SQL Injection Vulnerability in FactoryTalk Linx and Related Products by Rockwell Automation
CVE-2020-12034

8.2HIGH

Key Information:

Vendor

Rockwellautomation

Status
Eds Subsystem, Factorytalk Linx Software (previously Called Rslinx Enterprise), Rslinx Classic, Rsnetworx Software, Studio 5000 Logix Designer Software
Vendor
CVE Published:
20 May 2020

What is CVE-2020-12034?

The EDS subsystem in Rockwell Automation products, including FactoryTalk Linx and RSLinx Classic, is vulnerable due to inadequate input sanitation. Attackers can exploit this vulnerability to craft malicious EDS files that could inject SQL queries, leading to potential database manipulation. Such actions may result in denial-of-service conditions, compromising the functionality of affected software systems.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

EDS Subsystem, FactoryTalk Linx software (Previously called RSLinx Enterprise), RSLinx Classic, RSNetWorx software, Studio 5000 Logix Designer software EDS Subsystem: Version 28.0.1 and prior, FactoryTalk Linx software (Previously called RSLinx Enterprise): Versions 6.00, 6.10, and 6.11, RSLinx Classic: Version 4.11.00 and prior, RSNetWorx software: Version 28.00.00 and prior, Studio 5000 Logix Designer software: Version 32 and prior

References

https://www.us-cert.gov/ics/advisories/icsa-20-140-01
x_refsource_MISC

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.