PT-2020-13005 · Rockwell Automation · Rsnetworx+3
Published
2020-05-19
·
Updated
2021-09-23
·
CVE-2020-12038
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
FactoryTalk Linx software versions 6.00 through 6.11
RSLinx Classic version 4.11.00 and prior
RSNetWorx software version 28.00.00 and prior
Studio 5000 Logix Designer software versions prior to 32
Products that use EDS Subsystem version 28.0.1 and prior
Description
A memory corruption issue exists in the algorithm that matches square brackets in the EDS subsystem. This may allow an attacker to craft specialized EDS files to crash the EDSParser COM object, leading to denial-of-service conditions.
Recommendations
For FactoryTalk Linx software versions 6.00 through 6.11, update to a version later than 6.11.
For RSLinx Classic version 4.11.00 and prior, update to a version later than 4.11.00.
For RSNetWorx software version 28.00.00 and prior, update to a version later than 28.00.00.
For Studio 5000 Logix Designer software versions prior to 32, update to version 32 or later.
For Products that use EDS Subsystem version 28.0.1 and prior, update to a version later than 28.0.1.
Fix
Buffer Overflow
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Factorytalk Linx
Rslinx Classic
Rsnetworx
Studio 5000 Logix Designer