1) Buffer overflow

Severity: Medium

CVSSv3:
5 [CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID:
CVE-2020-12038

CWE-ID:
CWE-119 – Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability:
No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the algorithm that matches square brackets in the EDS subsystem. A remote authenticated attacker can create a specially crafted EDS file, trick the victim into opening it, trigger memory corruption and cause a denial of service condition on the target system.

Mitigation

Install updates from vendor’s website.

Vulnerable software versions

EDS Subsystem:
-, 28.0.1

RSLinx Classic:
-, 4.11.00

FactoryTalk Linx:
6.00, 6.10, 6.11

RSNetWorx software:
-, 28.00.00

Studio 5000 Logix Designer:
-, 32

CPE

External links

https://www.us-cert.gov/ics/advisories/icsa-20-140-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) SQL injection

Severity: Low

CVSSv3:
6.2 [CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID:
CVE-2020-12034

CWE-ID:
CWE-89 – Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)

Exploit availability:
No

Description


The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.


The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker on the local network can send a specially crafted EDS file to the affected application and manipulate the database storing the EDS files, leading to denial-of-service conditions.

Mitigation

Install updates from vendor’s website.

Vulnerable software versions

EDS Subsystem:
-, 28.0.1

RSLinx Classic:
-, 4.11.00

FactoryTalk Linx:
6.00, 6.10, 6.11

RSNetWorx software:
-, 28.00.00

Studio 5000 Logix Designer:
-, 32

CPE

External links

https://www.us-cert.gov/ics/advisories/icsa-20-140-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.





Source link

Write a comment:
*

Your email address will not be published.