cvelistv5 - CVE-2020-12001

CVE-2020-12001 (GCVE-0-2020-12001)

Vulnerability from cvelistv5 – Published: 2020-06-15 19:14 – Updated: 2024-08-04 11:48

Summary

Severity ?

No CVSS data available.

CWE

CWE-20 - IMPROPER INPUT VALIDATION CWE-20

Assigner

icscert

References

URL

Tags

	https://www.us-cert.gov/ics/advisories/icsa-20-163-02	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	FactoryTalk Linx, RSLinx Classic, Connected Components Workbench, ControlFLASH Plus, FactoryTalk Asset Centre, FactoryTalk Linx CommDTM, Studio 5000 Launcher, Studio 5000 Logix Designer software	Affected: FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:48:57.384Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-163-02"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-733/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "FactoryTalk Linx, RSLinx Classic, Connected Components Workbench, ControlFLASH Plus, FactoryTalk Asset Centre, FactoryTalk Linx CommDTM, Studio 5000 Launcher, Studio 5000 Logix Designer software",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. The parsing mechanism that processes certain file types does not provide input sanitation. This may allow an attacker to use specially crafted files to traverse the file system and modify or expose sensitive data or execute arbitrary code."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "IMPROPER INPUT VALIDATION CWE-20",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-22T23:06:17",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.us-cert.gov/ics/advisories/icsa-20-163-02"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-733/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2020-12001",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "FactoryTalk Linx, RSLinx Classic, Connected Components Workbench, ControlFLASH Plus, FactoryTalk Asset Centre, FactoryTalk Linx CommDTM, Studio 5000 Launcher, Studio 5000 Logix Designer software",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. The parsing mechanism that processes certain file types does not provide input sanitation. This may allow an attacker to use specially crafted files to traverse the file system and modify or expose sensitive data or execute arbitrary code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "IMPROPER INPUT VALIDATION CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.us-cert.gov/ics/advisories/icsa-20-163-02",
              "refsource": "MISC",
              "url": "https://www.us-cert.gov/ics/advisories/icsa-20-163-02"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-733/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-733/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2020-12001",
    "datePublished": "2020-06-15T19:14:18",
    "dateReserved": "2020-04-21T00:00:00",
    "dateUpdated": "2024-08-04T11:48:57.384Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rockwellautomation:factorytalk_linx:6.00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"244B67F2-DEC2-44E2-94F1-F6A82249453C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rockwellautomation:factorytalk_linx:6.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"767F223A-C4CE-49DE-B66F-51345E91C98F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rockwellautomation:factorytalk_linx:6.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5675EA61-1854-4AA1-BA1B-E07442E1F10C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rockwellautomation:rslinx_classic:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"4.11.00\", \"matchCriteriaId\": \"4F6780E2-AB8D-4860-812F-CBE82A94EF0D\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. The parsing mechanism that processes certain file types does not provide input sanitation. This may allow an attacker to use specially crafted files to traverse the file system and modify or expose sensitive data or execute arbitrary code.\"}, {\"lang\": \"es\", \"value\": \"FactoryTalk Linx versiones 6.00, 6.10 y 6.11, RSLinx Classic versiones v4.11.00 y anteriores, Connected Components Workbench: versi\\u00f3n 12 y anteriores, ControlFLASH: versi\\u00f3n 14 y posteriores, ControlFLASH Plus: versi\\u00f3n 1 y posteriores, FactoryTalk Asset Center: versi\\u00f3n 9 y posteriores , FactoryTalk Linx CommDTM: versi\\u00f3n 1 y posteriores, Studio 5000 Launcher: versi\\u00f3n 31 y posteriores a Stud, software 5000 Logix Designer: versi\\u00f3n 32 y anteriores son vulnerables. El mecanismo de an\\u00e1lisis que procesa determinados tipos de archivos no proporciona un saneamiento de entrada. Esto puede permitir a un atacante usar archivos especialmente dise\\u00f1ados para atravesar el sistema de archivos y modificar o exponer datos confidenciales o ejecutar c\\u00f3digo arbitrario\"}]",
      "id": "CVE-2020-12001",
      "lastModified": "2024-11-21T04:59:05.470",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-06-15T20:15:11.317",
      "references": "[{\"url\": \"https://www.us-cert.gov/ics/advisories/icsa-20-163-02\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-20-733/\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.us-cert.gov/ics/advisories/icsa-20-163-02\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-20-733/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}]",
      "sourceIdentifier": "ics-cert@hq.dhs.gov",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"ics-cert@hq.dhs.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-12001\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2020-06-15T20:15:11.317\",\"lastModified\":\"2024-11-21T04:59:05.470\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. The parsing mechanism that processes certain file types does not provide input sanitation. This may allow an attacker to use specially crafted files to traverse the file system and modify or expose sensitive data or execute arbitrary code.\"},{\"lang\":\"es\",\"value\":\"FactoryTalk Linx versiones 6.00, 6.10 y 6.11, RSLinx Classic versiones v4.11.00 y anteriores, Connected Components Workbench: versi\u00f3n 12 y anteriores, ControlFLASH: versi\u00f3n 14 y posteriores, ControlFLASH Plus: versi\u00f3n 1 y posteriores, FactoryTalk Asset Center: versi\u00f3n 9 y posteriores , FactoryTalk Linx CommDTM: versi\u00f3n 1 y posteriores, Studio 5000 Launcher: versi\u00f3n 31 y posteriores a Stud, software 5000 Logix Designer: versi\u00f3n 32 y anteriores son vulnerables. El mecanismo de an\u00e1lisis que procesa determinados tipos de archivos no proporciona un saneamiento de entrada. Esto puede permitir a un atacante usar archivos especialmente dise\u00f1ados para atravesar el sistema de archivos y modificar o exponer datos confidenciales o ejecutar c\u00f3digo arbitrario\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rockwellautomation:factorytalk_linx:6.00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"244B67F2-DEC2-44E2-94F1-F6A82249453C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rockwellautomation:factorytalk_linx:6.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"767F223A-C4CE-49DE-B66F-51345E91C98F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rockwellautomation:factorytalk_linx:6.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5675EA61-1854-4AA1-BA1B-E07442E1F10C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rockwellautomation:rslinx_classic:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.11.00\",\"matchCriteriaId\":\"4F6780E2-AB8D-4860-812F-CBE82A94EF0D\"}]}]}],\"references\":[{\"url\":\"https://www.us-cert.gov/ics/advisories/icsa-20-163-02\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-20-733/\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.us-cert.gov/ics/advisories/icsa-20-163-02\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-20-733/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

GHSA-RQ3Q-M2CF-PQ6X

Vulnerability from github – Published: 2022-05-24 17:20 – Updated: 2022-05-24 17:20

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-12001"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-06-15T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. The parsing mechanism that processes certain file types does not provide input sanitation. This may allow an attacker to use specially crafted files to traverse the file system and modify or expose sensitive data or execute arbitrary code.",
  "id": "GHSA-rq3q-m2cf-pq6x",
  "modified": "2022-05-24T17:20:29Z",
  "published": "2022-05-24T17:20:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12001"
    },
    {
      "type": "WEB",
      "url": "https://www.us-cert.gov/ics/advisories/icsa-20-163-02"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-733"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2020-12001

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2020-12001

Aliases

CVE-2020-12001

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-12001",
    "description": "FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. The parsing mechanism that processes certain file types does not provide input sanitation. This may allow an attacker to use specially crafted files to traverse the file system and modify or expose sensitive data or execute arbitrary code.",
    "id": "GSD-2020-12001"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-12001"
      ],
      "details": "FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. The parsing mechanism that processes certain file types does not provide input sanitation. This may allow an attacker to use specially crafted files to traverse the file system and modify or expose sensitive data or execute arbitrary code.",
      "id": "GSD-2020-12001",
      "modified": "2023-12-13T01:21:49.339228Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "ics-cert@hq.dhs.gov",
        "ID": "CVE-2020-12001",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "FactoryTalk Linx, RSLinx Classic, Connected Components Workbench, ControlFLASH Plus, FactoryTalk Asset Centre, FactoryTalk Linx CommDTM, Studio 5000 Launcher, Studio 5000 Logix Designer software",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. The parsing mechanism that processes certain file types does not provide input sanitation. This may allow an attacker to use specially crafted files to traverse the file system and modify or expose sensitive data or execute arbitrary code."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "IMPROPER INPUT VALIDATION CWE-20"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.us-cert.gov/ics/advisories/icsa-20-163-02",
            "refsource": "MISC",
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-163-02"
          },
          {
            "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-733/",
            "refsource": "MISC",
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-733/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:rockwellautomation:factorytalk_linx:6.00:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rockwellautomation:factorytalk_linx:6.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rockwellautomation:factorytalk_linx:6.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rockwellautomation:rslinx_classic:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.11.00",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2020-12001"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. The parsing mechanism that processes certain file types does not provide input sanitation. This may allow an attacker to use specially crafted files to traverse the file system and modify or expose sensitive data or execute arbitrary code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.us-cert.gov/ics/advisories/icsa-20-163-02",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://www.us-cert.gov/ics/advisories/icsa-20-163-02"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-733/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-733/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2021-11-04T17:40Z",
      "publishedDate": "2020-06-15T20:15Z"
    }
  }
}

VAR-202006-1811

Vulnerability from variot - Updated: 2023-12-18 13:07

FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. The parsing mechanism that processes certain file types does not provide input sanitation. This may allow an attacker to use specially crafted files to traverse the file system and modify or expose sensitive data or execute arbitrary code. Rockwell Automation Provided by the company FactoryTalk Linx Software The following multiple vulnerabilities exist in. * Improper input confirmation (CWE-20) - CVE-2020-11999 * Improper input confirmation (CWE-20) - CVE-2020-12001 * Directory traversal (CWE-22) - CVE-2020-12003 * Upload any file (CWE-434) - CVE-2020-12005The expected impact depends on each vulnerability, but it may be affected as follows. - CVE-2020-12001 * API Sensitive information on the local hard drive is stolen by a remote third party because it does not properly sanitize the specially crafted request during the call. - CVE-2020-12003 * Improperly compressed by a remote third party EDF By uploading the file, the compressed file can be decompressed. CPU All resources are consumed and service operation is interrupted (DoS) The condition is triggered - CVE-2020-12005. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Studio 5000. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of the CopyRenameProject parameter provided to hmi_isapi.dll. The issue results from the lack of proper validation of user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current process. Rockwell Automation RSLinx Classic and others are products of Rockwell Automation (USA). Rockwell Automation RSLinx Classic is a set of industrial communication solutions. Rockwell Automation ControlFLASH is a firmware update utility. The vulnerability stems from the failure of the resolution mechanism to clean up the input

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202006-1811",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "factorytalk linx",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "rockwellautomation",
        "version": "6.10"
      },
      {
        "model": "factorytalk linx",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "rockwellautomation",
        "version": "6.11"
      },
      {
        "model": "factorytalk linx",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "rockwellautomation",
        "version": "6.00"
      },
      {
        "model": "rslinx classic",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "rockwellautomation",
        "version": "4.11.00"
      },
      {
        "model": "connected components workbench",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "rockwell automation",
        "version": "version 12"
      },
      {
        "model": "controlflash",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "rockwell automation",
        "version": "version 14 \u304a\u3088\u3073\u305d\u308c"
      },
      {
        "model": "controlflash plus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "rockwell automation",
        "version": "version 1 \u304a\u3088\u3073\u305d\u308c"
      },
      {
        "model": "factorytalk asset centre",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "rockwell automation",
        "version": "version 9 \u304a\u3088\u3073\u305d\u308c"
      },
      {
        "model": "factorytalk linx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "rockwell automation",
        "version": "version 6.00, 6.10, 6.11"
      },
      {
        "model": "factorytalk linx commdtm",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "rockwell automation",
        "version": "version 1 \u304a\u3088\u3073\u305d\u308c"
      },
      {
        "model": "studio 5000 launcher",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "rockwell automation",
        "version": "version 31 \u304a\u3088\u3073\u305d\u308c"
      },
      {
        "model": "studio 5000 logix designer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "rockwell automation",
        "version": "software version 32"
      },
      {
        "model": "factorytalk linx",
        "scope": null,
        "trust": 0.7,
        "vendor": "rockwell automation",
        "version": null
      },
      {
        "model": "automation rslinx classic",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "rockwell",
        "version": "\u003c=4.11.00"
      },
      {
        "model": "automation factorytalk linx",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "rockwell",
        "version": "6.00"
      },
      {
        "model": "automation factorytalk linx",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "rockwell",
        "version": "6.10"
      },
      {
        "model": "automation factorytalk linx",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "rockwell",
        "version": "6.11"
      },
      {
        "model": "automation connected components workbench",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "rockwell",
        "version": "\u003c=12"
      },
      {
        "model": "automation controlflash",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "rockwell",
        "version": "\u003c=14"
      },
      {
        "model": "automation controlflash plus",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "rockwell",
        "version": "\u003c=1"
      },
      {
        "model": "automation factorytalk asset centre",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "rockwell",
        "version": "\u003c=9"
      },
      {
        "model": "automation factorytalk linx commdtm",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "rockwell",
        "version": "\u003c=1"
      },
      {
        "model": "automation studio launcher",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "rockwell",
        "version": "5000\u003c=31"
      },
      {
        "model": "automation studio logix designer software",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "rockwell",
        "version": "5000\u003c=32"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-20-733"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-38695"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005434"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-12001"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:rockwellautomation:factorytalk_linx:6.00:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rockwellautomation:factorytalk_linx:6.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rockwellautomation:factorytalk_linx:6.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rockwellautomation:rslinx_classic:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.11.00",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-12001"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Chris Anastasio (muffin) and Steven Seeley (mr_me) of Incite Team",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-20-733"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2020-12001",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2020-38695",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-164636",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2020-12001",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "HIGH",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "IPA score",
            "availabilityImpact": "None",
            "baseScore": 9.6,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-005434",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "IPA score",
            "availabilityImpact": "None",
            "baseScore": 9.6,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-005434",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "IPA score",
            "availabilityImpact": "None",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-005434",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "IPA score",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-005434",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "ZDI",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2020-12001",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 0.7,
            "userInteraction": "NONE",
            "vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "IPA",
            "id": "JVNDB-2020-005434",
            "trust": 1.6,
            "value": "Critical"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2020-005434",
            "trust": 1.6,
            "value": "High"
          },
          {
            "author": "NVD",
            "id": "CVE-2020-12001",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "ZDI",
            "id": "CVE-2020-12001",
            "trust": 0.7,
            "value": "CRITICAL"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2020-38695",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202006-916",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-164636",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2020-12001",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-20-733"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-38695"
      },
      {
        "db": "VULHUB",
        "id": "VHN-164636"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-12001"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005434"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005434"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005434"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005434"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-12001"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-916"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. The parsing mechanism that processes certain file types does not provide input sanitation. This may allow an attacker to use specially crafted files to traverse the file system and modify or expose sensitive data or execute arbitrary code. Rockwell Automation Provided by the company FactoryTalk Linx Software The following multiple vulnerabilities exist in. * Improper input confirmation (CWE-20) - CVE-2020-11999 * Improper input confirmation (CWE-20) - CVE-2020-12001 * Directory traversal (CWE-22) - CVE-2020-12003 * Upload any file (CWE-434) - CVE-2020-12005The expected impact depends on each vulnerability, but it may be affected as follows. - CVE-2020-12001 * API Sensitive information on the local hard drive is stolen by a remote third party because it does not properly sanitize the specially crafted request during the call. - CVE-2020-12003 * Improperly compressed by a remote third party EDF By uploading the file, the compressed file can be decompressed. CPU All resources are consumed and service operation is interrupted (DoS) The condition is triggered - CVE-2020-12005. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Studio 5000. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of the CopyRenameProject parameter provided to hmi_isapi.dll. The issue results from the lack of proper validation of user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current process. Rockwell Automation RSLinx Classic and others are products of Rockwell Automation (USA). Rockwell Automation RSLinx Classic is a set of industrial communication solutions. Rockwell Automation ControlFLASH is a firmware update utility. The vulnerability stems from the failure of the resolution mechanism to clean up the input",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-12001"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005434"
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-733"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-38695"
      },
      {
        "db": "VULHUB",
        "id": "VHN-164636"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-12001"
      }
    ],
    "trust": 2.97
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-12001",
        "trust": 3.9
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-20-163-02",
        "trust": 3.2
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-733",
        "trust": 2.5
      },
      {
        "db": "JVN",
        "id": "JVNVU91454414",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005434",
        "trust": 0.8
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-10292",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-38695",
        "trust": 0.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-916",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.2062",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-164636",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-12001",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-20-733"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-38695"
      },
      {
        "db": "VULHUB",
        "id": "VHN-164636"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-12001"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005434"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-12001"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-916"
      }
    ]
  },
  "id": "VAR-202006-1811",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-38695"
      },
      {
        "db": "VULHUB",
        "id": "VHN-164636"
      }
    ],
    "trust": 1.4526883266666666
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-38695"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:07:35.646000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "54102-Industrial Security Advisory Index (\u8981\u30ed\u30b0\u30a4\u30f3)",
        "trust": 0.8,
        "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/54102"
      },
      {
        "title": "Rockwell Automation has issued an update to correct this vulnerability.",
        "trust": 0.7,
        "url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1126945"
      },
      {
        "title": "Patch for Multiple Rockwell Automation product input verification error vulnerabilities (CNVD-2020-38695)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/225411"
      },
      {
        "title": "Multiple Rockwell Automation Product input verification error vulnerability fixes",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=121710"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-20-733"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-38695"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005434"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-916"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-164636"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-12001"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.2,
        "url": "https://www.us-cert.gov/ics/advisories/icsa-20-163-02"
      },
      {
        "trust": 1.8,
        "url": "https://www.zerodayinitiative.com/advisories/zdi-20-733/"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12001"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12003"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12005"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-11999"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12001"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu91454414/"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11999"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12003"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12005"
      },
      {
        "trust": 0.7,
        "url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1126945"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.2062/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/20.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-20-733"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-38695"
      },
      {
        "db": "VULHUB",
        "id": "VHN-164636"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-12001"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005434"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-12001"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-916"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "ZDI",
        "id": "ZDI-20-733"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-38695"
      },
      {
        "db": "VULHUB",
        "id": "VHN-164636"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-12001"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005434"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-12001"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-916"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-06-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-20-733"
      },
      {
        "date": "2020-07-14T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-38695"
      },
      {
        "date": "2020-06-15T00:00:00",
        "db": "VULHUB",
        "id": "VHN-164636"
      },
      {
        "date": "2020-06-15T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-12001"
      },
      {
        "date": "2020-06-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-005434"
      },
      {
        "date": "2020-06-15T20:15:11.317000",
        "db": "NVD",
        "id": "CVE-2020-12001"
      },
      {
        "date": "2020-06-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202006-916"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-06-23T00:00:00",
        "db": "ZDI",
        "id": "ZDI-20-733"
      },
      {
        "date": "2020-07-14T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-38695"
      },
      {
        "date": "2021-11-04T00:00:00",
        "db": "VULHUB",
        "id": "VHN-164636"
      },
      {
        "date": "2020-06-24T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-12001"
      },
      {
        "date": "2020-07-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-005434"
      },
      {
        "date": "2021-11-04T17:40:14.057000",
        "db": "NVD",
        "id": "CVE-2020-12001"
      },
      {
        "date": "2020-06-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202006-916"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-916"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Rockwell Automation Made  FactoryTalk Linx Software Multiple vulnerabilities in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005434"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-916"
      }
    ],
    "trust": 0.6
  }
}

CNVD-2020-38695

Vulnerability from cnvd - Published: 2020-07-14

Title

多款Rockwell Automation产品输入验证错误漏洞（CNVD-2020-38695）

Description

Rockwell Automation RSLinx Classic等都是美国罗克韦尔（Rockwell Automation）公司的产品。Rockwell Automation RSLinx Classic是一套工业通信解决方案。Rockwell Automation FactoryTalk Linx是一套工业通信解决方案。Rockwell Automation ControlFLASH是一款固件更新实用程序。多款Rockwell Automation产品中存在输入验证错误漏洞，该漏洞源于解析机制未能清理输入。攻击者可借助特制文件利用该漏洞遍历文件系统并修改或获取敏感数据或执行任意代码。

Severity

高

Patch Name

多款Rockwell Automation产品输入验证错误漏洞（CNVD-2020-38695）的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1066644

Reference

https://www.us-cert.gov/ics/advisories/icsa-20-163-02

Impacted products

Name
['Rockwell Automation RSLinx Classic <=4.11.00', 'Rockwell Automation FactoryTalk Linx 6.00', 'Rockwell Automation FactoryTalk Linx 6.10', 'Rockwell Automation FactoryTalk Linx 6.11', 'Rockwell Automation Connected Components Workbench <=12', 'Rockwell Automation ControlFLASH <=14', 'Rockwell Automation ControlFLASH Plus <=1', 'Rockwell Automation FactoryTalk Asset Centre <=9', 'Rockwell Automation FactoryTalk Linx CommDTM <=1', 'Rockwell Automation Studio 5000 Launcher <=31', 'Rockwell Automation Studio 5000 Logix Designer software <=32']

Name

['Rockwell Automation RSLinx Classic <=4.11.00', 'Rockwell Automation FactoryTalk Linx 6.00', 'Rockwell Automation FactoryTalk Linx 6.10', 'Rockwell Automation FactoryTalk Linx 6.11', 'Rockwell Automation Connected Components Workbench <=12', 'Rockwell Automation ControlFLASH <=14', 'Rockwell Automation ControlFLASH Plus <=1', 'Rockwell Automation FactoryTalk Asset Centre <=9', 'Rockwell Automation FactoryTalk Linx CommDTM <=1', 'Rockwell Automation Studio 5000 Launcher <=31', 'Rockwell Automation Studio 5000 Logix Designer software <=32']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-12001"
    }
  },
  "description": "Rockwell Automation RSLinx Classic\u7b49\u90fd\u662f\u7f8e\u56fd\u7f57\u514b\u97e6\u5c14\uff08Rockwell Automation\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Rockwell Automation RSLinx Classic\u662f\u4e00\u5957\u5de5\u4e1a\u901a\u4fe1\u89e3\u51b3\u65b9\u6848\u3002Rockwell Automation FactoryTalk Linx\u662f\u4e00\u5957\u5de5\u4e1a\u901a\u4fe1\u89e3\u51b3\u65b9\u6848\u3002Rockwell Automation ControlFLASH\u662f\u4e00\u6b3e\u56fa\u4ef6\u66f4\u65b0\u5b9e\u7528\u7a0b\u5e8f\u3002\n\n\u591a\u6b3eRockwell Automation\u4ea7\u54c1\u4e2d\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u89e3\u6790\u673a\u5236\u672a\u80fd\u6e05\u7406\u8f93\u5165\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u904d\u5386\u6587\u4ef6\u7cfb\u7edf\u5e76\u4fee\u6539\u6216\u83b7\u53d6\u654f\u611f\u6570\u636e\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1066644",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-38695",
  "openTime": "2020-07-14",
  "patchDescription": "Rockwell Automation RSLinx Classic\u7b49\u90fd\u662f\u7f8e\u56fd\u7f57\u514b\u97e6\u5c14\uff08Rockwell Automation\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Rockwell Automation RSLinx Classic\u662f\u4e00\u5957\u5de5\u4e1a\u901a\u4fe1\u89e3\u51b3\u65b9\u6848\u3002Rockwell Automation FactoryTalk Linx\u662f\u4e00\u5957\u5de5\u4e1a\u901a\u4fe1\u89e3\u51b3\u65b9\u6848\u3002Rockwell Automation ControlFLASH\u662f\u4e00\u6b3e\u56fa\u4ef6\u66f4\u65b0\u5b9e\u7528\u7a0b\u5e8f\u3002\r\n\r\n\u591a\u6b3eRockwell Automation\u4ea7\u54c1\u4e2d\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u89e3\u6790\u673a\u5236\u672a\u80fd\u6e05\u7406\u8f93\u5165\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u904d\u5386\u6587\u4ef6\u7cfb\u7edf\u5e76\u4fee\u6539\u6216\u83b7\u53d6\u654f\u611f\u6570\u636e\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eRockwell Automation\u4ea7\u54c1\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2020-38695\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Rockwell Automation RSLinx Classic \u003c=4.11.00",
      "Rockwell Automation FactoryTalk Linx 6.00",
      "Rockwell Automation FactoryTalk Linx 6.10",
      "Rockwell Automation FactoryTalk Linx 6.11",
      "Rockwell Automation Connected Components Workbench \u003c=12",
      "Rockwell Automation ControlFLASH \u003c=14",
      "Rockwell Automation ControlFLASH Plus \u003c=1",
      "Rockwell Automation FactoryTalk Asset Centre \u003c=9",
      "Rockwell Automation FactoryTalk Linx CommDTM \u003c=1",
      "Rockwell Automation Studio 5000 Launcher \u003c=31",
      "Rockwell Automation Studio 5000 Logix Designer software \u003c=32"
    ]
  },
  "referenceLink": "https://www.us-cert.gov/ics/advisories/icsa-20-163-02",
  "serverity": "\u9ad8",
  "submitTime": "2020-06-12",
  "title": "\u591a\u6b3eRockwell Automation\u4ea7\u54c1\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2020-38695\uff09"
}

FKIE_CVE-2020-12001

Vulnerability from fkie_nvd - Published: 2020-06-15 20:15 - Updated: 2024-11-21 04:59

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
ics-cert@hq.dhs.gov	https://www.us-cert.gov/ics/advisories/icsa-20-163-02	Third Party Advisory, US Government Resource
ics-cert@hq.dhs.gov	https://www.zerodayinitiative.com/advisories/ZDI-20-733/	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.us-cert.gov/ics/advisories/icsa-20-163-02	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://www.zerodayinitiative.com/advisories/ZDI-20-733/	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
rockwellautomation	factorytalk_linx	6.00
rockwellautomation	factorytalk_linx	6.10
rockwellautomation	factorytalk_linx	6.11
rockwellautomation	rslinx_classic	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rockwellautomation:factorytalk_linx:6.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "244B67F2-DEC2-44E2-94F1-F6A82249453C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rockwellautomation:factorytalk_linx:6.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "767F223A-C4CE-49DE-B66F-51345E91C98F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rockwellautomation:factorytalk_linx:6.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "5675EA61-1854-4AA1-BA1B-E07442E1F10C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rockwellautomation:rslinx_classic:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F6780E2-AB8D-4860-812F-CBE82A94EF0D",
              "versionEndIncluding": "4.11.00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. The parsing mechanism that processes certain file types does not provide input sanitation. This may allow an attacker to use specially crafted files to traverse the file system and modify or expose sensitive data or execute arbitrary code."
    },
    {
      "lang": "es",
      "value": "FactoryTalk Linx versiones 6.00, 6.10 y 6.11, RSLinx Classic versiones v4.11.00 y anteriores, Connected Components Workbench: versi\u00f3n 12 y anteriores, ControlFLASH: versi\u00f3n 14 y posteriores, ControlFLASH Plus: versi\u00f3n 1 y posteriores, FactoryTalk Asset Center: versi\u00f3n 9 y posteriores , FactoryTalk Linx CommDTM: versi\u00f3n 1 y posteriores, Studio 5000 Launcher: versi\u00f3n 31 y posteriores a Stud, software 5000 Logix Designer: versi\u00f3n 32 y anteriores son vulnerables. El mecanismo de an\u00e1lisis que procesa determinados tipos de archivos no proporciona un saneamiento de entrada. Esto puede permitir a un atacante usar archivos especialmente dise\u00f1ados para atravesar el sistema de archivos y modificar o exponer datos confidenciales o ejecutar c\u00f3digo arbitrario"
    }
  ],
  "id": "CVE-2020-12001",
  "lastModified": "2024-11-21T04:59:05.470",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-06-15T20:15:11.317",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.us-cert.gov/ics/advisories/icsa-20-163-02"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-733/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.us-cert.gov/ics/advisories/icsa-20-163-02"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-733/"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-12001 (GCVE-0-2020-12001)

GHSA-RQ3Q-M2CF-PQ6X

GSD-2020-12001

VAR-202006-1811

CNVD-2020-38695

FKIE_CVE-2020-12001

Tags

Sightings

Nomenclature