CVE-2020-5807
published 2020-12-29CVE-2020-5807: An unauthenticated remote attacker can send data to RsvcHost.exe listening on TCP port 5241 to add entries in the FactoryTalk Diagnostics event log. The…
PriorityP357high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
33.84%
98.2th percentile
An unauthenticated remote attacker can send data to RsvcHost.exe listening on TCP port 5241 to add entries in the FactoryTalk Diagnostics event log. The attacker can specify long fields in the log entry, which can cause an unhandled exception in wcscpy_s() if a local user opens FactoryTalk Diagnostics Viewer (FTDiagViewer.exe) to view the log entry. Observed in FactoryTalk Diagnostics 6.11. All versions of FactoryTalk Diagnostics are affected.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rockwellautomation | factorytalk_diagnostics | <= 6.11 | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Rockwell Automation FactoryTalk Linx and FactoryTalk Services Platform
cisa_ics·2021-01-28·CVSS 7.5
[HIGH] Rockwell Automation FactoryTalk Linx and FactoryTalk Services Platform
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Rockwell Automation FactoryTalk Linx and FactoryTalk Services Platform
Last RevisedJanuary 28, 2021
Alert CodeICSA-21-028-01
## 1. EXECUTIVE SUMMARY
- CVSS v3 7.5
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: Rockwell Automation
- Equipment: FactoryTalk Linx and FactoryTalk Services Platform
- Vulnerabilities: Classic Buffer overflow, Improper Check or Handling of Exceptional Conditions
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities may result in denial-of-service conditions.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCT
GHSA
GHSA-f3hv-32hf-cqw9: An unauthenticated remote attacker can send data to RsvcHost
ghsa_unreviewed·2022-05-24
CVE-2020-5807 [HIGH] CWE-755 GHSA-f3hv-32hf-cqw9: An unauthenticated remote attacker can send data to RsvcHost
An unauthenticated remote attacker can send data to RsvcHost.exe listening on TCP port 5241 to add entries in the FactoryTalk Diagnostics event log. The attacker can specify long fields in the log entry, which can cause an unhandled exception in wcscpy_s() if a local user opens FactoryTalk Diagnostics Viewer (FTDiagViewer.exe) to view the log entry. Observed in FactoryTalk Diagnostics 6.11. All versions of FactoryTalk Diagnostics are affected.
No detection rules found.
No public exploits indexed.
2020-12-29
Published