PT-2020-12993 · Rockwell Automation · Studio 5000 Logix Designer

Published

2020-07-09

Updated

2020-12-15

CVE-2020-12025

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Rockwell Automation Logix Designer Studio 5000 versions 32.00 through 32.02

Description The issue is related to an XML External Entity (XXE) vulnerability, which may allow an attacker to view hostnames or other resources from the program. This could potentially lead to information disclosure.

Recommendations For versions 32.00 through 32.02, update to a version that includes a fix for the XML External Entity vulnerability to prevent potential information disclosure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611

Related Identifiers

CVE-2020-12025

ZDI-20-824

Affected Products

Studio 5000 Logix Designer

PT-2020-12993 · Rockwell Automation · Studio 5000 Logix Designer

CVE-2020-12025

Weakness Enumeration

Related Identifiers

Affected Products

References · 5