CVE-2020-12034

Name of the Vulnerable Software and Affected Versions FactoryTalk Linx software versions 6.00 through 6.11 RSLinx Classic version 4.11.00 and prior RSNetWorx software version 28.00.00 and prior Studio 5000 Logix Designer software version 32 and prior EDS Subsystem version 28.0.1 and prior

Description The EDS subsystem does not provide adequate input sanitation, which may allow an attacker to craft specialized EDS files to inject SQL queries and manipulate the database storing the EDS files. This can lead to denial-of-service conditions.

Recommendations For FactoryTalk Linx software versions 6.00 through 6.11, update to a version later than 6.11 to resolve the issue. For RSLinx Classic version 4.11.00 and prior, update to a version later than 4.11.00 to resolve the issue. For RSNetWorx software version 28.00.00 and prior, update to a version later than 28.00.00 to resolve the issue. For Studio 5000 Logix Designer software version 32 and prior, update to a version later than 32 to resolve the issue. For EDS Subsystem version 28.0.1 and prior, update to a version later than 28.0.1 to resolve the issue.