CVE-2020-27255
published 2020-11-26CVE-2020-27255: A heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unauthenticated attacker to send…
PriorityP344high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
3.19%
86.5th percentile
A heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unauthenticated attacker to send malicious set attribute requests, which could result in the leaking of sensitive information. This information disclosure could lead to the bypass of address space layout randomization (ASLR).
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rockwellautomation | factorytalk_linx | <= 6.11 | — |
| rockwellautomation | factorytalk_linx | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Rockwell Automation FactoryTalk Linx
cisa_ics·2020-11-24·CVSS 9.8
[CRITICAL] Rockwell Automation FactoryTalk Linx
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Rockwell Automation FactoryTalk Linx
Last RevisedNovember 24, 2020
Alert CodeICSA-20-329-01
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/Low skill level to exploit
- Vendor: Rockwell Automation
- Equipment: FactoryTalk Linx
- Vulnerabilities: Improper Input Validation, Heap-based Buffer Overflow
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow a denial-of-service condition, remote code execution, or leak information that could be used to bypass address space layout randomization (ASLR).
## 3. TECHNICAL DETAILS
GHSA
GHSA-q4jm-4p9g-2h6g: A heap overflow vulnerability exists within FactoryTalk Linx Version 6
ghsa_unreviewed·2022-05-24
CVE-2020-27255 [HIGH] CWE-122 GHSA-q4jm-4p9g-2h6g: A heap overflow vulnerability exists within FactoryTalk Linx Version 6
A heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unauthenticated attacker to send malicious set attribute requests, which could result in the leaking of sensitive information. This information disclosure could lead to the bypass of address space layout randomization (ASLR).
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-11-26
Published