Sign-up

ID

VAR-202006-0317


CVE

CVE-2020-11999


TITLE

Rockwell Automation Made FactoryTalk Linx Software Multiple vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2020-005434

DESCRIPTION

FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. An exposed API call allows users to provide files to be processed without sanitation. This may allow an attacker to specify a filename to execute unauthorized code and modify files or data. Rockwell Automation Provided by the company FactoryTalk Linx Software The following multiple vulnerabilities exist in. * Improper input confirmation (CWE-20) - CVE-2020-11999 * Improper input confirmation (CWE-20) - CVE-2020-12001 * Directory traversal (CWE-22) - CVE-2020-12003 * Upload any file (CWE-434) - CVE-2020-12005The expected impact depends on each vulnerability, but it may be affected as follows. * API Arbitrary code may be executed or files or data may be tampered with by a remote third party because arbitrary files are not properly sanitized during a call. - CVE-2020-11999 * Proper sanitization of specially crafted files can lead to sensitive information being stolen or arbitrary code being executed by a remote third party. - CVE-2020-12001 * API Sensitive information on the local hard drive is stolen by a remote third party because it does not properly sanitize the specially crafted request during the call. - CVE-2020-12003 * Improperly compressed by a remote third party EDF By uploading the file, the compressed file can be decompressed. CPU All resources are consumed and service operation is interrupted (DoS) The condition is triggered - CVE-2020-12005. Rockwell Automation RSLinx Classic and others are products of Rockwell Automation (USA). Rockwell Automation RSLinx Classic is a set of industrial communication solutions. Rockwell Automation ControlFLASH is a firmware update utility

Trust: 2.25

sources: NVD: CVE-2020-11999 // JVNDB: JVNDB-2020-005434 // CNVD: CNVD-2020-38696 // VULHUB: VHN-164633

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-38696

AFFECTED PRODUCTS

vendor:rockwellautomationmodel:rslinx classicscope:lteversion:4.11.00

Trust: 1.0

vendor:rockwellautomationmodel:factorytalk linxscope:eqversion:6.10

Trust: 1.0

vendor:rockwellautomationmodel:factorytalk linxscope:eqversion:6.11

Trust: 1.0

vendor:rockwellautomationmodel:factorytalk linxscope:eqversion:6.00

Trust: 1.0

vendor:rockwell automationmodel:connected components workbenchscope:eqversion:version 12

Trust: 0.8

vendor:rockwell automationmodel:controlflashscope:eqversion:version 14 およびそれ

Trust: 0.8

vendor:rockwell automationmodel:controlflash plusscope:eqversion:version 1 およびそれ

Trust: 0.8

vendor:rockwell automationmodel:factorytalk asset centrescope:eqversion:version 9 およびそれ

Trust: 0.8

vendor:rockwell automationmodel:factorytalk linxscope:eqversion:version 6.00, 6.10, 6.11

Trust: 0.8

vendor:rockwell automationmodel:factorytalk linx commdtmscope:eqversion:version 1 およびそれ

Trust: 0.8

vendor:rockwell automationmodel:studio 5000 launcherscope:eqversion:version 31 およびそれ

Trust: 0.8

vendor:rockwell automationmodel:studio 5000 logix designerscope:eqversion:software version 32

Trust: 0.8

vendor:rockwellmodel:automation rslinx classicscope:lteversion:<=4.11.00

Trust: 0.6

vendor:rockwellmodel:automation factorytalk linxscope:eqversion:6.00

Trust: 0.6

vendor:rockwellmodel:automation factorytalk linxscope:eqversion:6.10

Trust: 0.6

vendor:rockwellmodel:automation factorytalk linxscope:eqversion:6.11

Trust: 0.6

vendor:rockwellmodel:automation connected components workbenchscope:lteversion:<=12

Trust: 0.6

vendor:rockwellmodel:automation controlflashscope:lteversion:<=14

Trust: 0.6

vendor:rockwellmodel:automation controlflash plusscope:lteversion:<=1

Trust: 0.6

vendor:rockwellmodel:automation factorytalk asset centrescope:lteversion:<=9

Trust: 0.6

vendor:rockwellmodel:automation factorytalk linx commdtmscope:lteversion:<=1

Trust: 0.6

vendor:rockwellmodel:automation studio launcherscope:eqversion:5000<=31

Trust: 0.6

vendor:rockwellmodel:automation studio logix designer softwarescope:eqversion:5000<=32

Trust: 0.6

sources: CNVD: CNVD-2020-38696 // JVNDB: JVNDB-2020-005434 // NVD: CVE-2020-11999

CVSS

SEVERITY

CVSSV2

CVSSV3

IPA: JVNDB-2020-005434
value: CRITICAL

Trust: 1.6

IPA: JVNDB-2020-005434
value: HIGH

Trust: 1.6

nvd@nist.gov: CVE-2020-11999
value: HIGH

Trust: 1.0

CNVD: CNVD-2020-38696
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202006-918
value: HIGH

Trust: 0.6

VULHUB: VHN-164633
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-11999
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2020-38696
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-164633
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-11999
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 5.2
version: 3.1

Trust: 1.0

IPA score: JVNDB-2020-005434
baseSeverity: CRITICAL
baseScore: 9.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

IPA score: JVNDB-2020-005434
baseSeverity: CRITICAL
baseScore: 9.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

IPA score: JVNDB-2020-005434
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

IPA score: JVNDB-2020-005434
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-38696 // VULHUB: VHN-164633 // JVNDB: JVNDB-2020-005434 // JVNDB: JVNDB-2020-005434 // JVNDB: JVNDB-2020-005434 // JVNDB: JVNDB-2020-005434 // CNNVD: CNNVD-202006-918 // NVD: CVE-2020-11999

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.1

sources: VULHUB: VHN-164633 // NVD: CVE-2020-11999

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-918

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202006-918

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-005434

PATCH
title:54102-Industrial Security Advisory Index (要ログイン)url:https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/54102
Trust: 0.8
title:Patch for Multiple Rockwell Automation product input validation error vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/225409
Trust: 0.6
title:Multiple Rockwell Automation Product input verification error vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=122477
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-38696 // 
            
            
            
            JVNDB: JVNDB-2020-005434 // 
            
            
            
            CNNVD: CNNVD-202006-918

EXTERNAL IDS
db:NVDid:CVE-2020-11999
Trust: 3.1
db:ICS CERTid:ICSA-20-163-02
Trust: 3.1
db:JVNid:JVNVU91454414
Trust: 0.8
db:JVNDBid:JVNDB-2020-005434
Trust: 0.8
db:CNVDid:CNVD-2020-38696
Trust: 0.7
db:CNNVDid:CNNVD-202006-918
Trust: 0.7
db:AUSCERTid:ESB-2020.2062
Trust: 0.6
db:VULHUBid:VHN-164633
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-38696 // 
            
            
            
            VULHUB: VHN-164633 // 
            
            
            
            JVNDB: JVNDB-2020-005434 // 
            
            
            
            CNNVD: CNNVD-202006-918 // 
            
            
            
            NVD: CVE-2020-11999

REFERENCES
url:https://www.us-cert.gov/ics/advisories/icsa-20-163-02
Trust: 3.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-11999
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12003
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12005
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-11999
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12001
Trust: 0.8
url:https://jvn.jp/vu/jvnvu91454414/
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-12001
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-12003
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-12005
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.2062/
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-38696 // 
            
            
            
            VULHUB: VHN-164633 // 
            
            
            
            JVNDB: JVNDB-2020-005434 // 
            
            
            
            CNNVD: CNNVD-202006-918 // 
            
            
            
            NVD: CVE-2020-11999

CREDITS
Sharon Brizinov and Amir Preminger (VP Research) of Claroty
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202006-918

SOURCES
db:CNVDid:CNVD-2020-38696
db:VULHUBid:VHN-164633
db:JVNDBid:JVNDB-2020-005434
db:CNNVDid:CNNVD-202006-918
db:NVDid:CVE-2020-11999

LAST UPDATE DATE
2024-11-23T22:16:26.664000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-38696date:2020-07-14T00:00:00
db:VULHUBid:VHN-164633date:2020-06-24T00:00:00
db:JVNDBid:JVNDB-2020-005434date:2020-07-13T00:00:00
db:CNNVDid:CNNVD-202006-918date:2020-06-30T00:00:00
db:NVDid:CVE-2020-11999date:2024-11-21T04:59:05.213

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-38696date:2020-07-14T00:00:00
db:VULHUBid:VHN-164633date:2020-06-15T00:00:00
db:JVNDBid:JVNDB-2020-005434date:2020-06-15T00:00:00
db:CNNVDid:CNNVD-202006-918date:2020-06-11T00:00:00
db:NVDid:CVE-2020-11999date:2020-06-15T20:15:11.223