CVE-2020-12003

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. An exposed API call allows users to provide files to be processed without sanitation. This may allow an attacker to use specially crafted requests to traverse the file system and expose sensitive data on the local hard drive.

FactoryTalk Linx versiones 6.00, 6.10 y 6.11, RSLinx Classic versiones v4.11.00 y anteriores, Connected Components Workbench: versión 12 y anteriores, ControlFLASH: versión 14 y posteriores, ControlFLASH Plus: versión 1 y posteriores, FactoryTalk Asset Center: versión 9 y posteriores , FactoryTalk Linx CommDTM: versión 1 y posteriores, Studio 5000 Launcher: versión 31 y posteriores a Stud, software 5000 Logix Designer: versión 32 y anteriores son vulnerables. Una llamada expuesta de la API permite a los usuarios proporcionar archivos a ser procesados sin saneamiento. Esto puede permitir a un atacante usar peticiones especialmente diseñadas para saltar el sistema de archivos y exponer datos confidenciales en el disco duro local

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-04-21 CVE Reserved
2020-06-15 CVE Published
2023-06-04 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CAPEC

References (1)

URL	Tag	Source
https://www.us-cert.gov/ics/advisories/icsa-20-163-02	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Rockwellautomation Search vendor "Rockwellautomation"		Factorytalk Linx Search vendor "Rockwellautomation" for product "Factorytalk Linx"				6.00 Search vendor "Rockwellautomation" for product "Factorytalk Linx" and version "6.00"		-		Affected
Rockwellautomation Search vendor "Rockwellautomation"		Factorytalk Linx Search vendor "Rockwellautomation" for product "Factorytalk Linx"				6.10 Search vendor "Rockwellautomation" for product "Factorytalk Linx" and version "6.10"		-		Affected
Rockwellautomation Search vendor "Rockwellautomation"		Factorytalk Linx Search vendor "Rockwellautomation" for product "Factorytalk Linx"				6.11 Search vendor "Rockwellautomation" for product "Factorytalk Linx" and version "6.11"		-		Affected
Rockwellautomation Search vendor "Rockwellautomation"		Rslinx Classic Search vendor "Rockwellautomation" for product "Rslinx Classic"				<= 4.11.00 Search vendor "Rockwellautomation" for product "Rslinx Classic" and version " <= 4.11.00"		-		Affected