CVE-2020-12001
published 2020-06-15CVE-2020-12001: FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version…
PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
11.50%
95.5th percentile
FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. The parsing mechanism that processes certain file types does not provide input sanitation. This may allow an attacker to use specially crafted files to traverse the file system and modify or expose sensitive data or execute arbitrary code.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rockwellautomation | factorytalk_linx | — | — |
| rockwellautomation | factorytalk_linx | — | — |
| rockwellautomation | factorytalk_linx | — | — |
| rockwellautomation | rslinx_classic | <= 4.11.00 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for path traversal patterns in files submitted to FactoryTalk Linx parsing mechanisms; the vulnerability allows directory traversal via specially crafted file types processed without input sanitation. ↗
- →Alert on EDS file uploads to FactoryTalk Linx that contain malformed or high-compression-ratio content, which may indicate a denial-of-service attempt (CVE-2020-12005) or a file-type abuse attempt related to the same attack surface. ↗
- →Detect network traffic to/from FactoryTalk Linx on TCP 2222, TCP 7153, and UDP 44818 originating from outside the manufacturing zone as a strong indicator of exploitation attempts against CVE-2020-12001 and related CVEs. ↗
- →Monitor for exposed API calls accepting unsanitized file paths or filenames on FactoryTalk Linx; exploitation of CVE-2020-11999 (related) involves specifying a filename to execute unauthorized code. ↗
- ·CVE-2020-12001 affects only specific versions of FactoryTalk Linx (6.00, 6.10, 6.11) and downstream products; detections should be scoped to these versions to reduce false positives. ↗
- ·No known public exploits exist for these vulnerabilities at time of advisory publication; detections are preventive rather than reactive to observed in-the-wild exploitation. ↗
- ·RSLinx Classic v4.11.00 and prior was initially in scope but was later removed from the advisory scope in Update A; adjust asset inventory and detection scope accordingly. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rq3q-m2cf-pq6x: FactoryTalk Linx versions 6
ghsa_unreviewed·2022-05-24
CVE-2020-12001 [HIGH] CWE-20 GHSA-rq3q-m2cf-pq6x: FactoryTalk Linx versions 6
FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. The parsing mechanism that processes certain file types does not provide input sanitation. This may allow an attacker to use specially crafted files to traverse the file system and modify or expose sensitive data or execute arbitrary code.
CISA ICS
Rockwell Automation FactoryTalk Linx Software (Update A)
cisa_ics·2020-07-14·CVSS 8.1
[HIGH] Rockwell Automation FactoryTalk Linx Software (Update A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Rockwell Automation FactoryTalk Linx Software (Update A)
Last RevisedJuly 14, 2020
Alert CodeICSA-20-163-02
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.6
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: Rockwell Automation
- Equipment: FactoryTalk Linx Software
- Vulnerabilities: Improper Input Validation, Path Traversal, Unrestricted Upload of File with Dangerous Type
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition, obtain remote code execution, and read sensitive informati
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-06-15
Published