PT-2020-18724 · Rockwell Automation · Factorytalk Diagnostics
Published
2020-12-29
·
Updated
2020-12-30
·
CVE-2020-5807
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
FactoryTalk Diagnostics versions prior to the fixed version
Description
An unauthenticated remote attacker can send data to RsvcHost.exe listening on TCP port 5241 to add entries in the FactoryTalk Diagnostics event log. The attacker can specify long fields in the log entry, which can cause an unhandled exception in
wcscpy s() if a local user opens FactoryTalk Diagnostics Viewer (FTDiagViewer.exe) to view the log entry.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Improper Handling of Exceptional Conditions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Factorytalk Diagnostics