CVE-2020-27255

A heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unauthenticated attacker to send malicious set attribute requests, which could result in the leaking of sensitive information. This information disclosure could lead to the bypass of address space layout randomization (ASLR).

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://us-cert.cisa.gov/ics/advisories/icsa-20-329-01	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

cpe:2.3:a:rockwellautomation:factorytalk_linx:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-11-26 02:15

Updated : 2023-12-10 13:41

NVD link : CVE-2020-27255

Mitre link : CVE-2020-27255

CVE.ORG link : CVE-2020-27255

JSON object : View

Products Affected

rockwellautomation

factorytalk_linx

CWE

CWE-122

Heap-based Buffer Overflow

{"id": "CVE-2020-27255", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2020-11-26T02:15:12.243", "references": [{"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-329-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-122"}]}], "descriptions": [{"lang": "en", "value": "A heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unauthenticated attacker to send malicious set attribute requests, which could result in the leaking of sensitive information. This information disclosure could lead to the bypass of address space layout randomization (ASLR)."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de desbordamiento de la pila en FactoryTalk Linx versiones 6.11 y anteriores. Esta vulnerabilidad podr\u00eda permitir a un atacante remoto no autenticado enviar peticiones de atributos de configuraci\u00f3n maliciosos, lo que podr\u00eda resultar en un filtrado de informaci\u00f3n confidencial. Esta divulgaci\u00f3n de informaci\u00f3n podr\u00eda conllevar a una omisi\u00f3n de la aleatorizaci\u00f3n del dise\u00f1o de espacio de direcciones (ASLR)"}], "lastModified": "2020-11-30T19:33:55.467", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rockwellautomation:factorytalk_linx:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89622117-4485-4204-A5DA-B72F7F13D353", "versionEndIncluding": "6.11"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}