Sign-up

ID

VAR-202006-0362


CVE

CVE-2020-12003


TITLE

Rockwell Automation Made FactoryTalk Linx Software Multiple vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2020-005434

DESCRIPTION

FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. An exposed API call allows users to provide files to be processed without sanitation. This may allow an attacker to use specially crafted requests to traverse the file system and expose sensitive data on the local hard drive. Rockwell Automation Provided by the company FactoryTalk Linx Software The following multiple vulnerabilities exist in. * Improper input confirmation (CWE-20) - CVE-2020-11999 * Improper input confirmation (CWE-20) - CVE-2020-12001 * Directory traversal (CWE-22) - CVE-2020-12003 * Upload any file (CWE-434) - CVE-2020-12005The expected impact depends on each vulnerability, but it may be affected as follows. * API Arbitrary code may be executed or files or data may be tampered with by a remote third party because arbitrary files are not properly sanitized during a call. - CVE-2020-11999 * Proper sanitization of specially crafted files can lead to sensitive information being stolen or arbitrary code being executed by a remote third party. - CVE-2020-12003 * Improperly compressed by a remote third party EDF By uploading the file, the compressed file can be decompressed. CPU All resources are consumed and service operation is interrupted (DoS) The condition is triggered - CVE-2020-12005. Rockwell Automation RSLinx Classic and others are products of Rockwell Automation (USA). Rockwell Automation RSLinx Classic is a set of industrial communication solutions. Rockwell Automation ControlFLASH is a firmware update utility

Trust: 2.25

sources: NVD: CVE-2020-12003 // JVNDB: JVNDB-2020-005434 // CNVD: CNVD-2020-38694 // VULHUB: VHN-164638

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-38694

AFFECTED PRODUCTS

vendor:rockwellautomationmodel:rslinx classicscope:lteversion:4.11.00

Trust: 1.0

vendor:rockwellautomationmodel:factorytalk linxscope:eqversion:6.10

Trust: 1.0

vendor:rockwellautomationmodel:factorytalk linxscope:eqversion:6.11

Trust: 1.0

vendor:rockwellautomationmodel:factorytalk linxscope:eqversion:6.00

Trust: 1.0

vendor:rockwell automationmodel:connected components workbenchscope:eqversion:version 12

Trust: 0.8

vendor:rockwell automationmodel:controlflashscope:eqversion:version 14 およびそれ

Trust: 0.8

vendor:rockwell automationmodel:controlflash plusscope:eqversion:version 1 およびそれ

Trust: 0.8

vendor:rockwell automationmodel:factorytalk asset centrescope:eqversion:version 9 およびそれ

Trust: 0.8

vendor:rockwell automationmodel:factorytalk linxscope:eqversion:version 6.00, 6.10, 6.11

Trust: 0.8

vendor:rockwell automationmodel:factorytalk linx commdtmscope:eqversion:version 1 およびそれ

Trust: 0.8

vendor:rockwell automationmodel:studio 5000 launcherscope:eqversion:version 31 およびそれ

Trust: 0.8

vendor:rockwell automationmodel:studio 5000 logix designerscope:eqversion:software version 32

Trust: 0.8

vendor:rockwellmodel:automation rslinx classicscope:lteversion:<=4.11.00

Trust: 0.6

vendor:rockwellmodel:automation factorytalk linxscope:eqversion:6.00

Trust: 0.6

vendor:rockwellmodel:automation factorytalk linxscope:eqversion:6.10

Trust: 0.6

vendor:rockwellmodel:automation factorytalk linxscope:eqversion:6.11

Trust: 0.6

vendor:rockwellmodel:automation connected components workbenchscope:lteversion:<=12

Trust: 0.6

vendor:rockwellmodel:automation controlflashscope:lteversion:<=14

Trust: 0.6

vendor:rockwellmodel:automation controlflash plusscope:lteversion:<=1

Trust: 0.6

vendor:rockwellmodel:automation factorytalk asset centrescope:lteversion:<=9

Trust: 0.6

vendor:rockwellmodel:automation factorytalk linx commdtmscope:lteversion:<=1

Trust: 0.6

vendor:rockwellmodel:automation studio launcherscope:eqversion:5000<=31

Trust: 0.6

vendor:rockwellmodel:automation studio logix designer softwarescope:eqversion:5000<=32

Trust: 0.6

sources: CNVD: CNVD-2020-38694 // JVNDB: JVNDB-2020-005434 // NVD: CVE-2020-12003

CVSS

SEVERITY

CVSSV2

CVSSV3

IPA: JVNDB-2020-005434
value: CRITICAL

Trust: 1.6

IPA: JVNDB-2020-005434
value: HIGH

Trust: 1.6

nvd@nist.gov: CVE-2020-12003
value: HIGH

Trust: 1.0

CNVD: CNVD-2020-38694
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202006-913
value: HIGH

Trust: 0.6

VULHUB: VHN-164638
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-12003
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2020-38694
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-164638
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-12003
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

IPA score: JVNDB-2020-005434
baseSeverity: CRITICAL
baseScore: 9.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

IPA score: JVNDB-2020-005434
baseSeverity: CRITICAL
baseScore: 9.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

IPA score: JVNDB-2020-005434
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

IPA score: JVNDB-2020-005434
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-38694 // VULHUB: VHN-164638 // JVNDB: JVNDB-2020-005434 // JVNDB: JVNDB-2020-005434 // JVNDB: JVNDB-2020-005434 // JVNDB: JVNDB-2020-005434 // CNNVD: CNNVD-202006-913 // NVD: CVE-2020-12003

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.1

sources: VULHUB: VHN-164638 // NVD: CVE-2020-12003

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-913

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202006-913

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-005434

PATCH
title:54102-Industrial Security Advisory Index (要ログイン)url:https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/54102
Trust: 0.8
title:Patch for Multiple Rockwell Automation product path traversal vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/225413
Trust: 0.6
title:Multiple Rockwell Automation Product path traversal vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121709
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-38694 // 
            
            
            
            JVNDB: JVNDB-2020-005434 // 
            
            
            
            CNNVD: CNNVD-202006-913

EXTERNAL IDS
db:NVDid:CVE-2020-12003
Trust: 3.1
db:ICS CERTid:ICSA-20-163-02
Trust: 3.1
db:JVNid:JVNVU91454414
Trust: 0.8
db:JVNDBid:JVNDB-2020-005434
Trust: 0.8
db:CNVDid:CNVD-2020-38694
Trust: 0.7
db:CNNVDid:CNNVD-202006-913
Trust: 0.7
db:AUSCERTid:ESB-2020.2062
Trust: 0.6
db:VULHUBid:VHN-164638
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-38694 // 
            
            
            
            VULHUB: VHN-164638 // 
            
            
            
            JVNDB: JVNDB-2020-005434 // 
            
            
            
            CNNVD: CNNVD-202006-913 // 
            
            
            
            NVD: CVE-2020-12003

REFERENCES
url:https://www.us-cert.gov/ics/advisories/icsa-20-163-02
Trust: 3.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-12003
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12003
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12005
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-11999
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12001
Trust: 0.8
url:https://jvn.jp/vu/jvnvu91454414/
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-11999
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-12001
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-12005
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.2062/
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-38694 // 
            
            
            
            VULHUB: VHN-164638 // 
            
            
            
            JVNDB: JVNDB-2020-005434 // 
            
            
            
            CNNVD: CNNVD-202006-913 // 
            
            
            
            NVD: CVE-2020-12003

CREDITS
Sharon Brizinov and Amir Preminger (VP Research) of Claroty
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202006-913

SOURCES
db:CNVDid:CNVD-2020-38694
db:VULHUBid:VHN-164638
db:JVNDBid:JVNDB-2020-005434
db:CNNVDid:CNNVD-202006-913
db:NVDid:CVE-2020-12003

LAST UPDATE DATE
2024-11-23T22:16:26.263000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-38694date:2020-07-14T00:00:00
db:VULHUBid:VHN-164638date:2020-06-24T00:00:00
db:JVNDBid:JVNDB-2020-005434date:2020-07-13T00:00:00
db:CNNVDid:CNNVD-202006-913date:2020-06-30T00:00:00
db:NVDid:CVE-2020-12003date:2024-11-21T04:59:05.733

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-38694date:2020-07-14T00:00:00
db:VULHUBid:VHN-164638date:2020-06-15T00:00:00
db:JVNDBid:JVNDB-2020-005434date:2020-06-15T00:00:00
db:CNNVDid:CNNVD-202006-913date:2020-06-11T00:00:00
db:NVDid:CVE-2020-12003date:2020-06-15T20:15:11.397