CyberSec.Space Logo
Back to CVE Browser

CVE-2020-12003

HIGH
7.5
CVSS Severity Score
EPSS Score0.1520%
EPSS Percentile8.57th
PublishedJun 15, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. An exposed API call allows users to provide files to be processed without sanitation. This may allow an attacker to use specially crafted requests to traverse the file system and expose sensitive data on the local hard drive.

Affected Platforms (CPE)

πŸ“¦
Rockwellautomation

Factorytalk Linx

= 6.00
πŸ“¦
Rockwellautomation

Factorytalk Linx

= 6.10
πŸ“¦
Rockwellautomation

Factorytalk Linx

= 6.11
πŸ“¦
Rockwellautomation

Rslinx Classic

<= 4.11.00

References & Advisories

πŸ”— https://www.us-cert.gov/ics/advisories/icsa-20-163-02
πŸ”— https://www.us-cert.gov/ics/advisories/icsa-20-163-02

Related Vulnerabilities

CVE-2020-120019.8

FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and p...

CVE-2020-272519.8

A heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unau...

CVE-2020-120348.2

Products that use EDS Subsystem: Version 28.0.1 and prior (FactoryTalk Linx software (Previously called RSLinx Enterprise): Versio...

CVE-2020-119998.1

FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and p...