VAR-202007-0192
Vulnerability from variot - Updated: 2024-11-23 23:01Rockwell Automation Logix Designer Studio 5000 Versions 32.00, 32.01, and 32.02 vulnerable to an xml external entity (XXE) vulnerability, which may allow an attacker to view hostnames or other resources from the program. Rockwell Automation Provides Logix Designer Studio 5000 Is management software for control systems for industrial equipment. For the product XML Improper restriction vulnerability in external entity reference (CWE-611) Exists.If an unauthenticated third party creates and loads a specially crafted file, the system host name and resources may be leaked from the product. Authentication is not required to exploit this vulnerability.The specific flaw exists within the parsing of AML files. An attacker can leverage this vulnerability to disclose information in the context of the current process. The vulnerability stems from the program not properly restricting references to XML external entities. Attackers can use the vulnerability to view host names or other resources
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "studio 5000 logix designer",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "32.00"
},
{
"_id": null,
"model": "studio 5000 logix designer",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "32.01"
},
{
"_id": null,
"model": "studio 5000 logix designer",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "32.02"
},
{
"_id": null,
"model": "logix designer studio 5000",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "versions 32.00\u300132.01 \u304a\u3088\u3073 32.02"
},
{
"_id": null,
"model": "studio 5000",
"scope": null,
"trust": 0.7,
"vendor": "rockwell automation",
"version": null
},
{
"_id": null,
"model": "automation studio logix designer",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "500032.00"
},
{
"_id": null,
"model": "automation studio logix designer",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "500032.01"
},
{
"_id": null,
"model": "automation studio logix designer",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "500032.02"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-824"
},
{
"db": "CNVD",
"id": "CNVD-2020-38409"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006585"
},
{
"db": "NVD",
"id": "CVE-2020-12025"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:rockwellautomation:logix_designer_studio5000",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006585"
}
]
},
"credits": {
"_id": null,
"data": "Chris Anastasio (muffin) and Steven Seeley (mr_me) of Incite Team",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-824"
}
],
"trust": 0.7
},
"cve": "CVE-2020-12025",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2020-12025",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2020-38409",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-164662",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"id": "CVE-2020-12025",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "IPA score",
"availabilityImpact": "None",
"baseScore": 3.6,
"baseSeverity": "Low",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2020-006585",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"id": "CVE-2020-12025",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-12025",
"trust": 1.0,
"value": "LOW"
},
{
"author": "IPA",
"id": "JVNDB-2020-006585",
"trust": 0.8,
"value": "Low"
},
{
"author": "ZDI",
"id": "CVE-2020-12025",
"trust": 0.7,
"value": "LOW"
},
{
"author": "CNVD",
"id": "CNVD-2020-38409",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-202007-438",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-164662",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-824"
},
{
"db": "CNVD",
"id": "CNVD-2020-38409"
},
{
"db": "VULHUB",
"id": "VHN-164662"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006585"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-438"
},
{
"db": "NVD",
"id": "CVE-2020-12025"
}
]
},
"description": {
"_id": null,
"data": "Rockwell Automation Logix Designer Studio 5000 Versions 32.00, 32.01, and 32.02 vulnerable to an xml external entity (XXE) vulnerability, which may allow an attacker to view hostnames or other resources from the program. Rockwell Automation Provides Logix Designer Studio 5000 Is management software for control systems for industrial equipment. For the product XML Improper restriction vulnerability in external entity reference (CWE-611) Exists.If an unauthenticated third party creates and loads a specially crafted file, the system host name and resources may be leaked from the product. Authentication is not required to exploit this vulnerability.The specific flaw exists within the parsing of AML files. An attacker can leverage this vulnerability to disclose information in the context of the current process. The vulnerability stems from the program not properly restricting references to XML external entities. Attackers can use the vulnerability to view host names or other resources",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12025"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006585"
},
{
"db": "ZDI",
"id": "ZDI-20-824"
},
{
"db": "CNVD",
"id": "CNVD-2020-38409"
},
{
"db": "VULHUB",
"id": "VHN-164662"
}
],
"trust": 2.88
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-12025",
"trust": 3.8
},
{
"db": "ICS CERT",
"id": "ICSA-20-191-02",
"trust": 3.1
},
{
"db": "ZDI",
"id": "ZDI-20-824",
"trust": 1.3
},
{
"db": "JVN",
"id": "JVNVU96476381",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006585",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10290",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-38409",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202007-438",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.2366",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "47500",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-164662",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-824"
},
{
"db": "CNVD",
"id": "CNVD-2020-38409"
},
{
"db": "VULHUB",
"id": "VHN-164662"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006585"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-438"
},
{
"db": "NVD",
"id": "CVE-2020-12025"
}
]
},
"id": "VAR-202007-0192",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38409"
},
{
"db": "VULHUB",
"id": "VHN-164662"
}
],
"trust": 1.5333333
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38409"
}
]
},
"last_update_date": "2024-11-23T23:01:20.715000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Studio 5000 Logix Designer",
"trust": 0.8,
"url": "https://www.rockwellautomation.com/site-selection.html"
},
{
"title": "Product Compatibility \u0026 Download Center from Rockwell Automation",
"trust": 0.8,
"url": "https://compatibility.rockwellautomation.com/Pages/home.aspx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006585"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-611",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-164662"
},
{
"db": "NVD",
"id": "CVE-2020-12025"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-191-02"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12025"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu96476381/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47500"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2366/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12025"
},
{
"trust": 0.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-824/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38409"
},
{
"db": "VULHUB",
"id": "VHN-164662"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006585"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-438"
},
{
"db": "NVD",
"id": "CVE-2020-12025"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-20-824",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2020-38409",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-164662",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006585",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202007-438",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-12025",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2020-07-09T00:00:00",
"db": "ZDI",
"id": "ZDI-20-824",
"ident": null
},
{
"date": "2020-07-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-38409",
"ident": null
},
{
"date": "2020-07-14T00:00:00",
"db": "VULHUB",
"id": "VHN-164662",
"ident": null
},
{
"date": "2020-07-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006585",
"ident": null
},
{
"date": "2020-07-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-438",
"ident": null
},
{
"date": "2020-07-14T13:15:11.343000",
"db": "NVD",
"id": "CVE-2020-12025",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2021-06-29T00:00:00",
"db": "ZDI",
"id": "ZDI-20-824",
"ident": null
},
{
"date": "2020-07-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-38409",
"ident": null
},
{
"date": "2020-12-15T00:00:00",
"db": "VULHUB",
"id": "VHN-164662",
"ident": null
},
{
"date": "2020-07-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006585",
"ident": null
},
{
"date": "2020-12-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-438",
"ident": null
},
{
"date": "2024-11-21T04:59:08.237000",
"db": "NVD",
"id": "CVE-2020-12025",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-438"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Rockwell Automation Made Logix Designer Studio 5000 To XML Improper restriction vulnerability in external entity reference",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006585"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-438"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…