FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior, Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, and more are affected by CVE-2020-12005, allowing unrestricted file uploads and potential denial-of-service attacks. Learn how to mitigate this vulnerability.
FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior, Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later, Studio 5000 Logix Designer software: Version 32 and prior are affected by a vulnerability allowing unrestricted upload of files with dangerous types, potentially leading to denial-of-service attacks.
Understanding CVE-2020-12005
This CVE involves a vulnerability in communication functions that enable users to upload EDS files by FactoryTalk Linx, potentially exploited by attackers to cause denial-of-service conditions.
What is CVE-2020-12005?
The Impact of CVE-2020-12005
Technical Details of CVE-2020-12005
This section provides technical details of the vulnerability.
Vulnerability Description
Affected Systems and Versions
Exploitation Mechanism
Mitigation and Prevention
Protecting systems from CVE-2020-12005 is crucial.
Immediate Steps to Take
Long-Term Security Practices
Patching and Updates