CVE-2020-12038

Products that use EDS Subsystem: Version 28.0.1 and prior (FactoryTalk Linx software (Previously called RSLinx Enterprise): Versions 6.00, 6.10, and 6.11, RSLinx Classic: Version 4.11.00 and prior, RSNetWorx software: Version 28.00.00 and prior, Studio 5000 Logix Designer software: Version 32 and prior) is vulnerable. A memory corruption vulnerability exists in the algorithm that matches square brackets in the EDS subsystem. This may allow an attacker to craft specialized EDS files to crash the EDSParser COM object, leading to denial-of-service conditions.

CVSS v3 5.5 MEDIUM
CVSS v2.0 4.3 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://www.us-cert.gov/ics/advisories/icsa-20-140-01	Mitigation Patch Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

cpe:2.3:a:rockwellautomation:eds_subsystem:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:a:rockwellautomation:rslinx:::::classic:::*
	cpe:2.3:a:rockwellautomation:rslinx_enterprise:6.00.00:::::::*
	cpe:2.3:a:rockwellautomation:rslinx_enterprise:6.10.00:::::::*
	cpe:2.3:a:rockwellautomation:rslinx_enterprise:6.11.00:::::::*
	cpe:2.3:a:rockwellautomation:rsnetworx::::::::
	cpe:2.3:a:rockwellautomation:studio_5000_logix_designer::::::::

History

23 Sep 2021, 13:34

Type	Values Removed	Values Added
CWE	~~CWE-119~~	CWE-787

Information

Published : 2020-05-19 22:15

Updated : 2024-02-04 21:00

NVD link : CVE-2020-12038

Mitre link : CVE-2020-12038

CVE.ORG link : CVE-2020-12038

JSON object : View

Products Affected

rockwellautomation

rslinx_enterprise
eds_subsystem
rslinx
studio_5000_logix_designer
rsnetworx

CWE

CWE-787

Out-of-bounds Write

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2020-12038", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2020-05-19T22:15:12.013", "references": [{"url": "https://www.us-cert.gov/ics/advisories/icsa-20-140-01", "tags": ["Mitigation", "Patch", "Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Products that use EDS Subsystem: Version 28.0.1 and prior (FactoryTalk Linx software (Previously called RSLinx Enterprise): Versions 6.00, 6.10, and 6.11, RSLinx Classic: Version 4.11.00 and prior, RSNetWorx software: Version 28.00.00 and prior, Studio 5000 Logix Designer software: Version 32 and prior) is vulnerable. A memory corruption vulnerability exists in the algorithm that matches square brackets in the EDS subsystem. This may allow an attacker to craft specialized EDS files to crash the EDSParser COM object, leading to denial-of-service conditions."}, {"lang": "es", "value": "Productos que usan EDS Subsystem: versi\u00f3n 28.0.1 y anteriores (software FactoryTalk Linx (anteriormente llamado RSLinx Enterprise): versiones 6.00, 6.10 y 6.11, RSLinx Classic: versi\u00f3n 4.11.00 y anteriores, software RSNetWorx: versi\u00f3n 28.00.00 y anteriores , software Studio 5000 Logix Designer: versi\u00f3n 32 y anteriores), es vulnerable. Se presenta una vulnerabilidad de corrupci\u00f3n de memoria en el algoritmo que coincide con los corchetes en el subsistema EDS. Esto puede permitir a un atacante crear archivos EDS especializados para bloquear el objeto COM EDSParser, conllevando a condiciones de denegaci\u00f3n de servicio."}], "lastModified": "2021-09-23T13:34:24.913", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rockwellautomation:eds_subsystem:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A38919F2-5EA3-4581-9034-C9D09A3CDEB3", "versionEndIncluding": "28.0.1"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rockwellautomation:rslinx:*:*:*:*:classic:*:*:*", "vulnerable": true, "matchCriteriaId": "E52AA077-A130-4CBF-84C8-76E10D94C0E3", "versionEndIncluding": "4.11.00"}, {"criteria": "cpe:2.3:a:rockwellautomation:rslinx_enterprise:6.00.00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "11B12B3C-8A2A-474E-8DE3-E666174800A0"}, {"criteria": "cpe:2.3:a:rockwellautomation:rslinx_enterprise:6.10.00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0D6F9C0-CB2A-42FB-B3E2-4E43002C7579"}, {"criteria": "cpe:2.3:a:rockwellautomation:rslinx_enterprise:6.11.00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EEEB8D1D-C0C8-4CC6-A89D-98D788571217"}, {"criteria": "cpe:2.3:a:rockwellautomation:rsnetworx:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CBCDDC69-A4B2-4665-88C8-6B6A337C5CDC", "versionEndIncluding": "28.00.00"}, {"criteria": "cpe:2.3:a:rockwellautomation:studio_5000_logix_designer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F9B29F9-ABAD-4E59-9298-528639F394F3", "versionEndIncluding": "32.0"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}