CyberSec.Space Logo
返回 CVE 浏览器

CVE-2020-12003

HIGH
7.5
CVSS Severity Score
EPSS Score0.1520%
EPSS Percentile8.57th
Published2020年6月15日
Last Modified2024年11月21日

Vulnerability Description

FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. An exposed API call allows users to provide files to be processed without sanitation. This may allow an attacker to use specially crafted requests to traverse the file system and expose sensitive data on the local hard drive.

Affected Platforms (CPE)

📦
Rockwellautomation

Factorytalk Linx

= 6.00
📦
Rockwellautomation

Factorytalk Linx

= 6.10
📦
Rockwellautomation

Factorytalk Linx

= 6.11
📦
Rockwellautomation

Rslinx Classic

<= 4.11.00

References & Advisories

🔗 https://www.us-cert.gov/ics/advisories/icsa-20-163-02
🔗 https://www.us-cert.gov/ics/advisories/icsa-20-163-02

相关漏洞威胁

CVE-2020-120019.8

FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and p...

CVE-2020-272519.8

A heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unau...

CVE-2020-120348.2

Products that use EDS Subsystem: Version 28.0.1 and prior (FactoryTalk Linx software (Previously called RSLinx Enterprise): Versio...

CVE-2020-119998.1

FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and p...