CVE-2020-12034

Products that use EDS Subsystem: Version 28.0.1 and prior (FactoryTalk Linx software (Previously called RSLinx Enterprise): Versions 6.00, 6.10, and 6.11, RSLinx Classic: Version 4.11.00 and prior, RSNetWorx software: Version 28.00.00 and prior, Studio 5000 Logix Designer software: Version 32 and prior) is vulnerable.The EDS subsystem does not provide adequate input sanitation, which may allow an attacker to craft specialized EDS files to inject SQL queries and manipulate the database storing the EDS files. This can lead to denial-of-service conditions.

CVSS v3 8.2 HIGH
CVSS v2.0 4.8 MEDIUM

8.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 4.7

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact HIGH

Scope CHANGED

4.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:A/AC:L/Au:N/C:N/I:P/A:P

Exploitability : 6.5 / Impact : 4.9

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://www.us-cert.gov/ics/advisories/icsa-20-140-01	Mitigation Patch Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

cpe:2.3:a:rockwellautomation:eds_subsystem:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:a:rockwellautomation:rslinx:::::classic:::*
	cpe:2.3:a:rockwellautomation:rslinx_enterprise:6.00.00:::::::*
	cpe:2.3:a:rockwellautomation:rslinx_enterprise:6.10.00:::::::*
	cpe:2.3:a:rockwellautomation:rslinx_enterprise:6.11.00:::::::*
	cpe:2.3:a:rockwellautomation:rsnetworx::::::::
	cpe:2.3:a:rockwellautomation:studio_5000_logix_designer::::::::

History

No history.

Information

Published : 2020-05-20 03:15

Updated : 2024-02-04 21:00

NVD link : CVE-2020-12034

Mitre link : CVE-2020-12034

CVE.ORG link : CVE-2020-12034

JSON object : View

Products Affected

rockwellautomation

rslinx_enterprise
eds_subsystem
rslinx
studio_5000_logix_designer
rsnetworx

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2020-12034", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.8, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.7, "exploitabilityScore": 2.8}]}, "published": "2020-05-20T03:15:09.960", "references": [{"url": "https://www.us-cert.gov/ics/advisories/icsa-20-140-01", "tags": ["Mitigation", "Patch", "Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Products that use EDS Subsystem: Version 28.0.1 and prior (FactoryTalk Linx software (Previously called RSLinx Enterprise): Versions 6.00, 6.10, and 6.11, RSLinx Classic: Version 4.11.00 and prior, RSNetWorx software: Version 28.00.00 and prior, Studio 5000 Logix Designer software: Version 32 and prior) is vulnerable.The EDS subsystem does not provide adequate input sanitation, which may allow an attacker to craft specialized EDS files to inject SQL queries and manipulate the database storing the EDS files. This can lead to denial-of-service conditions."}, {"lang": "es", "value": "Productos que usan EDS Subsystem: versi\u00f3n 28.0.1 y anteriores (software FactoryTalk Linx (anteriormente llamado RSLinx Enterprise): versiones 6.00, 6.10 y 6.11, RSLinx Classic: versi\u00f3n 4.11.00 y anteriores, software RSNetWorx: versi\u00f3n 28.00.00 y anteriores, software Studio 5000 Logix Designer: versi\u00f3n 32 y anteriores) son vulnerables. El EDS Subsystem no proporciona un saneamiento de entrada adecuado, lo que puede permitir a un atacante dise\u00f1ar archivos EDS especializados para inyectar consultas SQL y manipular la base de datos que almacena los archivos EDS. Esto puede conllevar a condiciones de denegaci\u00f3n de servicio."}], "lastModified": "2020-05-22T16:38:55.050", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rockwellautomation:eds_subsystem:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A38919F2-5EA3-4581-9034-C9D09A3CDEB3", "versionEndIncluding": "28.0.1"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rockwellautomation:rslinx:*:*:*:*:classic:*:*:*", "vulnerable": true, "matchCriteriaId": "E52AA077-A130-4CBF-84C8-76E10D94C0E3", "versionEndIncluding": "4.11.00"}, {"criteria": "cpe:2.3:a:rockwellautomation:rslinx_enterprise:6.00.00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "11B12B3C-8A2A-474E-8DE3-E666174800A0"}, {"criteria": "cpe:2.3:a:rockwellautomation:rslinx_enterprise:6.10.00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0D6F9C0-CB2A-42FB-B3E2-4E43002C7579"}, {"criteria": "cpe:2.3:a:rockwellautomation:rslinx_enterprise:6.11.00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EEEB8D1D-C0C8-4CC6-A89D-98D788571217"}, {"criteria": "cpe:2.3:a:rockwellautomation:rsnetworx:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CBCDDC69-A4B2-4665-88C8-6B6A337C5CDC", "versionEndIncluding": "28.00.00"}, {"criteria": "cpe:2.3:a:rockwellautomation:studio_5000_logix_designer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F9B29F9-ABAD-4E59-9298-528639F394F3", "versionEndIncluding": "32.0"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}