CVE-2020-6086
https://notcve.org/view.php?id=CVE-2020-6086
An exploitable denial of service vulnerability exists in the ENIP Request Path Data Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.If the Simple Segment Sub-Type is supplied, the device treats the byte following as the Data Size in words. When this value represents a size greater than what remains in the packet data, the device enters a fault state where communication with the device is lost and a physical power cycle is required. Se presenta una vulnerabilidad de denegación de servicio explotable en la funcionalidad ENIP Request Path Data Segment de Allen-Bradley Flex IO 1794-AENT/B. • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1007 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2020-12025 – Rockwell Automation Studio 5000 AML File Parsing XML External Entity Processing Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-12025
Rockwell Automation Logix Designer Studio 5000 Versions 32.00, 32.01, and 32.02 vulnerable to an xml external entity (XXE) vulnerability, which may allow an attacker to view hostnames or other resources from the program. Rockwell Automation Logix Designer Studio 5000 Versiones 32.00, 32.01 y 32.02, es susceptible a una vulnerabilidad de tipo xml external entity (XXE), que puede permitir a un atacante visualizar nombres de host u otros recursos del programa This vulnerability allows remote attackers to disclose sensitive information on affected installations of Rockwell Automation Studio 5000. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of AML files. Due to the improper restriction of XML External Entity (XXE) references, a specially crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of the current process. • https://us-cert.cisa.gov/ics/advisories/icsa-20-191-02 • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2020-12029 – Rockwell Automation FactoryTalk View SE
https://notcve.org/view.php?id=CVE-2020-12029
All versions of FactoryTalk View SE do not properly validate input of filenames within a project directory. A remote, unauthenticated attacker may be able to execute a crafted file on a remote endpoint that may result in remote code execution (RCE). Rockwell Automation recommends applying patch 1126289. Before installing this patch, the patch rollup dated 06 Apr 2020 or later MUST be applied. 1066644 – Patch Roll-up for CPR9 SRx. Todas las versiones de FactoryTalk View SE no comprueban apropiadamente una entrada de nombres de archivo dentro de un directorio de proyecto. • http://packetstormsecurity.com/files/160156/Rockwell-FactoryTalk-View-SE-SCADA-Unauthenticated-Remote-Code-Execution.html https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1126944 https://us-cert.cisa.gov/ics/advisories/icsa-20-170-05 • CWE-20: Improper Input Validation •
CVE-2020-12031 – Rockwell Automation FactoryTalk View SE
https://notcve.org/view.php?id=CVE-2020-12031
In all versions of FactoryTalk View SE, after bypassing memory corruption mechanisms found in the operating system, a local, authenticated attacker may corrupt the associated memory space allowing for arbitrary code execution. Rockwell Automation recommends applying patch 1126290. Before installing this patch, the patch rollup dated 06 Apr 2020 or later MUST be applied. 1066644 – Patch Roll-up for CPR9 SRx. En todas las versiones de FactoryTalk View SE, después de omitir los mecanismos de corrupción de memoria encontrados en el sistema operativo, un atacante autenticado local puede corromper el espacio de memoria asociado permitiendo una ejecución de código arbitrario. Rockwell Automation recomienda aplicar el parche 1126290. • https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1126944 https://us-cert.cisa.gov/ics/advisories/icsa-20-170-05 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVE-2020-12027 – Rockwell Automation FactoryTalk View SE
https://notcve.org/view.php?id=CVE-2020-12027
All versions of FactoryTalk View SE disclose the hostnames and file paths for certain files within the system. A remote, authenticated attacker may be able to leverage this information for reconnaissance efforts. Rockwell Automation recommends enabling built in security features found within FactoryTalk View SE. Users should follow guidance found in knowledge base articles 109056 and 1126943 to set up IPSec and/or HTTPs. Todas las versiones de FactoryTalk View SE, divulgan los nombres de host y las rutas de archivos para determinados archivos dentro del sistema. • http://packetstormsecurity.com/files/160156/Rockwell-FactoryTalk-View-SE-SCADA-Unauthenticated-Remote-Code-Execution.html https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1126944 https://us-cert.cisa.gov/ics/advisories/icsa-20-170-05 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •