CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2020-12001

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0740%
EPSS Percentile16.68th
Published2020年6月15日
Last Modified2024年11月21日

Vulnerability Description

FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. The parsing mechanism that processes certain file types does not provide input sanitation. This may allow an attacker to use specially crafted files to traverse the file system and modify or expose sensitive data or execute arbitrary code.

Affected Platforms (CPE)

📦
Rockwellautomation

Factorytalk Linx

= 6.00
📦
Rockwellautomation

Factorytalk Linx

= 6.10
📦
Rockwellautomation

Factorytalk Linx

= 6.11
📦
Rockwellautomation

Rslinx Classic

<= 4.11.00

References & Advisories

🔗 https://www.us-cert.gov/ics/advisories/icsa-20-163-02
🔗 https://www.zerodayinitiative.com/advisories/ZDI-20-733/
🔗 https://www.us-cert.gov/ics/advisories/icsa-20-163-02
🔗 https://www.zerodayinitiative.com/advisories/ZDI-20-733/

相關漏洞威脅

CVE-2020-272519.8

A heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unau...

CVE-2020-120348.2

Products that use EDS Subsystem: Version 28.0.1 and prior (FactoryTalk Linx software (Previously called RSLinx Enterprise): Versio...

CVE-2020-119998.1

FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and p...

CVE-2018-106197.8

An unquoted search path or element in RSLinx Classic Versions 3.90.01 and prior and FactoryTalk Linx Gateway Versions 3.90.00 and ...