CVE-2020-5802

Name of the Vulnerable Software and Affected Versions FactoryTalk Linx versions prior to the fixed version

Description The issue is related to insufficient exception handling in the FactoryTalk Linx system, allowing a remote attacker to terminate RSLinxNG.exe by sending a specially crafted ConfigureItems message to TCP port 4241. This can be achieved by passing an attacker-controlled memory allocation size to the C++ new operator in RnaDaSvr.dll, resulting in an unhandled exception. The vulnerability was observed in FactoryTalk 6.11.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.