CVE-2020-12005

Name of the Vulnerable Software and Affected Versions FactoryTalk Linx versions 6.00 through 6.11 RSLinx Classic versions 4.11.00 and prior Connected Components Workbench versions 12 and prior ControlFLASH versions 14 and later ControlFLASH Plus versions 1 and later FactoryTalk Asset Centre versions 9 and later FactoryTalk Linx CommDTM versions 1 and later Studio 5000 Launcher versions 31 and later Studio 5000 Logix Designer software versions 32 and prior

Description A vulnerability exists in the communication function that enables users to upload EDS files by FactoryTalk Linx. This may allow an attacker to upload a file with bad compression, consuming all the available CPU resources, leading to a denial-of-service condition.

Recommendations For FactoryTalk Linx versions 6.00 through 6.11, consider disabling the communication function that enables users to upload EDS files until a patch is available. For RSLinx Classic versions 4.11.00 and prior, restrict access to the EDS file upload feature to minimize the risk of exploitation. For Connected Components Workbench versions 12 and prior, avoid using the EDS file upload feature in the communication function until the issue is resolved. For ControlFLASH versions 14 and later, ControlFLASH Plus versions 1 and later, FactoryTalk Asset Centre versions 9 and later, FactoryTalk Linx CommDTM versions 1 and later, Studio 5000 Launcher versions 31 and later, and Studio 5000 Logix Designer software versions 32 and prior, at the moment, there is no information about a newer version that contains a fix for this vulnerability.