CyberSec.Space Logo
Back to CVE Browser

CVE-2020-11999

HIGH
8.1
CVSS Severity Score
EPSS Score0.0900%
EPSS Percentile26.83th
PublishedJun 15, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. An exposed API call allows users to provide files to be processed without sanitation. This may allow an attacker to specify a filename to execute unauthorized code and modify files or data.

Affected Platforms (CPE)

πŸ“¦
Rockwellautomation

Factorytalk Linx

= 6.00
πŸ“¦
Rockwellautomation

Factorytalk Linx

= 6.10
πŸ“¦
Rockwellautomation

Factorytalk Linx

= 6.11
πŸ“¦
Rockwellautomation

Rslinx Classic

<= 4.11.00

References & Advisories

πŸ”— https://www.us-cert.gov/ics/advisories/icsa-20-163-02
πŸ”— https://www.us-cert.gov/ics/advisories/icsa-20-163-02

Related Vulnerabilities

CVE-2020-272519.8

A heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unau...

CVE-2020-120019.8

FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and p...

CVE-2020-120348.2

Products that use EDS Subsystem: Version 28.0.1 and prior (FactoryTalk Linx software (Previously called RSLinx Enterprise): Versio...

CVE-2018-106197.8

An unquoted search path or element in RSLinx Classic Versions 3.90.01 and prior and FactoryTalk Linx Gateway Versions 3.90.00 and ...