Sign-up

ID

VAR-202006-1811


CVE

CVE-2020-12001


TITLE

Rockwell Automation Made FactoryTalk Linx Software Multiple vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2020-005434

DESCRIPTION

FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. The parsing mechanism that processes certain file types does not provide input sanitation. This may allow an attacker to use specially crafted files to traverse the file system and modify or expose sensitive data or execute arbitrary code. Rockwell Automation Provided by the company FactoryTalk Linx Software The following multiple vulnerabilities exist in. * Improper input confirmation (CWE-20) - CVE-2020-11999 * Improper input confirmation (CWE-20) - CVE-2020-12001 * Directory traversal (CWE-22) - CVE-2020-12003 * Upload any file (CWE-434) - CVE-2020-12005The expected impact depends on each vulnerability, but it may be affected as follows. - CVE-2020-12001 * API Sensitive information on the local hard drive is stolen by a remote third party because it does not properly sanitize the specially crafted request during the call. - CVE-2020-12003 * Improperly compressed by a remote third party EDF By uploading the file, the compressed file can be decompressed. CPU All resources are consumed and service operation is interrupted (DoS) The condition is triggered - CVE-2020-12005. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Studio 5000. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of the CopyRenameProject parameter provided to hmi_isapi.dll. The issue results from the lack of proper validation of user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current process. Rockwell Automation RSLinx Classic and others are products of Rockwell Automation (USA). Rockwell Automation RSLinx Classic is a set of industrial communication solutions. Rockwell Automation ControlFLASH is a firmware update utility. The vulnerability stems from the failure of the resolution mechanism to clean up the input

Trust: 2.97

sources: NVD: CVE-2020-12001 // JVNDB: JVNDB-2020-005434 // ZDI: ZDI-20-733 // CNVD: CNVD-2020-38695 // VULHUB: VHN-164636 // VULMON: CVE-2020-12001

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-38695

AFFECTED PRODUCTS

vendor:rockwellautomationmodel:rslinx classicscope:lteversion:4.11.00

Trust: 1.0

vendor:rockwellautomationmodel:factorytalk linxscope:eqversion:6.10

Trust: 1.0

vendor:rockwellautomationmodel:factorytalk linxscope:eqversion:6.11

Trust: 1.0

vendor:rockwellautomationmodel:factorytalk linxscope:eqversion:6.00

Trust: 1.0

vendor:rockwell automationmodel:connected components workbenchscope:eqversion:version 12

Trust: 0.8

vendor:rockwell automationmodel:controlflashscope:eqversion:version 14 およびそれ

Trust: 0.8

vendor:rockwell automationmodel:controlflash plusscope:eqversion:version 1 およびそれ

Trust: 0.8

vendor:rockwell automationmodel:factorytalk asset centrescope:eqversion:version 9 およびそれ

Trust: 0.8

vendor:rockwell automationmodel:factorytalk linxscope:eqversion:version 6.00, 6.10, 6.11

Trust: 0.8

vendor:rockwell automationmodel:factorytalk linx commdtmscope:eqversion:version 1 およびそれ

Trust: 0.8

vendor:rockwell automationmodel:studio 5000 launcherscope:eqversion:version 31 およびそれ

Trust: 0.8

vendor:rockwell automationmodel:studio 5000 logix designerscope:eqversion:software version 32

Trust: 0.8

vendor:rockwell automationmodel:factorytalk linxscope: - version: -

Trust: 0.7

vendor:rockwellmodel:automation rslinx classicscope:lteversion:<=4.11.00

Trust: 0.6

vendor:rockwellmodel:automation factorytalk linxscope:eqversion:6.00

Trust: 0.6

vendor:rockwellmodel:automation factorytalk linxscope:eqversion:6.10

Trust: 0.6

vendor:rockwellmodel:automation factorytalk linxscope:eqversion:6.11

Trust: 0.6

vendor:rockwellmodel:automation connected components workbenchscope:lteversion:<=12

Trust: 0.6

vendor:rockwellmodel:automation controlflashscope:lteversion:<=14

Trust: 0.6

vendor:rockwellmodel:automation controlflash plusscope:lteversion:<=1

Trust: 0.6

vendor:rockwellmodel:automation factorytalk asset centrescope:lteversion:<=9

Trust: 0.6

vendor:rockwellmodel:automation factorytalk linx commdtmscope:lteversion:<=1

Trust: 0.6

vendor:rockwellmodel:automation studio launcherscope:eqversion:5000<=31

Trust: 0.6

vendor:rockwellmodel:automation studio logix designer softwarescope:eqversion:5000<=32

Trust: 0.6

sources: ZDI: ZDI-20-733 // CNVD: CNVD-2020-38695 // JVNDB: JVNDB-2020-005434 // NVD: CVE-2020-12001

CVSS

SEVERITY

CVSSV2

CVSSV3

IPA: JVNDB-2020-005434
value: CRITICAL

Trust: 1.6

IPA: JVNDB-2020-005434
value: HIGH

Trust: 1.6

nvd@nist.gov: CVE-2020-12001
value: CRITICAL

Trust: 1.0

ZDI: CVE-2020-12001
value: CRITICAL

Trust: 0.7

CNVD: CNVD-2020-38695
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202006-916
value: CRITICAL

Trust: 0.6

VULHUB: VHN-164636
value: HIGH

Trust: 0.1

VULMON: CVE-2020-12001
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-12001
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

CNVD: CNVD-2020-38695
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-164636
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-12001
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

IPA score: JVNDB-2020-005434
baseSeverity: CRITICAL
baseScore: 9.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

IPA score: JVNDB-2020-005434
baseSeverity: CRITICAL
baseScore: 9.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

IPA score: JVNDB-2020-005434
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

IPA score: JVNDB-2020-005434
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2020-12001
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-20-733 // CNVD: CNVD-2020-38695 // VULHUB: VHN-164636 // VULMON: CVE-2020-12001 // JVNDB: JVNDB-2020-005434 // JVNDB: JVNDB-2020-005434 // JVNDB: JVNDB-2020-005434 // JVNDB: JVNDB-2020-005434 // CNNVD: CNNVD-202006-916 // NVD: CVE-2020-12001

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.1

sources: VULHUB: VHN-164636 // NVD: CVE-2020-12001

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-916

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202006-916

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-005434

PATCH
title:54102-Industrial Security Advisory Index (要ログイン)url:https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/54102
Trust: 0.8
title:Rockwell Automation has issued an update to correct this vulnerability.url:https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1126945
Trust: 0.7
title:Patch for Multiple Rockwell Automation product input verification error vulnerabilities (CNVD-2020-38695)url:https://www.cnvd.org.cn/patchInfo/show/225411
Trust: 0.6
title:Multiple Rockwell Automation Product input verification error vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121710
Trust: 0.6
sources:
            
            
            ZDI: ZDI-20-733 // 
            
            
            
            CNVD: CNVD-2020-38695 // 
            
            
            
            JVNDB: JVNDB-2020-005434 // 
            
            
            
            CNNVD: CNNVD-202006-916

EXTERNAL IDS
db:NVDid:CVE-2020-12001
Trust: 3.9
db:ICS CERTid:ICSA-20-163-02
Trust: 3.2
db:ZDIid:ZDI-20-733
Trust: 2.5
db:JVNid:JVNVU91454414
Trust: 0.8
db:JVNDBid:JVNDB-2020-005434
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-10292
Trust: 0.7
db:CNVDid:CNVD-2020-38695
Trust: 0.7
db:CNNVDid:CNNVD-202006-916
Trust: 0.7
db:AUSCERTid:ESB-2020.2062
Trust: 0.6
db:VULHUBid:VHN-164636
Trust: 0.1
db:VULMONid:CVE-2020-12001
Trust: 0.1
sources:
            
            
            ZDI: ZDI-20-733 // 
            
            
            
            CNVD: CNVD-2020-38695 // 
            
            
            
            VULHUB: VHN-164636 // 
            
            
            
            VULMON: CVE-2020-12001 // 
            
            
            
            JVNDB: JVNDB-2020-005434 // 
            
            
            
            CNNVD: CNNVD-202006-916 // 
            
            
            
            NVD: CVE-2020-12001

REFERENCES
url:https://www.us-cert.gov/ics/advisories/icsa-20-163-02
Trust: 3.2
url:https://www.zerodayinitiative.com/advisories/zdi-20-733/
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-12001
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12003
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12005
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-11999
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12001
Trust: 0.8
url:https://jvn.jp/vu/jvnvu91454414/
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-11999
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-12003
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-12005
Trust: 0.8
url:https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1126945
Trust: 0.7
url:https://www.auscert.org.au/bulletins/esb-2020.2062/
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/20.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            ZDI: ZDI-20-733 // 
            
            
            
            CNVD: CNVD-2020-38695 // 
            
            
            
            VULHUB: VHN-164636 // 
            
            
            
            VULMON: CVE-2020-12001 // 
            
            
            
            JVNDB: JVNDB-2020-005434 // 
            
            
            
            CNNVD: CNNVD-202006-916 // 
            
            
            
            NVD: CVE-2020-12001

CREDITS
Chris Anastasio (muffin) and Steven Seeley (mr_me) of Incite Team
Trust: 0.7
sources:
            
            
            ZDI: ZDI-20-733

SOURCES
db:ZDIid:ZDI-20-733
db:CNVDid:CNVD-2020-38695
db:VULHUBid:VHN-164636
db:VULMONid:CVE-2020-12001
db:JVNDBid:JVNDB-2020-005434
db:CNNVDid:CNNVD-202006-916
db:NVDid:CVE-2020-12001

LAST UPDATE DATE
2024-11-23T22:16:26.623000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-20-733date:2020-06-23T00:00:00
db:CNVDid:CNVD-2020-38695date:2020-07-14T00:00:00
db:VULHUBid:VHN-164636date:2021-11-04T00:00:00
db:VULMONid:CVE-2020-12001date:2020-06-24T00:00:00
db:JVNDBid:JVNDB-2020-005434date:2020-07-13T00:00:00
db:CNNVDid:CNNVD-202006-916date:2020-06-30T00:00:00
db:NVDid:CVE-2020-12001date:2024-11-21T04:59:05.470

SOURCES RELEASE DATE
db:ZDIid:ZDI-20-733date:2020-06-22T00:00:00
db:CNVDid:CNVD-2020-38695date:2020-07-14T00:00:00
db:VULHUBid:VHN-164636date:2020-06-15T00:00:00
db:VULMONid:CVE-2020-12001date:2020-06-15T00:00:00
db:JVNDBid:JVNDB-2020-005434date:2020-06-15T00:00:00
db:CNNVDid:CNNVD-202006-916date:2020-06-11T00:00:00
db:NVDid:CVE-2020-12001date:2020-06-15T20:15:11.317