CVE-2020-5802 - Vulnerability Details - OpenCVE

Description

An attacker-controlled memory allocation size can be passed to the C++ new operator in RnaDaSvr.dll by sending a specially crafted ConfigureItems message to TCP port 4241. This will cause an unhandled exception, resulting in termination of RSLinxNG.exe. Observed in FactoryTalk 6.11. All versions of FactoryTalk Linx are affected.

Published: 2020-12-29

Score: 7.5 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

Rockwell FactoryTalk Linx

affected

Version	Status	Constraints
`All versions of FactoryTalk Linx`	affected	—

Configuration 1 [-]

cpe:2.3:a:rockwellautomation:factorytalk_linx:*:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2020-26959	An attacker-controlled memory allocation size can be passed to the C++ new operator in RnaDaSvr.dll by sending a specially crafted ConfigureItems message to TCP port 4241. This will cause an unhandled exception, resulting in termination of RSLinxNG.exe. Observed in FactoryTalk 6.11. All versions of FactoryTalk Linx are affected.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00168.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://www.tenable.com/security/research/tra-2020-71

History

No history.

Subscriptions

Rockwellautomation Factorytalk Linx

MITRE

Status: PUBLISHED

Assigner: tenable

Published: 2020-12-29T15:04:26.000Z

Updated: 2024-08-04T08:39:25.932Z

Reserved: 2020-01-06T00:00:00.000Z

Link: CVE-2020-5802

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-12-29T16:15:14.840

Modified: 2024-11-21T05:34:37.430

Link: CVE-2020-5802

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-770

{"containers": {"cna": {"affected": [{"product": "Rockwell FactoryTalk Linx", "vendor": "n/a", "versions": [{"status": "affected", "version": "All versions of FactoryTalk Linx"}]}], "descriptions": [{"lang": "en", "value": "An attacker-controlled memory allocation size can be passed to the C++ new operator in RnaDaSvr.dll by sending a specially crafted ConfigureItems message to TCP port 4241. This will cause an unhandled exception, resulting in termination of RSLinxNG.exe. Observed in FactoryTalk 6.11. All versions of FactoryTalk Linx are affected."}], "problemTypes": [{"descriptions": [{"description": "Unauthenticated Remote Denial of Service", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-12-29T15:04:26.000Z", "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "shortName": "tenable"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.tenable.com/security/research/tra-2020-71"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vulnreport@tenable.com", "ID": "CVE-2020-5802", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Rockwell FactoryTalk Linx", "version": {"version_data": [{"version_value": "All versions of FactoryTalk Linx"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An attacker-controlled memory allocation size can be passed to the C++ new operator in RnaDaSvr.dll by sending a specially crafted ConfigureItems message to TCP port 4241. This will cause an unhandled exception, resulting in termination of RSLinxNG.exe. Observed in FactoryTalk 6.11. All versions of FactoryTalk Linx are affected."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Unauthenticated Remote Denial of Service"}]}]}, "references": {"reference_data": [{"name": "https://www.tenable.com/security/research/tra-2020-71", "refsource": "CONFIRM", "url": "https://www.tenable.com/security/research/tra-2020-71"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T08:39:25.932Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.tenable.com/security/research/tra-2020-71"}]}]}, "cveMetadata": {"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "assignerShortName": "tenable", "cveId": "CVE-2020-5802", "datePublished": "2020-12-29T15:04:26.000Z", "dateReserved": "2020-01-06T00:00:00.000Z", "dateUpdated": "2024-08-04T08:39:25.932Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rockwellautomation:factorytalk_linx:*:*:*:*:*:*:*:*", "matchCriteriaId": "89622117-4485-4204-A5DA-B72F7F13D353", "versionEndIncluding": "6.11", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An attacker-controlled memory allocation size can be passed to the C++ new operator in RnaDaSvr.dll by sending a specially crafted ConfigureItems message to TCP port 4241. This will cause an unhandled exception, resulting in termination of RSLinxNG.exe. Observed in FactoryTalk 6.11. All versions of FactoryTalk Linx are affected."}, {"lang": "es", "value": "Un tama\u00f1o de asignaci\u00f3n de memoria controlado por el atacante puede ser pasado al nuevo operador de C++ en la biblioteca RnaDaSvr.dll mediante el env\u00edo de un mensaje ConfigureItems especialmente dise\u00f1ado hacia el puerto TCP 4241. Esto causar\u00e1 una excepci\u00f3n no manejada, resultando en la terminaci\u00f3n del archivo RSLinxNG.exe. Observado en FactoryTalk versi\u00f3n 6.11. Todas las versiones de FactoryTalk Linx est\u00e1n afectadas"}], "id": "CVE-2020-5802", "lastModified": "2024-11-21T05:34:37.430", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-12-29T16:15:14.840", "references": [{"source": "vulnreport@tenable.com", "tags": ["Third Party Advisory"], "url": "https://www.tenable.com/security/research/tra-2020-71"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.tenable.com/security/research/tra-2020-71"}], "sourceIdentifier": "vulnreport@tenable.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "nvd@nist.gov", "type": "Primary"}]}