_i7 2600
intel xeon_e5_2637_v2 -
intel core_i7 5850hq
intel xeon_e5_1428l -
intel xeon_e7 4850
phoenixcontact vl2_ppc9_1000_firmware -
intel xeon_e5 2697_v2
intel core_i7 7820eq
intel xeon_e5_1650 -
intel atom_z z3580
intel core_i5 4210y
intel atom_c c2308
opensuse leap 42.2
intel core_i3 3110m
intel core_i7 2670qm
canonical ubuntu_linux 14.04
intel xeon_e5_1428l_v3 -
intel xeon_e7 4809_v3
intel core_i7 7700hq
intel xeon_e3_1225_v6 -
intel xeon_e7 8893_v3
intel atom_x5-e3930 -
intel atom_c c3758
intel xeon_e3 1565l_v5
arm cortex-a57_firmware -
intel atom_c c3538
intel core_i7 4900mq
intel core_i5 4360u
intel core_i5 5200u
intel xeon_e7 8880l_v2
phoenixcontact bl_ppc_1000_firmware -
intel celeron_n n2940
intel xeon_e5 4650_v4
intel xeon_e5_2648l_v3 -
intel core_i5 4250u
intel xeon_e7 8850_v2
intel core_i5 2557m
intel core_i5 4460s
intel core_i5 4402e
intel core_i7 875k
intel core_i3 2350m
intel core_i3 5020u
intel core_i5 3570t
intel xeon_e5 2697_v4
intel xeon_e5_1620_v3 -
oracle local_service_management_system 13.3
intel core_i5 4330m
intel xeon x5672
intel xeon_e7 8880l_v3
intel xeon_e3_1285l_v4 -
intel core_i7 2640m
intel xeon_e5 4610_v4
intel core_i3 5005u
intel core_i7 2610ue
intel xeon_e3_1225_v5 -
intel xeon_e5_2637_v3 -
intel xeon e7530
intel core_i3 3130m
intel xeon_e5 4610
intel core_i7 4760hq
intel core_i7 4765t
phoenixcontact bl2_bpc_2000_firmware -
intel core_i7 4710hq
intel xeon l5609
intel core_i7 2700k
intel core_i3 2357m
intel core_i3 6100te
intel core_i3 4340
intel atom_c c2350
intel core_i7 5775r
intel core_i5 4422e
intel xeon_e5_2650_v4 -
intel core_i7 2657m
phoenixcontact vl2_ppc_7000_firmware -
intel xeon_e5_2407_v2 -
intel core_i3 380m
intel xeon_e5 2687w_v2
intel xeon_e7 4820_v4
intel core_i3 4110e
intel xeon x5675
intel core_i3 330e
intel core_i3 330m
intel core_i3 4030u
intel core_i3 3227u
intel core_i7 4790
intel xeon_e5 2670
intel core_i7 920xm
arm cortex-a17_firmware -
intel core_i3 2120t
intel xeon x7542
intel atom_x3 c3265rk
intel atom_z z3770
intel core_i5 5287u
intel xeon_e5 2690_v3
intel core_m 5y70
intel core_i7 7820hk
intel celeron_j j3355
intel core_i7 980
intel xeon_e5 4628l_v4
intel core_i5 6300hq
intel core_i7 620lm
intel atom_x3 c3445
arm cortex-a15_firmware -
CVE-2020-12500 HIGH

Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) allows unauthenticated device administration.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
info@cert.vde.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-306,CWE-306,

Products Affected

Vendor Product Version
pepperl-fuchs es7528_firmware *
pepperl-fuchs es9528_firmware *
pepperl-fuchs es9528-xt_firmware *
pepperl-fuchs es8510-xt_firmware *
pepperl-fuchs es8510-xte_firmware *
pepperl-fuchs es8510_firmware *
pepperl-fuchs es8509-xt_firmware *
pepperl-fuchs es8508f_firmware *
pepperl-fuchs es9528-xtv2_firmware *
pepperl-fuchs es7510-xt_firmware *
pepperl-fuchs es8508_firmware *
pepperl-fuchs es7510_firmware *
pepperl-fuchs es7506_firmware *
CVE-2020-12501 HIGH

Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) use undocumented accounts.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,CWE-798,

Products Affected

Vendor Product Version
pepperl-fuchs es7528_firmware *
korenix jetnet5810g_firmware -
korenix jetwave_3220_firmware -
korenix jetnet4706f_firmware -
pepperl-fuchs es9528_firmware *
korenix jetnet6095_firmware -
pepperl-fuchs es8510-xte_firmware *
korenix jetwave_2212s_firmware -
korenix jetnet4706_firmware -
pepperl-fuchs es8510_firmware *
pepperl-fuchs es8508f_firmware *
korenix jetnet4510_firmware -
pepperl-fuchs es7510_firmware *
korenix jetwave_2212x_firmware -
pepperl-fuchs es9528-xt_firmware *
pepperl-fuchs es8510-xt_firmware *
korenix jetnet5310_firmware -
korenix jetwave_2212g_firmware -
korenix jetnet5010_firmware -
pepperl-fuchs es8509-xt_firmware *
pepperl-fuchs es9528-xtv2_firmware *
korenix jetwave_2311_firmware -
korenix jetnet5428g-20sfp_firmware -
pepperl-fuchs es7510-xt_firmware *
pepperl-fuchs es8508_firmware *
pepperl-fuchs es7506_firmware *
CVE-2020-12502 MEDIUM

Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to unauthenticated device administration.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,CWE-352,

Products Affected

Vendor Product Version
pepperl-fuchs es7528_firmware *
korenix jetnet_5428g-20sfp_firmware -
korenix jetnet_6095_firmware -
pepperl-fuchs icrl-m-16rj45/4cp-g-din_firmware *
pepperl-fuchs es9528_firmware *
pepperl-fuchs es9528-xt_firmware *
pepperl-fuchs es8510-xt_firmware *
pepperl-fuchs icrl-m-8rj45/4sfp-g-din_firmware *
pepperl-fuchs es8510-xte_firmware *
korenix jetnet_5810g_firmware -
pepperl-fuchs es8510_firmware *
pepperl-fuchs es8509-xt_firmware *
pepperl-fuchs es8508f_firmware *
pepperl-fuchs es9528-xtv2_firmware *
korenix jetnet_4706f_firmware -
pepperl-fuchs es7510-xt_firmware *
pepperl-fuchs es8508_firmware *
korenix jetnet_5010_firmware -
pepperl-fuchs es7510_firmware *
korenix jetnet_4706_firmware -
korenix jetnet_5310_firmware -
pepperl-fuchs es7506_firmware *
korenix jetnet_4510_firmware -
CVE-2020-12503 MEDIUM

Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to multiple authenticated command injections.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-863,CWE-863,

Products Affected

Vendor Product Version
pepperl-fuchs es7528_firmware *
korenix jetnet_6095_firmware -
korenix jetwave_3220_firmware -
pepperl-fuchs es9528_firmware *
pepperl-fuchs es8510-xte_firmware *
korenix jetnet_5810g_firmware -
korenix jetwave_2212s_firmware -
pepperl-fuchs es8510_firmware *
pepperl-fuchs es8508f_firmware *
korenix jetnet_5010_firmware -
pepperl-fuchs es7510_firmware *
korenix jetnet_4510_firmware -
korenix jetnet_5428g-20sfp_firmware -
korenix jetwave_2212x_firmware -
pepperl-fuchs icrl-m-16rj45/4cp-g-din_firmware *
pepperl-fuchs icrl-m-16rj45/4cp-g-din_firmware -
pepperl-fuchs icrl-m-8rj45/4sfp-g-din_firmware -
pepperl-fuchs es9528-xt_firmware *
pepperl-fuchs es8510-xt_firmware *
pepperl-fuchs icrl-m-8rj45/4sfp-g-din_firmware *
korenix jetwave_2212g_firmware -
pepperl-fuchs es8509-xt_firmware *
pepperl-fuchs es9528-xtv2_firmware *
korenix jetwave_2311_firmware -
korenix jetnet_4706f_firmware -
pepperl-fuchs es7510-xt_firmware *
pepperl-fuchs es8508_firmware *
korenix jetnet_4706_firmware -
korenix jetnet_5310_firmware -
pepperl-fuchs es7506_firmware *
CVE-2020-12504 HIGH

Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below has an active TFTP-Service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
info@cert.vde.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-912,NVD-CWE-Other,

Products Affected

Vendor Product Version
pepperl-fuchs es7528_firmware *
korenix jetwave_5810g_firmware 1.1
korenix jetwave_4706_firmware 2.3b
korenix jetwave_3220_firmware 1.2
pepperl-fuchs es9528_firmware *
korenix jetwave_2311_firmware 1.2
korenix jetwave_5010_firmware 3.1a
pepperl-fuchs es8510-xte_firmware *
pepperl-fuchs es8510_firmware *
westermo pmi-110-f2g_firmware 1.5
pepperl-fuchs es8508f_firmware *
korenix jetwave_4706f_firmware 2.3b
pepperl-fuchs es7510_firmware *
korenix jetwave_2212g_firmware 1.4
korenix jetwave_2212s_firmware 1.5
korenix jetwave_4510_firmware 3.0b
pepperl-fuchs icrl-m-16rj45/4cp-g-din_firmware *
pepperl-fuchs es9528-xt_firmware *
pepperl-fuchs es8510-xt_firmware *
pepperl-fuchs icrl-m-8rj45/4sfp-g-din_firmware *
korenix jetwave_3420_firmware 1.1.3t
korenix jetwave_5428g-20sfp_firmware 1.0
korenix jetwave_2212x_firmware 1.5
korenix jetwave_5310_firmware 1.5
pepperl-fuchs es8509-xt_firmware *
pepperl-fuchs es9528-xtv2_firmware *
pepperl-fuchs es7510-xt_firmware *
pepperl-fuchs es8508_firmware *
pepperl-fuchs es7506_firmware *
CVE-2020-12511 MEDIUM

Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web interface.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,CWE-352,

Products Affected

Vendor Product Version
pepperl-fuchs io-link_master_dr-8-eip_firmware *
pepperl-fuchs io-link_master_8-pnio_firmware *
pepperl-fuchs io-link_master_dr-8-pnio-t_firmware *
pepperl-fuchs io-link_master_dr-8-pnio_firmware *
pepperl-fuchs io-link_master_8-eip_firmware *
pepperl-fuchs io-link_master_8-eip-l_firmware *
pepperl-fuchs io-link_master_dr-8-eip-p_firmware *
pepperl-fuchs io-link_master_8-pnio-l_firmware *
pepperl-fuchs io-link_master_dr-8-pnio-p_firmware *
pepperl-fuchs io-link_master_4-eip_firmware *
pepperl-fuchs io-link_master_4-pnio_firmware *
pepperl-fuchs io-link_master_dr-8-eip-t_firmware *
CVE-2020-12512 LOW

Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7
info@cert.vde.com 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.6 5.9

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
pepperl-fuchs io-link_master_dr-8-eip_firmware *
pepperl-fuchs io-link_master_8-pnio_firmware *
pepperl-fuchs io-link_master_dr-8-pnio-t_firmware *
pepperl-fuchs io-link_master_dr-8-pnio_firmware *
pepperl-fuchs io-link_master_8-eip_firmware *
pepperl-fuchs io-link_master_8-eip-l_firmware *
pepperl-fuchs io-link_master_dr-8-eip-p_firmware *
pepperl-fuchs io-link_master_8-pnio-l_firmware *
pepperl-fuchs io-link_master_dr-8-pnio-p_firmware *
pepperl-fuchs io-link_master_4-eip_firmware *
pepperl-fuchs io-link_master_4-pnio_firmware *
pepperl-fuchs io-link_master_dr-8-eip-t_firmware *
CVE-2020-12513 HIGH

Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.6 5.9
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
pepperl-fuchs io-link_master_dr-8-eip_firmware *
pepperl-fuchs io-link_master_8-pnio_firmware *
pepperl-fuchs io-link_master_dr-8-pnio-t_firmware *
pepperl-fuchs io-link_master_dr-8-pnio_firmware *
pepperl-fuchs io-link_master_8-eip_firmware *
pepperl-fuchs io-link_master_8-eip-l_firmware *
pepperl-fuchs io-link_master_dr-8-eip-p_firmware *
pepperl-fuchs io-link_master_8-pnio-l_firmware *
pepperl-fuchs io-link_master_dr-8-pnio-p_firmware *
pepperl-fuchs io-link_master_4-eip_firmware *
pepperl-fuchs io-link_master_4-pnio_firmware *
pepperl-fuchs io-link_master_dr-8-eip-t_firmware *
CVE-2020-12514 MEDIUM

Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 6.6 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.7 5.9
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,CWE-476,

Products Affected

Vendor Product Version
pepperl-fuchs io-link_master_dr-8-eip_firmware *
pepperl-fuchs io-link_master_8-pnio_firmware *
pepperl-fuchs io-link_master_dr-8-pnio-t_firmware *
pepperl-fuchs io-link_master_dr-8-pnio_firmware *
pepperl-fuchs io-link_master_8-eip_firmware *
pepperl-fuchs io-link_master_8-eip-l_firmware *
pepperl-fuchs io-link_master_dr-8-eip-p_firmware *
pepperl-fuchs io-link_master_8-pnio-l_firmware *
pepperl-fuchs io-link_master_dr-8-pnio-p_firmware *
pepperl-fuchs io-link_master_4-eip_firmware *
pepperl-fuchs io-link_master_4-pnio_firmware *
pepperl-fuchs io-link_master_dr-8-eip-t_firmware *
CVE-2020-12525 MEDIUM

M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-502,CWE-502,

Products Affected

Vendor Product Version
wago fdtcontainer_component *
pepperl-fuchs pactware *
emerson rosemount_transmitter_interface_software -
wago dtminspector_3 -
pepperl-fuchs io-link_master_firmware *
weidmueller wi_manager *
wago fdtcontainer_application *
CVE-2021-20986 MEDIUM

A Denial of Service vulnerability was found in Hilscher PROFINET IO Device V3 in versions prior to V3.14.0.7. This may lead to unexpected loss of cyclic communication or interruption of acyclic communication.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
info@cert.vde.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
pepperl-fuchs oit500-f113b17-cb_firmware *
pepperl-fuchs pha_firmware *
pepperl-fuchs pcv100-f200-b17-v1d-6011-6997_firmware *
pepperl-fuchs pgv100-f200-b17-v1d-7477_firmware *
pepperl-fuchs pgv100aq-f200-b28-v1d_firmware *
pepperl-fuchs wcs_firmware *
hilscher profinet_io_device_firmware *
pepperl-fuchs pcv100-f200-b17-v1d-6011_firmware *
pepperl-fuchs pgv100-f200a-b17-v1d_firmware *
pepperl-fuchs pxv100aq-f200-b28-v1d-6011_firmware *
pepperl-fuchs pgv150i-f200a-b17-v1d_firmware *
pepperl-fuchs pcv80-f200-b17-v1d_firmware *
pepperl-fuchs pxv100-f200-b17-v1d-3636_firmware *
pepperl-fuchs pgv100a-f200-b28-v1d_firmware *
pepperl-fuchs pxv100-f200-b17-v1d_firmware *
pepperl-fuchs pcv100-f200-b17-v1d_firmware *
pepperl-fuchs pxv100a-f200-b28-v1d_firmware *
pepperl-fuchs pxv100a-f200-b28-v1d-6011_firmware *
pepperl-fuchs pgv100aq-f200a-b28-v1d_firmware *
pepperl-fuchs pxv100aq-f200-b28-v1d_firmware *
pepperl-fuchs ohv-f230-b17_firmware *
pepperl-fuchs pgv100a-f200a-b28-v1d_firmware *
pepperl-fuchs pcv50-f200-b17-v1d_firmware *
pepperl-fuchs pcv100-f200-b17-v1d-6011-8203_firmware *
CVE-2021-20987 HIGH

A denial of service and memory corruption vulnerability was found in Hilscher EtherNet/IP Core V2 prior to V2.13.0.21that may lead to code injection through network or make devices crash without recovery.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H 3.9 4.0
info@cert.vde.com 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H 3.9 4.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
pepperl-fuchs pxv100i-f200-b25-v1d_firmware *
hilscher ethernet/ip_adapter_firmware *
pepperl-fuchs pcv50-f200-b25-v1d_firmware *
pepperl-fuchs pcv80-f200-b25-v1d_firmware *
pepperl-fuchs wcs_firmware *
pepperl-fuchs pcv100-f200-b25-v1d-6011_firmware *
pepperl-fuchs pxv100-f200-b25-v1d_firmware *
pepperl-fuchs pcv100-f200-b25-v1d-6011-6720_firmware *
CVE-2021-20988 MEDIUM

In Hilscher rcX RTOS versions prios to V2.1.14.1 the actual UDP packet length is not verified against the length indicated by the packet. This may lead to a denial of service of the affected device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H 3.9 4.0
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-119,

Products Affected

Vendor Product Version
pepperl-fuchs ice1-8di8do-g60l-c1-v1d_firmware *
pepperl-fuchs ice1-8iol-g30l-v1d_firmware *
hilscher rcx_rtos *
pepperl-fuchs ice1-8iol-s2-g60l-v1d_firmware *
pepperl-fuchs ice1-16di-g60l-v1d_firmware *
pepperl-fuchs ice1-8iol-g60l-v1d_firmware *
pepperl-fuchs ice1-8di8do-g60l-v1d_firmware *
pepperl-fuchs ice1-16dio-g60l-c1-v1d_firmware *
pepperl-fuchs ice1-16dio-g60l-v1d_firmware *
CVE-2021-33555 MEDIUM

In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.7 the filename parameter is vulnerable to unauthenticated path traversal attacks, enabling read access to arbitrary files on the server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
pepperl-fuchs wha-gw-f2d2-0-as-z2-eth_firmware *
pepperl-fuchs wha-gw-f2d2-0-as-_z2-eth.eip_firmware *
CVE-2021-34559 MEDIUM

In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 a vulnerability may allow remote attackers to rewrite links and URLs in cached pages to arbitrary strings.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4
info@cert.vde.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N 2.8 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-444,

Products Affected

Vendor Product Version
pepperl-fuchs wha-gw-f2d2-0-as-z2-eth_firmware *
pepperl-fuchs wha-gw-f2d2-0-as-z2-eth.eip_firmware *
CVE-2021-34560 LOW

In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contains a password field with autocomplete enabled. The stored credentials can be captured by an attacker who gains control over the user's computer. Therefore the user must have logged in at least once.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 1.8 3.6
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-522,CWE-522,

Products Affected

Vendor Product Version
pepperl-fuchs wha-gw-f2d2-0-as-z2-eth_firmware *
pepperl-fuchs wha-gw-f2d2-0-as-z2-eth.eip_firmware *
CVE-2021-34561 MEDIUM

In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 serious issue exists, if the application is not externally accessible or uses IP-based access restrictions. Attackers can use DNS Rebinding to bypass any IP or firewall based access restrictions that may be in place, by proxying through their target's browser.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9
info@cert.vde.com 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H 1.6 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-350,

Products Affected

Vendor Product Version
pepperl-fuchs wha-gw-f2d2-0-as-z2-eth_firmware *
pepperl-fuchs wha-gw-f2d2-0-as-z2-eth.eip_firmware *
CVE-2021-34562 MEDIUM

In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 it is possible to inject arbitrary JavaScript into the application's response.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7
info@cert.vde.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N 2.8 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
pepperl-fuchs wha-gw-f2d2-0-as-z2-eth.eip_firmware 3.0.8
pepperl-fuchs wha-gw-f2d2-0-as-z2-eth_firmware 3.0.8
CVE-2021-34563 LOW

In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 and 3.0.9 the HttpOnly attribute is not set on a cookie. This allows the cookie's value to be read or set by client-side JavaScript.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N 1.8 1.4
nvd@nist.gov 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 1.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-1004,

Products Affected

Vendor Product Version
pepperl-fuchs wha-gw-f2d2-0-as-z2-eth.eip_firmware 3.0.8
pepperl-fuchs wha-gw-f2d2-0-as-z2-eth_firmware 3.0.9
pepperl-fuchs wha-gw-f2d2-0-as-z2-eth.eip_firmware 3.0.9
pepperl-fuchs wha-gw-f2d2-0-as-z2-eth_firmware 3.0.8
CVE-2021-34564 LOW

Any cookie-stealing vulnerabilities within the application or browser would enable an attacker to steal the user's credentials to the PEPPERL+FUCHS WirelessHART-Gateway 3.0.9.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 1.8 3.6
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-315,

Products Affected

Vendor Product Version
pepperl-fuchs wha-gw-f2d2-0-as-z2-eth_firmware 3.0.9
pepperl-fuchs wha-gw-f2d2-0-as-_z2-eth.eip_firmware 3.0.9
CVE-2021-34565 HIGH

In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded credentials.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,

Products Affected

Vendor Product Version
pepperl-fuchs wha-gw-f2d2-0-as-z2-eth_firmware *
pepperl-fuchs wha-gw-f2d2-0-as-z2-eth.eip_firmware *
CVE-2024-6421

An unauthenticated remote attacker can read out sensitive device information through a incorrectly configured FTP service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
pepperl-fuchs oit700-f113-b12-cb_firmware *
pepperl-fuchs oit500-f113-b12-cb_firmware *
pepperl-fuchs oit200-f113-b12-cb_firmware *
pepperl-fuchs oit1500-f113-b12-cb_firmware *
CVE-2024-6422

An unauthenticated remote attacker can manipulate the device via Telnet, stop processes, read, delete and change data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
pepperl-fuchs oit700-f113-b12-cb_firmware *
pepperl-fuchs oit500-f113-b12-cb_firmware *
pepperl-fuchs oit200-f113-b12-cb_firmware *
pepperl-fuchs oit1500-f113-b12-cb_firmware *