Lucene search

[email protected]CVE-2020-12005

HistoryJun 15, 2020 - 8:15 p.m.

CVE-2020-12005

2020-06-1520:15:11

CWE-434

[email protected]

web.nvd.nist.gov

cve-2020-12005

factorytalk linx

rslinx classic

connected components workbench

controlflash

factorytalk asset centre

denial-of-service

vulnerability

security

nvd

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

79.4%

JSON

FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. A vulnerability exists in the communication function that enables users to upload EDS files by FactoryTalk Linx. This may allow an attacker to upload a file with bad compression, consuming all the available CPU resources, leading to a denial-of-service condition.

Affected configurations

NVD

Node

rockwellautomationfactorytalk_linxMatch6.00

rockwellautomationfactorytalk_linxMatch6.10

rockwellautomationfactorytalk_linxMatch6.11

rockwellautomationrslinx_classicRange≤4.11.00

CPENameOperatorVersion
rockwellautomation:factorytalk_linxrockwellautomation factorytalk linxeq6.00
rockwellautomation:factorytalk_linxrockwellautomation factorytalk linxeq6.10
rockwellautomation:factorytalk_linxrockwellautomation factorytalk linxeq6.11
rockwellautomation:rslinx_classicrockwellautomation rslinx classicle4.11.00

CPE	Name	Operator	Version
rockwellautomation:factorytalk_linx	rockwellautomation factorytalk linx	eq	6.00
rockwellautomation:factorytalk_linx	rockwellautomation factorytalk linx	eq	6.10
rockwellautomation:factorytalk_linx	rockwellautomation factorytalk linx	eq	6.11
rockwellautomation:rslinx_classic	rockwellautomation rslinx classic	le	4.11.00

CNA Affected

[
  {
    "product": "FactoryTalk Linx, RSLinx Classic, Connected Components Workbench, ControlFLASH Plus, FactoryTalk Asset Centre, FactoryTalk Linx CommDTM, Studio 5000 Launcher, Studio 5000 Logix Designer software",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior"
      }
    ]
  }
]

References

www.us-cert.gov/ics/advisories/icsa-20-163-02

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

79.4%

JSON

Related for CVE-2020-12005

nessus2 cvelist1 prion1 nvd1 ics1