Vulnerability-Lookup

CNVD-2020-38694

Vulnerability from cnvd - Published: 2020-07-14

Title

多款Rockwell Automation产品路径遍历漏洞

Description

Rockwell Automation RSLinx Classic等都是美国罗克韦尔（Rockwell Automation）公司的产品。Rockwell Automation RSLinx Classic是一套工业通信解决方案。Rockwell Automation FactoryTalk Linx是一套工业通信解决方案。Rockwell Automation ControlFLASH是一款固件更新实用程序。多款Rockwell Automation产品中存在路径遍历漏洞。攻击者可借助特制请求利该漏洞遍历文件系统并获取敏感数据。

Severity

高

Patch Name

多款Rockwell Automation产品路径遍历漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1066644

Reference

https://www.us-cert.gov/ics/advisories/icsa-20-163-02

Impacted products

Name
['Rockwell Automation RSLinx Classic <=4.11.00', 'Rockwell Automation FactoryTalk Linx 6.00', 'Rockwell Automation FactoryTalk Linx 6.10', 'Rockwell Automation FactoryTalk Linx 6.11', 'Rockwell Automation Connected Components Workbench <=12', 'Rockwell Automation ControlFLASH <=14', 'Rockwell Automation ControlFLASH Plus <=1', 'Rockwell Automation FactoryTalk Asset Centre <=9', 'Rockwell Automation FactoryTalk Linx CommDTM <=1', 'Rockwell Automation Studio 5000 Launcher <=31', 'Rockwell Automation Studio 5000 Logix Designer software <=32']

Name

['Rockwell Automation RSLinx Classic <=4.11.00', 'Rockwell Automation FactoryTalk Linx 6.00', 'Rockwell Automation FactoryTalk Linx 6.10', 'Rockwell Automation FactoryTalk Linx 6.11', 'Rockwell Automation Connected Components Workbench <=12', 'Rockwell Automation ControlFLASH <=14', 'Rockwell Automation ControlFLASH Plus <=1', 'Rockwell Automation FactoryTalk Asset Centre <=9', 'Rockwell Automation FactoryTalk Linx CommDTM <=1', 'Rockwell Automation Studio 5000 Launcher <=31', 'Rockwell Automation Studio 5000 Logix Designer software <=32']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-12003"
    }
  },
  "description": "Rockwell Automation RSLinx Classic\u7b49\u90fd\u662f\u7f8e\u56fd\u7f57\u514b\u97e6\u5c14\uff08Rockwell Automation\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Rockwell Automation RSLinx Classic\u662f\u4e00\u5957\u5de5\u4e1a\u901a\u4fe1\u89e3\u51b3\u65b9\u6848\u3002Rockwell Automation FactoryTalk Linx\u662f\u4e00\u5957\u5de5\u4e1a\u901a\u4fe1\u89e3\u51b3\u65b9\u6848\u3002Rockwell Automation ControlFLASH\u662f\u4e00\u6b3e\u56fa\u4ef6\u66f4\u65b0\u5b9e\u7528\u7a0b\u5e8f\u3002\n\n\u591a\u6b3eRockwell Automation\u4ea7\u54c1\u4e2d\u5b58\u5728\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u8bf7\u6c42\u5229\u8be5\u6f0f\u6d1e\u904d\u5386\u6587\u4ef6\u7cfb\u7edf\u5e76\u83b7\u53d6\u654f\u611f\u6570\u636e\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1066644",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-38694",
  "openTime": "2020-07-14",
  "patchDescription": "Rockwell Automation RSLinx Classic\u7b49\u90fd\u662f\u7f8e\u56fd\u7f57\u514b\u97e6\u5c14\uff08Rockwell Automation\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Rockwell Automation RSLinx Classic\u662f\u4e00\u5957\u5de5\u4e1a\u901a\u4fe1\u89e3\u51b3\u65b9\u6848\u3002Rockwell Automation FactoryTalk Linx\u662f\u4e00\u5957\u5de5\u4e1a\u901a\u4fe1\u89e3\u51b3\u65b9\u6848\u3002Rockwell Automation ControlFLASH\u662f\u4e00\u6b3e\u56fa\u4ef6\u66f4\u65b0\u5b9e\u7528\u7a0b\u5e8f\u3002\r\n\r\n\u591a\u6b3eRockwell Automation\u4ea7\u54c1\u4e2d\u5b58\u5728\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u8bf7\u6c42\u5229\u8be5\u6f0f\u6d1e\u904d\u5386\u6587\u4ef6\u7cfb\u7edf\u5e76\u83b7\u53d6\u654f\u611f\u6570\u636e\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eRockwell Automation\u4ea7\u54c1\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Rockwell Automation RSLinx Classic \u003c=4.11.00",
      "Rockwell Automation FactoryTalk Linx 6.00",
      "Rockwell Automation FactoryTalk Linx 6.10",
      "Rockwell Automation FactoryTalk Linx 6.11",
      "Rockwell Automation Connected Components Workbench \u003c=12",
      "Rockwell Automation ControlFLASH \u003c=14",
      "Rockwell Automation ControlFLASH Plus \u003c=1",
      "Rockwell Automation FactoryTalk Asset Centre \u003c=9",
      "Rockwell Automation FactoryTalk Linx CommDTM \u003c=1",
      "Rockwell Automation Studio 5000 Launcher \u003c=31",
      "Rockwell Automation Studio 5000 Logix Designer software \u003c=32"
    ]
  },
  "referenceLink": "https://www.us-cert.gov/ics/advisories/icsa-20-163-02",
  "serverity": "\u9ad8",
  "submitTime": "2020-06-12",
  "title": "\u591a\u6b3eRockwell Automation\u4ea7\u54c1\u8def\u5f84\u904d\u5386\u6f0f\u6d1e"
}

CVE-2020-12003 (GCVE-0-2020-12003)

Vulnerability from cvelistv5 – Published: 2020-06-15 19:16 – Updated: 2024-08-04 11:48

Summary

FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. An exposed API call allows users to provide files to be processed without sanitation. This may allow an attacker to use specially crafted requests to traverse the file system and expose sensitive data on the local hard drive.

Severity ?

No CVSS data available.

CWE

CWE-22 - IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22

Assigner

icscert

References

URL

Tags

https://www.us-cert.gov/ics/advisories/icsa-20-163-02

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	FactoryTalk Linx, RSLinx Classic, Connected Components Workbench, ControlFLASH Plus, FactoryTalk Asset Centre, FactoryTalk Linx CommDTM, Studio 5000 Launcher, Studio 5000 Logix Designer software	Affected: FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:48:58.276Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-163-02"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "FactoryTalk Linx, RSLinx Classic, Connected Components Workbench, ControlFLASH Plus, FactoryTalk Asset Centre, FactoryTalk Linx CommDTM, Studio 5000 Launcher, Studio 5000 Logix Designer software",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. An exposed API call allows users to provide files to be processed without sanitation. This may allow an attacker to use specially crafted requests to traverse the file system and expose sensitive data on the local hard drive."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (\u0027PATH TRAVERSAL\u0027) CWE-22",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-15T19:16:36",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.us-cert.gov/ics/advisories/icsa-20-163-02"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2020-12003",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "FactoryTalk Linx, RSLinx Classic, Connected Components Workbench, ControlFLASH Plus, FactoryTalk Asset Centre, FactoryTalk Linx CommDTM, Studio 5000 Launcher, Studio 5000 Logix Designer software",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. An exposed API call allows users to provide files to be processed without sanitation. This may allow an attacker to use specially crafted requests to traverse the file system and expose sensitive data on the local hard drive."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (\u0027PATH TRAVERSAL\u0027) CWE-22"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.us-cert.gov/ics/advisories/icsa-20-163-02",
              "refsource": "MISC",
              "url": "https://www.us-cert.gov/ics/advisories/icsa-20-163-02"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2020-12003",
    "datePublished": "2020-06-15T19:16:36",
    "dateReserved": "2020-04-21T00:00:00",
    "dateUpdated": "2024-08-04T11:48:58.276Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2020-38694

CVE-2020-12003 (GCVE-0-2020-12003)

Tags

Sightings

Nomenclature