Details of VAR-202012-1430

ID

VAR-202012-1430

CVE

CVE-2020-5801

TITLE

FactoryTalk Linx Vulnerability in handling exceptional conditions in

Trust: 0.8

sources: JVNDB: JVNDB-2020-014969

DESCRIPTION

An attacker can craft and send an OpenNamespace message to port 4241 with valid session-id that triggers an unhandled exception in CFTLDManager::HandleRequest function in RnaDaSvr.dll, resulting in process termination. Observed in FactoryTalk Linx 6.11. All versions of FactoryTalk Linx are affected. FactoryTalk Linx Is vulnerable to handling exceptional conditions.Denial of service (DoS) It may be put into a state. Rockwell Automation FactoryTalk Linx is a set of industrial communication solutions from Rockwell Automation, USA. This product is mainly used for communication between small applications and large automation systems

Trust: 1.71

sources: NVD: CVE-2020-5801 // JVNDB: JVNDB-2020-014969 // VULHUB: VHN-183926

AFFECTED PRODUCTS

vendor:	rockwellautomation	model:	factorytalk linx	scope:	lte	version:	6.11	Trust: 1.0
vendor:	rockwell automation	model:	factorytalk linx	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-014969 // NVD: CVE-2020-5801

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-5801
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-5801
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202012-1772
value:	HIGH
Trust: 0.6
VULHUB:	VHN-183926
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-5801
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-183926
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-5801
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2020-5801
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-183926 // JVNDB: JVNDB-2020-014969 // CNNVD: CNNVD-202012-1772 // NVD: CVE-2020-5801

PROBLEMTYPE DATA

problemtype:	CWE-755	Trust: 1.1
problemtype:	Improper handling in exceptional conditions (CWE-755) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-183926 // JVNDB: JVNDB-2020-014969 // NVD: CVE-2020-5801

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202012-1772

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202012-1772

PATCH

title:	Top Page	url:	https://www.rockwellautomation.com/	Trust: 0.8
title:	Rockwell Automation FactoryTalk Linx Fixes for code issue vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=138277	Trust: 0.6

sources: JVNDB: JVNDB-2020-014969 // CNNVD: CNNVD-202012-1772

EXTERNAL IDS

db:	TENABLE	id:	TRA-2020-71	Trust: 2.5
db:	NVD	id:	CVE-2020-5801	Trust: 2.5
db:	JVN	id:	JVNVU98988953	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-014969	Trust: 0.8
db:	CNNVD	id:	CNNVD-202012-1772	Trust: 0.7
db:	AUSCERT	id:	ESB-2021.0327	Trust: 0.6
db:	ICS CERT	id:	ICSA-21-028-01	Trust: 0.6
db:	VULHUB	id:	VHN-183926	Trust: 0.1

sources: VULHUB: VHN-183926 // JVNDB: JVNDB-2020-014969 // CNNVD: CNNVD-202012-1772 // NVD: CVE-2020-5801

REFERENCES

url:	https://www.tenable.com/security/research/tra-2020-71	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2020-5801	Trust: 1.4
url:	https://jvn.jp/vu/jvnvu98988953/	Trust: 0.8
url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-028-01	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0327/	Trust: 0.6

sources: VULHUB: VHN-183926 // JVNDB: JVNDB-2020-014969 // CNNVD: CNNVD-202012-1772 // NVD: CVE-2020-5801

SOURCES

db:	VULHUB	id:	VHN-183926
db:	JVNDB	id:	JVNDB-2020-014969
db:	CNNVD	id:	CNNVD-202012-1772
db:	NVD	id:	CVE-2020-5801

LAST UPDATE DATE

2024-11-23T21:35:01.190000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-183926	date:	2020-12-30T00:00:00
db:	JVNDB	id:	JVNDB-2020-014969	date:	2021-09-06T08:38:00
db:	CNNVD	id:	CNNVD-202012-1772	date:	2021-02-01T00:00:00
db:	NVD	id:	CVE-2020-5801	date:	2024-11-21T05:34:37.333

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-183926	date:	2020-12-29T00:00:00
db:	JVNDB	id:	JVNDB-2020-014969	date:	2021-09-06T00:00:00
db:	CNNVD	id:	CNNVD-202012-1772	date:	2020-12-29T00:00:00
db:	NVD	id:	CVE-2020-5801	date:	2020-12-29T16:15:14.730