Intrusion PreventionPepperlFuchs.Web.Interface.Authenticated.Command.Injection
Description
This indicates an attack attempt to exploit a Command Injection Vulnerability in Pepperl+Fuchs P+F Comtrol RocketLinx and Korenix JetNet and JetWave devices.
The vulnerability is due to insufficient sanitization of user-supplied inputs. A remote, authenticated attacker may be able to exploit this to execute arbitrary code within the context of the application, via a crafted HTTP request.
Affected Products
Korenix Jetnet 5428G-20SFP
Korenix Jetnet 5810G
Korenix Jetnet 4706F
Korenix Jetnet 4706
Korenix Jetnet 4510
Korenix Jetnet 5010
Korenix Jetnet 5310
Korenix Jetnet 6095
Korenix Jetwave 2212X
Korenix Jetwave 2212S
Korenix Jetwave 2212G
Korenix Jetwave 2311
Korenix Jetwave 3220
Pepperl+Fuchs Comtrol RocketLinx ES7510-XT
Pepperl+Fuchs Comtrol RocketLinx ES8509-XT
Pepperl+Fuchs Comtrol RocketLinx ES8510-XT
Pepperl+Fuchs Comtrol RocketLinx ES9528-XTv2
Pepperl+Fuchs Comtrol RocketLinx ES7506
Pepperl+Fuchs Comtrol RocketLinx ES7510
Pepperl+Fuchs Comtrol RocketLinx ES7528
Pepperl+Fuchs Comtrol RocketLinx ES8508
Pepperl+Fuchs Comtrol RocketLinx ES8508F
Pepperl+Fuchs Comtrol RocketLinx ES8510
Pepperl+Fuchs Comtrol RocketLinx ES8510-XTE
Pepperl+Fuchs Comtrol RocketLinx ES9528/ES9528-XT (all versions)
Pepperl+Fuchs ICRL-M-8RJ45/4SFP-G-DIN
Pepperl+Fuchs ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to multiple authenticated command injections.
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Disable TFTP-Service if not needed.
Apply the latest update from the vendor.
https://downloads.comtrol.com/
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
| ID | 51337 |
| Created | Jun 09, 2022 |
| Updated | Apr 24, 2024 |
| CVE ID | |
| Risk |
|
| Exploit Prediction Score | 6.42% |
| Default Action | drop |
| Active | |
| Affected OS | All |
| Affected App | SCADA |
| Profile Type | OS Command Injection |