CVE-2020-12501

Name: CVE-2020-12501
Creator: NVD / NIST
Published: 2020-10-15T19:15:11.55+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9.8/10EPSS 3.30%

Last modified Jun 17, 2026

CVE-2020-12501 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) use undocumented accounts.. EPSS estimates a 3.30% chance of exploitation in the next 30 days.

Description

Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) use undocumented accounts.

Metrics

CVSS 3.1

9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

3.30%

86.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Pepperl-Fuchs	Es7510-Xt Firmware	All versions
Pepperl-Fuchs	Es8509-Xt Firmware	All versions
Pepperl-Fuchs	Es8510-Xt Firmware	All versions
Pepperl-Fuchs	Es9528-Xtv2 Firmware	All versions
Pepperl-Fuchs	Es7506 Firmware	All versions
Pepperl-Fuchs	Es7510 Firmware	All versions
Pepperl-Fuchs	Es7528 Firmware	All versions
Pepperl-Fuchs	Es8508 Firmware	All versions
Pepperl-Fuchs	Es8508f Firmware	All versions
Pepperl-Fuchs	Es8510 Firmware	All versions
Pepperl-Fuchs	Es8510-Xte Firmware	All versions
Pepperl-Fuchs	Es9528 Firmware	All versions
Pepperl-Fuchs	Es9528-Xt Firmware	All versions
Korenix	Jetnet5428g-20sfp Firmware	All versions
Korenix	Jetnet5810g Firmware	All versions
Korenix	Jetnet4510 Firmware	All versions
Korenix	Jetnet5010 Firmware	All versions
Korenix	Jetnet5310 Firmware	All versions
Korenix	Jetnet6095 Firmware	All versions
Korenix	Jetnet4706 Firmware	All versions
Korenix	Jetwave 3220 Firmware	All versions
Korenix	Jetwave 2311 Firmware	All versions
Korenix	Jetnet4706f Firmware	All versions
Korenix	Jetwave 2212s Firmware	All versions
Korenix	Jetwave 2212g Firmware	All versions
Korenix	Jetwave 2212x Firmware	All versions

References

http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.htmlExploit, Third Party Advisory, VDB Entry
http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.htmlExploit, Third Party Advisory, VDB Entry
http://packetstormsecurity.com/files/167409/Korenix-JetPort-5601V3-Backdoor-Account.htmlExploit, Third Party Advisory
http://seclists.org/fulldisclosure/2021/Jun/0Mailing List, Third Party Advisory
http://seclists.org/fulldisclosure/2022/Jun/3Exploit, Mailing List, Third Party Advisory
https://cert.vde.com/de-de/advisories/vde-2020-040Third Party Advisory
https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/Third Party Advisory
http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.htmlExploit, Third Party Advisory, VDB Entry
http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.htmlExploit, Third Party Advisory, VDB Entry
http://packetstormsecurity.com/files/167409/Korenix-JetPort-5601V3-Backdoor-Account.htmlExploit, Third Party Advisory
http://seclists.org/fulldisclosure/2021/Jun/0Mailing List, Third Party Advisory
http://seclists.org/fulldisclosure/2022/Jun/3Exploit, Mailing List, Third Party Advisory
https://cert.vde.com/de-de/advisories/vde-2020-040Third Party Advisory
https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/Third Party Advisory

Timeline

Published: Oct 15, 2020
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2020-12501?

How severe is CVE-2020-12501?

CVE-2020-12501 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 3.30% probability of exploitation in the next 30 days.

How do I fix CVE-2020-12501?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-12501?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST