CVE-2020-12003 : Security Advisory and Response
Learn about CVE-2020-12003 affecting FactoryTalk Linx, RSLinx Classic, and other Rockwell Automation software. Find out the impact, affected versions, and mitigation steps.
FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior, Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later, Studio 5000 Logix Designer software: Version 32 and prior are vulnerable to a path traversal vulnerability.
Understanding CVE-2020-12003
This CVE identifies a path traversal vulnerability in various Rockwell Automation software products.
What is CVE-2020-12003?
The vulnerability allows attackers to exploit an exposed API call, enabling them to submit files for processing without proper sanitization. This could lead to unauthorized access to sensitive data on the local hard drive.
The Impact of CVE-2020-12003
The vulnerability could result in unauthorized access to sensitive information, potential data breaches, and compromise of the affected systems.
Technical Details of CVE-2020-12003
The following technical details outline the specifics of the CVE.
Vulnerability Description
The vulnerability involves improper limitation of a pathname to a restricted directory, known as a path traversal vulnerability (CWE-22).
Affected Systems and Versions
- FactoryTalk Linx versions 6.00, 6.10, and 6.11
- RSLinx Classic v4.11.00 and prior
- Connected Components Workbench: Version 12 and prior
- ControlFLASH: Version 14 and later
- ControlFLASH Plus: Version 1 and later
- FactoryTalk Asset Centre: Version 9 and later
- FactoryTalk Linx CommDTM: Version 1 and later
- Studio 5000 Launcher: Version 31 and later
- Studio 5000 Logix Designer software: Version 32 and prior
Exploitation Mechanism
The vulnerability is exploited through specially crafted requests that manipulate the file system to access sensitive data.
Mitigation and Prevention
Protect your systems from CVE-2020-12003 with the following measures.
Immediate Steps to Take
- Apply security patches provided by the vendor promptly.
- Implement network segmentation to limit the impact of potential attacks.
- Monitor network traffic for any suspicious activity.
Long-Term Security Practices
- Regularly update and patch all software and systems.
- Conduct security assessments and penetration testing to identify vulnerabilities.
- Educate users on safe computing practices and the importance of cybersecurity.
Patching and Updates
Ensure that all affected systems are updated with the latest patches and security fixes to mitigate the risk of exploitation.