Skip to main content

Factorytalk Linx CVE-2020-11999

HIGH
Improper Input Validation (CWE-20)
2020-06-15 ics-cert@hq.dhs.gov
8.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.1 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
Jun 15, 2020 - 20:15 nvd
HIGH 8.1

DescriptionNVD

FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. An exposed API call allows users to provide files to be processed without sanitation. This may allow an attacker to specify a filename to execute unauthorized code and modify files or data.

AnalysisAI

FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-20. FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. An exposed API call allows users to provide files to be processed without sanitation. This may allow an attacker to specify a filename to execute unauthorized code and modify files or data. Affected products include: Rockwellautomation Factorytalk Linx, Rockwellautomation Rslinx Classic. Version information: Version 12.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2020-27251 CRITICAL
9.8 Nov 26

A heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior. Rated critical severity (CVSS 9.8),

CVE-2020-12001 CRITICAL
9.8 Jun 15

FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Versio

CVE-2023-29464 CRITICAL
9.1 Oct 13

FactoryTalk Linx, in the Rockwell Automation PanelView Plus, allows an unauthenticated threat actor to read data from me

CVE-2020-5802 HIGH
7.5 Dec 29

An attacker-controlled memory allocation size can be passed to the C++ new operator in RnaDaSvr.dll by sending a special

CVE-2020-5801 HIGH
7.5 Dec 29

An attacker can craft and send an OpenNamespace message to port 4241 with valid session-id that triggers an unhandled ex

CVE-2020-27255 HIGH
7.5 Nov 26

A heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior. Rated high severity (CVSS 7.5), thi

CVE-2020-27253 HIGH
7.5 Nov 26

A flaw exists in the Ingress/Egress checks routine of FactoryTalk Linx Version 6.11 and prior. Rated high severity (CVSS

CVE-2020-12005 HIGH
7.5 Jun 15

FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Versio

CVE-2020-12003 HIGH
7.5 Jun 15

FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Versio

CVE-2020-5806 MEDIUM
5.5 Dec 29

An attacker-controlled memory allocation size can be passed to the C++ new operator in the CServerManager::HandleBrowseL

CVE-2025-7972 HIGH
8.4 Aug 14

A security issue exists within the FactoryTalk Linx Network Browser. Rated high severity (CVSS 8.4), this vulnerability

Share

CVE-2020-11999 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy