This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.SCADA_ROCKWELL_FTLINX_CVE-2020-12003.NBINRockwell Automation FactoryTalk Linx Path Traversal Information Disclosure
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.016 Low
EPSS
Percentile
87.6%
The Rockwell Automation FactoryTalk Linx running on the remote host is affected by a path traversal vulnerability due to the lack of validation of user-supplied file paths before using them in file operations. An unauthenticated, remote attacker can exploit this, via specially crafted messages, to disclose the contents of files on the remote host with SYSTEM privileges.
This plugin requires the ‘Scan Operational Technology devices’ scan setting to be enabled for it to be launched.
Note that the application is reportedly affected by other vulnerabilities; however, this plugin has not tested for those issues.
Binary data scada_rockwell_ftlinx_cve-2020-12003.nbin| Vendor | Product | Version | CPE |
|---|---|---|---|
| rockwellautomation | factorytalk_linx | cpe:/a:rockwellautomation:factorytalk_linx |
Related
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.016 Low
EPSS
Percentile
87.6%