Pepperl+Fuchs: Comtrol RocketLinx ICRL-M - Multiple Vulnerabilities

VDE-2020-053

Last update

22.05.2025 15:03

Published at

08.03.2021 14:44

Vendor(s)

Pepperl+Fuchs SE

External ID

VDE-2020-053

CSAF Document

Download

Summary

Several critical vulnerabilities within firmware.

Impact

Pepperl+Fuchs analyzed and identified affected devices.
Remote attackers may exploit multiple vulnerabilities to get access to the device and execute any program and tap information.

Affected Product(s)

Model no.	Product name	Affected versions
	Hardware ICRL-M-16RJ45/4CP-G-DIN	Firmware <=1.3.1
	Hardware ICRL-M-8RJ45/4SFP-G-DIN	Firmware <=1.3.1

Vulnerabilities

Expand / Collapse all

Published

22.09.2025 14:58

Severity

9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weakness

Hidden Functionality (CWE-912)

References

cve.org | nvd.nist.gov

Published

22.09.2025 14:58

Severity

8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Weakness

Cross-Site Request Forgery (CSRF) (CWE-352)

References

cve.org | nvd.nist.gov

Published

22.09.2025 14:58

Severity

7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Weakness

Improper Input Validation (CWE-20)

References

cve.org | nvd.nist.gov

Revision History

Version	Date	Summary
1	08.03.2021 14:44	initial revision
2	12.02.2025 17:48	Fix: corrected self-reference, fixed version
3	22.05.2025 15:03	Fix: reference category, added distribution, quotation mark

Pepperl+Fuchs: Comtrol RocketLinx ICRL-M - Multiple Vulnerabilities

Summary

Impact

Affected Product(s)

Vulnerabilities

CVE-2020-12504 9.8

CVE-2020-12502 8.8

CVE-2020-12503 7.2

Revision History