var-202006-1811
Vulnerability from variot
FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. The parsing mechanism that processes certain file types does not provide input sanitation. This may allow an attacker to use specially crafted files to traverse the file system and modify or expose sensitive data or execute arbitrary code. Rockwell Automation Provided by the company FactoryTalk Linx Software The following multiple vulnerabilities exist in. * Improper input confirmation (CWE-20) - CVE-2020-11999 * Improper input confirmation (CWE-20) - CVE-2020-12001 * Directory traversal (CWE-22) - CVE-2020-12003 * Upload any file (CWE-434) - CVE-2020-12005The expected impact depends on each vulnerability, but it may be affected as follows. - CVE-2020-12001 * API Sensitive information on the local hard drive is stolen by a remote third party because it does not properly sanitize the specially crafted request during the call. - CVE-2020-12003 * Improperly compressed by a remote third party EDF By uploading the file, the compressed file can be decompressed. CPU All resources are consumed and service operation is interrupted (DoS) The condition is triggered - CVE-2020-12005. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Studio 5000. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of the CopyRenameProject parameter provided to hmi_isapi.dll. The issue results from the lack of proper validation of user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current process. Rockwell Automation RSLinx Classic and others are products of Rockwell Automation (USA). Rockwell Automation RSLinx Classic is a set of industrial communication solutions. Rockwell Automation ControlFLASH is a firmware update utility. The vulnerability stems from the failure of the resolution mechanism to clean up the input
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202006-1811",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "factorytalk linx",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "6.10"
},
{
"model": "factorytalk linx",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "6.11"
},
{
"model": "factorytalk linx",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "6.00"
},
{
"model": "rslinx classic",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "4.11.00"
},
{
"model": "connected components workbench",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "version 12"
},
{
"model": "controlflash",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "version 14 \u304a\u3088\u3073\u305d\u308c"
},
{
"model": "controlflash plus",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "version 1 \u304a\u3088\u3073\u305d\u308c"
},
{
"model": "factorytalk asset centre",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "version 9 \u304a\u3088\u3073\u305d\u308c"
},
{
"model": "factorytalk linx",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "version 6.00, 6.10, 6.11"
},
{
"model": "factorytalk linx commdtm",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "version 1 \u304a\u3088\u3073\u305d\u308c"
},
{
"model": "studio 5000 launcher",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "version 31 \u304a\u3088\u3073\u305d\u308c"
},
{
"model": "studio 5000 logix designer",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "software version 32"
},
{
"model": "factorytalk linx",
"scope": null,
"trust": 0.7,
"vendor": "rockwell automation",
"version": null
},
{
"model": "automation rslinx classic",
"scope": "lte",
"trust": 0.6,
"vendor": "rockwell",
"version": "\u003c=4.11.00"
},
{
"model": "automation factorytalk linx",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "6.00"
},
{
"model": "automation factorytalk linx",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "6.10"
},
{
"model": "automation factorytalk linx",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "6.11"
},
{
"model": "automation connected components workbench",
"scope": "lte",
"trust": 0.6,
"vendor": "rockwell",
"version": "\u003c=12"
},
{
"model": "automation controlflash",
"scope": "lte",
"trust": 0.6,
"vendor": "rockwell",
"version": "\u003c=14"
},
{
"model": "automation controlflash plus",
"scope": "lte",
"trust": 0.6,
"vendor": "rockwell",
"version": "\u003c=1"
},
{
"model": "automation factorytalk asset centre",
"scope": "lte",
"trust": 0.6,
"vendor": "rockwell",
"version": "\u003c=9"
},
{
"model": "automation factorytalk linx commdtm",
"scope": "lte",
"trust": 0.6,
"vendor": "rockwell",
"version": "\u003c=1"
},
{
"model": "automation studio launcher",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "5000\u003c=31"
},
{
"model": "automation studio logix designer software",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "5000\u003c=32"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-733"
},
{
"db": "CNVD",
"id": "CNVD-2020-38695"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005434"
},
{
"db": "NVD",
"id": "CVE-2020-12001"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:rockwellautomation:factorytalk_linx:6.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rockwellautomation:factorytalk_linx:6.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rockwellautomation:factorytalk_linx:6.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rockwellautomation:rslinx_classic:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.11.00",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12001"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Chris Anastasio (muffin) and Steven Seeley (mr_me) of Incite Team",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-733"
}
],
"trust": 0.7
},
"cve": "CVE-2020-12001",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-38695",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-164636",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-12001",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "None",
"baseScore": 9.6,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-005434",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "None",
"baseScore": 9.6,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-005434",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-005434",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-005434",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-12001",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2020-005434",
"trust": 1.6,
"value": "Critical"
},
{
"author": "IPA",
"id": "JVNDB-2020-005434",
"trust": 1.6,
"value": "High"
},
{
"author": "NVD",
"id": "CVE-2020-12001",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "ZDI",
"id": "CVE-2020-12001",
"trust": 0.7,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2020-38695",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-916",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-164636",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-12001",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-733"
},
{
"db": "CNVD",
"id": "CNVD-2020-38695"
},
{
"db": "VULHUB",
"id": "VHN-164636"
},
{
"db": "VULMON",
"id": "CVE-2020-12001"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005434"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005434"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005434"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005434"
},
{
"db": "NVD",
"id": "CVE-2020-12001"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-916"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. The parsing mechanism that processes certain file types does not provide input sanitation. This may allow an attacker to use specially crafted files to traverse the file system and modify or expose sensitive data or execute arbitrary code. Rockwell Automation Provided by the company FactoryTalk Linx Software The following multiple vulnerabilities exist in. * Improper input confirmation (CWE-20) - CVE-2020-11999 * Improper input confirmation (CWE-20) - CVE-2020-12001 * Directory traversal (CWE-22) - CVE-2020-12003 * Upload any file (CWE-434) - CVE-2020-12005The expected impact depends on each vulnerability, but it may be affected as follows. - CVE-2020-12001 * API Sensitive information on the local hard drive is stolen by a remote third party because it does not properly sanitize the specially crafted request during the call. - CVE-2020-12003 * Improperly compressed by a remote third party EDF By uploading the file, the compressed file can be decompressed. CPU All resources are consumed and service operation is interrupted (DoS) The condition is triggered - CVE-2020-12005. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Studio 5000. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of the CopyRenameProject parameter provided to hmi_isapi.dll. The issue results from the lack of proper validation of user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current process. Rockwell Automation RSLinx Classic and others are products of Rockwell Automation (USA). Rockwell Automation RSLinx Classic is a set of industrial communication solutions. Rockwell Automation ControlFLASH is a firmware update utility. The vulnerability stems from the failure of the resolution mechanism to clean up the input",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12001"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005434"
},
{
"db": "ZDI",
"id": "ZDI-20-733"
},
{
"db": "CNVD",
"id": "CNVD-2020-38695"
},
{
"db": "VULHUB",
"id": "VHN-164636"
},
{
"db": "VULMON",
"id": "CVE-2020-12001"
}
],
"trust": 2.97
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-12001",
"trust": 3.9
},
{
"db": "ICS CERT",
"id": "ICSA-20-163-02",
"trust": 3.2
},
{
"db": "ZDI",
"id": "ZDI-20-733",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU91454414",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005434",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10292",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-38695",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202006-916",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.2062",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-164636",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-12001",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-733"
},
{
"db": "CNVD",
"id": "CNVD-2020-38695"
},
{
"db": "VULHUB",
"id": "VHN-164636"
},
{
"db": "VULMON",
"id": "CVE-2020-12001"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005434"
},
{
"db": "NVD",
"id": "CVE-2020-12001"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-916"
}
]
},
"id": "VAR-202006-1811",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38695"
},
{
"db": "VULHUB",
"id": "VHN-164636"
}
],
"trust": 1.4526883266666666
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38695"
}
]
},
"last_update_date": "2023-12-18T13:07:35.646000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "54102-Industrial Security Advisory Index (\u8981\u30ed\u30b0\u30a4\u30f3)",
"trust": 0.8,
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/54102"
},
{
"title": "Rockwell Automation has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1126945"
},
{
"title": "Patch for Multiple Rockwell Automation product input verification error vulnerabilities (CNVD-2020-38695)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/225411"
},
{
"title": "Multiple Rockwell Automation Product input verification error vulnerability fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=121710"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-733"
},
{
"db": "CNVD",
"id": "CNVD-2020-38695"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005434"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-916"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-164636"
},
{
"db": "NVD",
"id": "CVE-2020-12001"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-163-02"
},
{
"trust": 1.8,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-733/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12001"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12003"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12005"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-11999"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12001"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91454414/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11999"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12003"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12005"
},
{
"trust": 0.7,
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1126945"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2062/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-733"
},
{
"db": "CNVD",
"id": "CNVD-2020-38695"
},
{
"db": "VULHUB",
"id": "VHN-164636"
},
{
"db": "VULMON",
"id": "CVE-2020-12001"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005434"
},
{
"db": "NVD",
"id": "CVE-2020-12001"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-916"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-20-733"
},
{
"db": "CNVD",
"id": "CNVD-2020-38695"
},
{
"db": "VULHUB",
"id": "VHN-164636"
},
{
"db": "VULMON",
"id": "CVE-2020-12001"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005434"
},
{
"db": "NVD",
"id": "CVE-2020-12001"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-916"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-22T00:00:00",
"db": "ZDI",
"id": "ZDI-20-733"
},
{
"date": "2020-07-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-38695"
},
{
"date": "2020-06-15T00:00:00",
"db": "VULHUB",
"id": "VHN-164636"
},
{
"date": "2020-06-15T00:00:00",
"db": "VULMON",
"id": "CVE-2020-12001"
},
{
"date": "2020-06-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005434"
},
{
"date": "2020-06-15T20:15:11.317000",
"db": "NVD",
"id": "CVE-2020-12001"
},
{
"date": "2020-06-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-916"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-23T00:00:00",
"db": "ZDI",
"id": "ZDI-20-733"
},
{
"date": "2020-07-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-38695"
},
{
"date": "2021-11-04T00:00:00",
"db": "VULHUB",
"id": "VHN-164636"
},
{
"date": "2020-06-24T00:00:00",
"db": "VULMON",
"id": "CVE-2020-12001"
},
{
"date": "2020-07-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005434"
},
{
"date": "2021-11-04T17:40:14.057000",
"db": "NVD",
"id": "CVE-2020-12001"
},
{
"date": "2020-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-916"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-916"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell Automation Made FactoryTalk Linx Software Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005434"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-916"
}
],
"trust": 0.6
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.