cbcvebase.
CVE-2020-27255
published 2020-11-26

CVE-2020-27255: A heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unauthenticated attacker to send…

PriorityP344high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
3.19%
86.5th percentile
A heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unauthenticated attacker to send malicious set attribute requests, which could result in the leaking of sensitive information. This information disclosure could lead to the bypass of address space layout randomization (ASLR).

Affected

2 ranges
VendorProductVersion rangeFixed in
rockwellautomationfactorytalk_linx<= 6.11
rockwellautomationfactorytalk_linx

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.