Rockwell Automation FactoryTalk Linx Path Traversal Information Disclosure

high Nessus Plugin ID 141304

Synopsis

The remote SCADA application is affected by an information disclosure vulnerability.

Description

The Rockwell Automation FactoryTalk Linx running on the remote host is affected by a path traversal vulnerability due to the lack of validation of user-supplied file paths before using them in file operations. An unauthenticated, remote attacker can exploit this, via specially crafted messages, to disclose the contents of files on the remote host with SYSTEM privileges.

This plugin requires the 'Scan Operational Technology devices' scan setting to be enabled for it to be launched.

Note that the application is reportedly affected by other vulnerabilities; however, this plugin has not tested for those issues.

Solution

Apply Patch Aid 1124820 or the May 2020 Patch Roll-up or later.

See Also

http://www.nessus.org/u?8ad24a10

Plugin Details

Severity: High

ID: 141304

File Name: scada_rockwell_ftlinx_cve-2020-12003.nbin

Version: 1.39

Type: remote

Family: SCADA

Published: 10/8/2020

Updated: 7/17/2024

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2020-12003

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:rockwellautomation:factorytalk_linx

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Patch Publication Date: 6/15/2020

Vulnerability Publication Date: 6/15/2020

Reference Information

CVE: CVE-2020-12003

ICSA: 20-163-02