CVE-2020-12001

Name of the Vulnerable Software and Affected Versions FactoryTalk Linx versions 6.00 through 6.11 RSLinx Classic versions 4.11.00 and prior Connected Components Workbench versions 12 and prior ControlFLASH versions 14 and later ControlFLASH Plus versions 1 and later FactoryTalk Asset Centre versions 9 and later FactoryTalk Linx CommDTM versions 1 and later Studio 5000 Launcher versions 31 and later Studio 5000 Logix Designer software versions 32 and prior

Description The parsing mechanism that processes certain file types does not provide input sanitation, which may allow an attacker to use specially crafted files to traverse the file system, modify or expose sensitive data, or execute arbitrary code.

Recommendations For FactoryTalk Linx versions 6.00 through 6.11, consider disabling the file parsing mechanism until a patch is available. For RSLinx Classic versions 4.11.00 and prior, restrict access to the file system to minimize the risk of exploitation. For Connected Components Workbench versions 12 and prior, avoid using the vulnerable file types in the affected software until the issue is resolved. For ControlFLASH versions 14 and later, ControlFLASH Plus versions 1 and later, FactoryTalk Asset Centre versions 9 and later, FactoryTalk Linx CommDTM versions 1 and later, Studio 5000 Launcher versions 31 and later, and Studio 5000 Logix Designer software versions 32 and prior, at the moment, there is no information about a newer version that contains a fix for this vulnerability.