CVE-2020-11999
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. An exposed API call allows users to provide files to be processed without sanitation. This may allow an attacker to specify a filename to execute unauthorized code and modify files or data.
FactoryTalk Linx versiones 6.00, 6.10 y 6.11, RSLinx Classic versiones v4.11.00 y anteriores, Connected Components Workbench: versión 12 y anteriores, ControlFLASH: versión 14 y posteriores, ControlFLASH Plus: versión 1 y posteriores, FactoryTalk Asset Center: versión 9 y posteriores , FactoryTalk Linx CommDTM: versión 1 y posteriores, Studio 5000 Launcher: versión 31 y posteriores a Stud, software 5000 Logix Designer: versión 32 y anteriores son vulnerables. Una llamada expuesta de la API permite a los usuarios proporcionar archivos a ser procesados sin saneamiento. Esto puede permitir a un atacante especificar un nombre de archivo para ejecutar código no autorizado y modificar archivos o datos
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-04-21 CVE Reserved
- 2020-06-15 CVE Published
- 2023-06-04 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (1)
URL | Tag | Source |
---|---|---|
https://www.us-cert.gov/ics/advisories/icsa-20-163-02 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Rockwellautomation Search vendor "Rockwellautomation" | Factorytalk Linx Search vendor "Rockwellautomation" for product "Factorytalk Linx" | 6.00 Search vendor "Rockwellautomation" for product "Factorytalk Linx" and version "6.00" | - |
Affected
| ||||||
Rockwellautomation Search vendor "Rockwellautomation" | Factorytalk Linx Search vendor "Rockwellautomation" for product "Factorytalk Linx" | 6.10 Search vendor "Rockwellautomation" for product "Factorytalk Linx" and version "6.10" | - |
Affected
| ||||||
Rockwellautomation Search vendor "Rockwellautomation" | Factorytalk Linx Search vendor "Rockwellautomation" for product "Factorytalk Linx" | 6.11 Search vendor "Rockwellautomation" for product "Factorytalk Linx" and version "6.11" | - |
Affected
| ||||||
Rockwellautomation Search vendor "Rockwellautomation" | Rslinx Classic Search vendor "Rockwellautomation" for product "Rslinx Classic" | <= 4.11.00 Search vendor "Rockwellautomation" for product "Rslinx Classic" and version " <= 4.11.00" | - |
Affected
|