CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14478 – IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE CWE-611
https://notcve.org/view.php?id=CVE-2020-14478
A local, authenticated attacker could use an XML External Entity (XXE) attack to exploit weakly configured XML files to access local or remote content. A successful exploit could potentially cause a denial-of-service condition and allow the attacker to arbitrarily read any local file via system-level services. Un atacante local y autenticado podría usar un ataque de tipo XML External Entity (XXE) para explotar archivos XML débilmente configurados para acceder a contenido local o remoto. Un ataque exitoso podría causar una condición de denegación de servicio y permitir al atacante leer arbitrariamente cualquier archivo local por medio de servicios a nivel de sistema • https://www.cisa.gov/uscert/ics/advisories/icsa-20-177-02 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2020-14516
https://notcve.org/view.php?id=CVE-2020-14516
In Rockwell Automation FactoryTalk Services Platform Versions 6.10.00 and 6.11.00, there is an issue with the implementation of the SHA-256 hashing algorithm with FactoryTalk Services Platform that prevents the user password from being hashed properly. En Rockwell Automation FactoryTalk Services Platform versiones 6.10.00 y 6.11.00, se presenta un problema con la implementación del algoritmo de hash SHA-256 con la plataforma de servicios FactoryTalk que impide que la contraseña del usuario se procese apropiadamente • https://us-cert.cisa.gov/ics/advisories/icsa-21-054-01 • CWE-916: Use of Password Hash With Insufficient Computational Effort •
CVSS: 9.8EPSS: 0%CPEs: 20EXPL: 0CVE-2021-22681
https://notcve.org/view.php?id=CVE-2021-22681
Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800. Rockwell Automation Studio 5000 Logix Designer Versions 21 and later and RSLogix 5000: Versions 16 through 20 are vulnerable because an unauthenticated attacker could bypass this verification mechanism and authenticate with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800. Rockwell Automation Studio 5000 Logix Designer versiones 21 y posteriores, y RSLogix 5000 versiones 16 hasta 20, usan una clave para verificar que los controladores Logix se estén comunicando con Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800. Rockwell Automation Studio 5000 Logix Designer versiones 21 y posteriores y RSLogix 5000: Versiones 16 hasta 20, son vulnerables porque un atacante no autenticado podría pasar por alto este mecanismo de comprobación y autenticarse con Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550 , 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800 • https://us-cert.cisa.gov/ics/advisories/icsa-21-056-03 • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5807
https://notcve.org/view.php?id=CVE-2020-5807
An unauthenticated remote attacker can send data to RsvcHost.exe listening on TCP port 5241 to add entries in the FactoryTalk Diagnostics event log. The attacker can specify long fields in the log entry, which can cause an unhandled exception in wcscpy_s() if a local user opens FactoryTalk Diagnostics Viewer (FTDiagViewer.exe) to view the log entry. Observed in FactoryTalk Diagnostics 6.11. All versions of FactoryTalk Diagnostics are affected. Un atacante remoto no autenticado puede enviar datos al archivo RsvcHost.exe escuchando en el puerto TCP 5241 para agregar entradas en el registro de evento de FactoryTalk Diagnostics. • https://www.tenable.com/security/research/tra-2020-71 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5801
https://notcve.org/view.php?id=CVE-2020-5801
An attacker can craft and send an OpenNamespace message to port 4241 with valid session-id that triggers an unhandled exception in CFTLDManager::HandleRequest function in RnaDaSvr.dll, resulting in process termination. Observed in FactoryTalk Linx 6.11. All versions of FactoryTalk Linx are affected. Un atacante puede crear y enviar un mensaje OpenNamespace al puerto 4241 con un ID de sesión válido que desencadena una excepción no controlada en la función CFTLDManager::HandleRequest en la biblioteca RnaDaSvr.dll, resultando en una terminación del proceso. Observado en FactoryTalk Linx versión 6.11. • https://www.tenable.com/security/research/tra-2020-71 • CWE-755: Improper Handling of Exceptional Conditions •