An unauthenticated remote attacker can send data to RsvcHost.exe listening on TCP port 5241 to add entries in the FactoryTalk Diagnostics event log. The attacker can specify long fields in the log entry, which can cause an unhandled exception in wcscpy_s() if a local user opens FactoryTalk Diagnostics Viewer (FTDiagViewer.exe) to view the log entry. Observed in FactoryTalk Diagnostics 6.11. All versions of FactoryTalk Diagnostics are affected.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: tenable

Published: 2020-12-29T15:18:35

Updated: 2024-08-04T08:39:25.779Z

Reserved: 2020-01-06T00:00:00

Link: CVE-2020-5807

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-12-29T16:15:14.933

Modified: 2024-11-21T05:34:37.977

Link: CVE-2020-5807

cve-icon Redhat

No data.