Memory Corruption Issue in FactoryTalk Linx and Related Products
CVE-2020-12038

5.5MEDIUM

Key Information:

Vendor

Rockwellautomation

Status
Eds Subsystem, Factorytalk Linx Software (previously Called Rslinx Enterprise), Rslinx Classic, Rsnetworx Software, Studio 5000 Logix Designer Software
Vendor
CVE Published:
19 May 2020

What is CVE-2020-12038?

A memory corruption vulnerability exists in the EDS subsystem within FactoryTalk Linx and several other Rockwell Automation products. This issue affects versions 28.0.1 and prior of FactoryTalk Linx, as well as various versions of RSLinx and RSNetWorx software. The vulnerability stems from a flaw in the algorithm that processes square brackets in EDS files. An attacker could exploit this weakness by crafting malicious EDS files, resulting in a crash of the EDSParser COM object and potential denial-of-service conditions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

EDS Subsystem, FactoryTalk Linx software (Previously called RSLinx Enterprise), RSLinx Classic, RSNetWorx software, Studio 5000 Logix Designer software EDS Subsystem: Version 28.0.1 and prior, FactoryTalk Linx software (Previously called RSLinx Enterprise): Versions 6.00, 6.10, and 6.11, RSLinx Classic: Version 4.11.00 and prior, RSNetWorx software: Version 28.00.00 and prior, Studio 5000 Logix Designer software: Version 32 and prior

References

https://www.us-cert.gov/ics/advisories/icsa-20-140-01
x_refsource_MISC

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.