Cybersecurity specialists have reported finding multiple vulnerabilities in PEPPERL+FUCHS RocketLinx Series industrial switches. It appears that exploiting these flaws would allow threat actors to perform multiple variants of malicious attacks.
Below are brief reports of the vulnerabilities found, in addition to their respective identification keys and scores according to the Common Vulnerability Scoring System (CVSS). It is important to note that these vulnerabilities have not been fixed by the manufacturer.
CVE-2020-12500: Affected devices can be managed through a Windows client program called “Jet View”, which could be leveraged by remote threat actors to send a specially designed request and bypass access restrictions on the affected system.
This is a severe vulnerability that received a score of 9/10, cybersecurity experts mention.
CVE-2020-12501: Using hard-code credentials in application code would allow unauthenticated malicious hackers to access the affected system using the credentials of a target user.
This flaw received a score of 9/10 and its exploitation could lead to the total compromise of the affected system.
CVE-2020-12502: This flaw exists due to incorrect validation of the source of an HTTP request. Threat actors could trick a target user into redirecting them to a specially designed web page and performing malicious actions in the context of a vulnerable website.
This flaw received a score of 5.6/10.
CVE-2020-12503: Incorrect input validation would allow a remote administrator to pass specially designed data to the application and execute arbitrary commands on the target system.
According to cybersecurity experts, this flaw received a score of 6.6/10.
CVE-2020-12504: A backdoor can be present in the software. Remote threat actors can use this flaw to access the vulnerable application and compromise the affected system.
This flaw received a score of 9/10.
The list of products affected by these flaws is as follows:
- RocketLinx ES7510-XT
- RocketLinx ES8509-XT
- RocketLinx ES8510-XT
- RocketLinx ES9528-XTv2
- RocketLinx ES7506
- RocketLinx ES7510
- RocketLinx ES7528
- RocketLinx ES8508
- RocketLinx ES8508F
- RocketLinx ES8510
- RocketLinx ES8510-XTE
- RocketLinx ES9528/ES9528-XT
While the flaws have not been corrected and could be exploited by unauthenticated remote threat actors, experts point out that no attempts at active exploitation or the presence of any malware linked to the attack have been identified.