ID

VAR-202006-0364


CVE

CVE-2020-12005


TITLE

Rockwell Automation Made FactoryTalk Linx Software Multiple vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2020-005434

DESCRIPTION

FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. A vulnerability exists in the communication function that enables users to upload EDS files by FactoryTalk Linx. This may allow an attacker to upload a file with bad compression, consuming all the available CPU resources, leading to a denial-of-service condition. Rockwell Automation Provided by the company FactoryTalk Linx Software The following multiple vulnerabilities exist in. * Improper input confirmation (CWE-20) - CVE-2020-11999 * Improper input confirmation (CWE-20) - CVE-2020-12001 * Directory traversal (CWE-22) - CVE-2020-12003 * Upload any file (CWE-434) - CVE-2020-12005The expected impact depends on each vulnerability, but it may be affected as follows. * API Arbitrary code may be executed or files or data may be tampered with by a remote third party because arbitrary files are not properly sanitized during a call. - CVE-2020-11999 * Proper sanitization of specially crafted files can lead to sensitive information being stolen or arbitrary code being executed by a remote third party. - CVE-2020-12001 * API Sensitive information on the local hard drive is stolen by a remote third party because it does not properly sanitize the specially crafted request during the call. - CVE-2020-12003 * Improperly compressed by a remote third party EDF By uploading the file, the compressed file can be decompressed. CPU All resources are consumed and service operation is interrupted (DoS) The condition is triggered - CVE-2020-12005. Rockwell Automation RSLinx Classic and others are products of Rockwell Automation (USA). Rockwell Automation RSLinx Classic is a set of industrial communication solutions. Rockwell Automation ControlFLASH is a firmware update utility

Trust: 2.25

sources: NVD: CVE-2020-12005 // JVNDB: JVNDB-2020-005434 // CNVD: CNVD-2020-38693 // VULHUB: VHN-164640

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-38693

AFFECTED PRODUCTS

vendor:rockwellautomationmodel:rslinx classicscope:lteversion:4.11.00

Trust: 1.0

vendor:rockwellautomationmodel:factorytalk linxscope:eqversion:6.10

Trust: 1.0

vendor:rockwellautomationmodel:factorytalk linxscope:eqversion:6.11

Trust: 1.0

vendor:rockwellautomationmodel:factorytalk linxscope:eqversion:6.00

Trust: 1.0

vendor:rockwell automationmodel:connected components workbenchscope:eqversion:version 12

Trust: 0.8

vendor:rockwell automationmodel:controlflashscope:eqversion:version 14 およびそれ

Trust: 0.8

vendor:rockwell automationmodel:controlflash plusscope:eqversion:version 1 およびそれ

Trust: 0.8

vendor:rockwell automationmodel:factorytalk asset centrescope:eqversion:version 9 およびそれ

Trust: 0.8

vendor:rockwell automationmodel:factorytalk linxscope:eqversion:version 6.00, 6.10, 6.11

Trust: 0.8

vendor:rockwell automationmodel:factorytalk linx commdtmscope:eqversion:version 1 およびそれ

Trust: 0.8

vendor:rockwell automationmodel:studio 5000 launcherscope:eqversion:version 31 およびそれ

Trust: 0.8

vendor:rockwell automationmodel:studio 5000 logix designerscope:eqversion:software version 32

Trust: 0.8

vendor:rockwellmodel:automation rslinx classicscope:lteversion:<=4.11.00

Trust: 0.6

vendor:rockwellmodel:automation factorytalk linxscope:eqversion:6.00

Trust: 0.6

vendor:rockwellmodel:automation factorytalk linxscope:eqversion:6.10

Trust: 0.6

vendor:rockwellmodel:automation factorytalk linxscope:eqversion:6.11

Trust: 0.6

vendor:rockwellmodel:automation connected components workbenchscope:lteversion:<=12

Trust: 0.6

vendor:rockwellmodel:automation controlflashscope:lteversion:<=14

Trust: 0.6

vendor:rockwellmodel:automation controlflash plusscope:lteversion:<=1

Trust: 0.6

vendor:rockwellmodel:automation factorytalk asset centrescope:lteversion:<=9

Trust: 0.6

vendor:rockwellmodel:automation factorytalk linx commdtmscope:lteversion:<=1

Trust: 0.6

vendor:rockwellmodel:automation studio launcherscope:eqversion:5000<=31

Trust: 0.6

vendor:rockwellmodel:automation studio logix designer softwarescope:eqversion:5000<=32

Trust: 0.6

sources: CNVD: CNVD-2020-38693 // JVNDB: JVNDB-2020-005434 // NVD: CVE-2020-12005

CVSS

SEVERITY

CVSSV2

CVSSV3

IPA: JVNDB-2020-005434
value: CRITICAL

Trust: 1.6

IPA: JVNDB-2020-005434
value: HIGH

Trust: 1.6

nvd@nist.gov: CVE-2020-12005
value: HIGH

Trust: 1.0

CNVD: CNVD-2020-38693
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202006-911
value: HIGH

Trust: 0.6

VULHUB: VHN-164640
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-12005
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2020-38693
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-164640
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-12005
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

IPA score: JVNDB-2020-005434
baseSeverity: CRITICAL
baseScore: 9.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

IPA score: JVNDB-2020-005434
baseSeverity: CRITICAL
baseScore: 9.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

IPA score: JVNDB-2020-005434
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

IPA score: JVNDB-2020-005434
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-38693 // VULHUB: VHN-164640 // JVNDB: JVNDB-2020-005434 // JVNDB: JVNDB-2020-005434 // JVNDB: JVNDB-2020-005434 // JVNDB: JVNDB-2020-005434 // CNNVD: CNNVD-202006-911 // NVD: CVE-2020-12005

PROBLEMTYPE DATA

problemtype:CWE-434

Trust: 1.1

sources: VULHUB: VHN-164640 // NVD: CVE-2020-12005

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-911

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202006-911

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-005434

PATCH

title:54102-Industrial Security Advisory Index (要ログイン)url:https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/54102

Trust: 0.8

title:Patch for Multiple Rockwell Automation product code issue vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/225415

Trust: 0.6

title:Multiple Rockwell Automation Product code issue vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121708

Trust: 0.6

sources: CNVD: CNVD-2020-38693 // JVNDB: JVNDB-2020-005434 // CNNVD: CNNVD-202006-911

EXTERNAL IDS

db:NVDid:CVE-2020-12005

Trust: 3.1

db:ICS CERTid:ICSA-20-163-02

Trust: 3.1

db:JVNid:JVNVU91454414

Trust: 0.8

db:JVNDBid:JVNDB-2020-005434

Trust: 0.8

db:CNVDid:CNVD-2020-38693

Trust: 0.7

db:CNNVDid:CNNVD-202006-911

Trust: 0.7

db:AUSCERTid:ESB-2020.2062

Trust: 0.6

db:VULHUBid:VHN-164640

Trust: 0.1

sources: CNVD: CNVD-2020-38693 // VULHUB: VHN-164640 // JVNDB: JVNDB-2020-005434 // CNNVD: CNNVD-202006-911 // NVD: CVE-2020-12005

REFERENCES

url:https://www.us-cert.gov/ics/advisories/icsa-20-163-02

Trust: 3.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-12005

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12003

Trust: 0.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12005

Trust: 0.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-11999

Trust: 0.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12001

Trust: 0.8

url:https://jvn.jp/vu/jvnvu91454414/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-11999

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-12001

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-12003

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2020.2062/

Trust: 0.6

sources: CNVD: CNVD-2020-38693 // VULHUB: VHN-164640 // JVNDB: JVNDB-2020-005434 // CNNVD: CNNVD-202006-911 // NVD: CVE-2020-12005

CREDITS

Sharon Brizinov and Amir Preminger (VP Research) of Claroty

Trust: 0.6

sources: CNNVD: CNNVD-202006-911

SOURCES

db:CNVDid:CNVD-2020-38693
db:VULHUBid:VHN-164640
db:JVNDBid:JVNDB-2020-005434
db:CNNVDid:CNNVD-202006-911
db:NVDid:CVE-2020-12005

LAST UPDATE DATE

2024-11-23T22:16:26.589000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-38693date:2020-07-14T00:00:00
db:VULHUBid:VHN-164640date:2020-06-24T00:00:00
db:JVNDBid:JVNDB-2020-005434date:2020-07-13T00:00:00
db:CNNVDid:CNNVD-202006-911date:2020-06-30T00:00:00
db:NVDid:CVE-2020-12005date:2024-11-21T04:59:05.970

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-38693date:2020-07-14T00:00:00
db:VULHUBid:VHN-164640date:2020-06-15T00:00:00
db:JVNDBid:JVNDB-2020-005434date:2020-06-15T00:00:00
db:CNNVDid:CNNVD-202006-911date:2020-06-11T00:00:00
db:NVDid:CVE-2020-12005date:2020-06-15T20:15:11.473