CVE-2020-12005 Information

Description

FactoryTalk Linx versions 6.00 6.10 and 6.11 RSLinx Classic v4.11.00 and priorConnected Components Workbench: Version 12 and prior ControlFLASH: Version 14 and later ControlFLASH Plus: Version 1 and later FactoryTalk Asset Centre: Version 9 and later FactoryTalk Linx CommDTM: Version 1 and later Studio 5000 Launcher: Version 31 and later Stud 5000 Logix Designer software: Version 32 and prior is vulnerable. A vulnerability exists in the communication function that enables users to upload EDS files by FactoryTalk Linx. This may allow an attacker to upload a file with bad compression consuming all the available CPU resources leading to a denial-of-service condition.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Reference

https://www.us-cert.gov/ics/advisories/icsa-20-163-02

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

7.5