VDE-2020-040
Last update
05.10.2020 14:00
Published at
05.10.2020 14:00
Vendor(s)
Pepperl+Fuchs SE
External ID
VDE-2020-040
CSAF Document
Summary
Several critical vulnerabilities within Firmware have been identified. Please consult the CVEs for details.
Impact
Pepperl+Fuchs analyzed and identified affected devices.
Remote attackers may exploit multiple vulnerabilities to get access to the device and
execute any program and tap information.
Affected Product(s)
| Model no. | Product name | Affected versions |
|---|---|---|
| ES7506 | Firmware vers:all/* | |
| ES7506 | Firmware vers:all/* | |
| ES7510 | Firmware vers:all/* | |
| ES7510-XT | Firmware vers:all/* | |
| ES7528 | Firmware vers:all/* | |
| ES8508 | Firmware vers:all/* | |
| ES8508F | Firmware vers:all/* | |
| ES8509-XT | Firmware vers:all/* | |
| ES8510 | Firmware vers:all/* | |
| ES8510-XT | Firmware vers:all/* | |
| ES8510-XTE | Firmware vers:all/* | |
| ES9528/ES9528-XT | Firmware vers:all/* |
Vulnerabilities
Expand / Collapse all
Published
24.09.2025 12:42
Severity
Weakness
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)
References
Mitigation
An external protective measure is required.
1) Traffic from untrusted networks to the device should be blocked by a firewall. Especially
traffic targeting the administration webpage.
2) Administrator and user access should be protected by a secure password and only be
available to a very limited group of people.
Acknowledgments
Pepperl+Fuchs SE thanks the following parties for their efforts:
- CERT@VDE for coordination (see https://certvde.com )
- T.Weber from SEC Consult Vulnerability Lab for reported
Revision History
| Version | Date | Summary |
|---|---|---|
| 1 | 05.10.2020 14:00 | initial revision |