Details of VAR-202005-0313

ID

VAR-202005-0313

CVE

CVE-2020-12034

TITLE

Rockwell Automation Made EDS Subsystem Multiple vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2020-004590

DESCRIPTION

Products that use EDS Subsystem: Version 28.0.1 and prior (FactoryTalk Linx software (Previously called RSLinx Enterprise): Versions 6.00, 6.10, and 6.11, RSLinx Classic: Version 4.11.00 and prior, RSNetWorx software: Version 28.00.00 and prior, Studio 5000 Logix Designer software: Version 32 and prior) is vulnerable.The EDS subsystem does not provide adequate input sanitation, which may allow an attacker to craft specialized EDS files to inject SQL queries and manipulate the database storing the EDS files. This can lead to denial-of-service conditions. Rockwell Automation Provided by the company EDS Subsystem The following multiple vulnerabilities exist in. * SQL injection (CWE-89) - CVE-2020-12034 * Buffer error (CWE-199) - CVE-2020-12038The expected impact depends on each vulnerability, but it may be affected as follows. * Crafted by a third party on an adjacent network EDS Illegal by reading a file SQL Statement is executed and service operation is interrupted (DoS) Attack is triggered - CVE-2020-12034 * Crafted by a local third party EDS Memory corruption occurs by reading the file, which interferes with service operation. (DoS) Attack is triggered - CVE-2020-12038. An attacker can exploit this vulnerability with a specially crafted EDS file to cause a denial of service

Trust: 1.8

sources: NVD: CVE-2020-12034 // JVNDB: JVNDB-2020-004590 // VULHUB: VHN-164672 // VULMON: CVE-2020-12034

AFFECTED PRODUCTS

vendor:	rockwellautomation	model:	eds subsystem	scope:	lte	version:	28.0.1	Trust: 1.0
vendor:	rockwellautomation	model:	rslinx enterprise	scope:	eq	version:	6.00.00	Trust: 1.0
vendor:	rockwellautomation	model:	rslinx enterprise	scope:	eq	version:	6.11.00	Trust: 1.0
vendor:	rockwellautomation	model:	rsnetworx	scope:	lte	version:	28.00.00	Trust: 1.0
vendor:	rockwellautomation	model:	studio 5000 logix designer	scope:	lte	version:	32.0	Trust: 1.0
vendor:	rockwellautomation	model:	rslinx	scope:	lte	version:	4.11.00	Trust: 1.0
vendor:	rockwellautomation	model:	rslinx enterprise	scope:	eq	version:	6.10.00	Trust: 1.0
vendor:	rockwell automation	model:	factorytalk	scope:	eq	version:	linx software (旧称 rslinx enterprise) version 6.00、 6.10 および 6.11	Trust: 0.8
vendor:	rockwell automation	model:	rslinx classic	scope:	eq	version:	version 4.11.00	Trust: 0.8
vendor:	rockwell automation	model:	rsnetworx	scope:	eq	version:	software version 28.00.00	Trust: 0.8
vendor:	rockwell automation	model:	studio 5000 logix designer	scope:	eq	version:	software version 32	Trust: 0.8

sources: JVNDB: JVNDB-2020-004590 // NVD: CVE-2020-12034

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-12034
value:	HIGH
Trust: 1.0
IPA:	JVNDB-2020-004590
value:	HIGH
Trust: 0.8
IPA:	JVNDB-2020-004590
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202005-935
value:	HIGH
Trust: 0.6
VULHUB:	VHN-164672
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2020-12034
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-12034
severity:	MEDIUM
baseScore:	4.8
vectorString:	AV:A/AC:L/AU:N/C:N/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-164672
severity:	MEDIUM
baseScore:	4.8
vectorString:	AV:A/AC:L/AU:N/C:N/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-12034
baseSeverity:	HIGH
baseScore:	8.2
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	4.7
version:	3.1
Trust: 1.0
IPA score:	JVNDB-2020-004590
baseSeverity:	HIGH
baseScore:	8.2
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
IPA score:	JVNDB-2020-004590
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-164672 // VULMON: CVE-2020-12034 // JVNDB: JVNDB-2020-004590 // JVNDB: JVNDB-2020-004590 // CNNVD: CNNVD-202005-935 // NVD: CVE-2020-12034

PROBLEMTYPE DATA

problemtype:

CWE-89

Trust: 1.1

sources: VULHUB: VHN-164672 // NVD: CVE-2020-12034

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202005-935

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-202005-935

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-004590

PATCH

title:	RAid 1125928 （要ログイン）	url:	https://idp.rockwellautomation.com/adfs/ls/idpinitiatedsignon.aspx?RelayState=RPID%3Drockwellautomation.custhelp.com%26RelayState%3Danswers%2Fanswer_view%2Fa_id%2F1125928	Trust: 0.8
title:	Rockwell Automation EDS Subsystem SQL Repair measures for injecting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=119473	Trust: 0.6
title:	winafl-powermopt	url:	https://github.com/hardik05/winafl-powermopt	Trust: 0.1
title:	WinAFL	url:	https://github.com/pranav0408/WinAFL	Trust: 0.1
title:	-	url:	https://github.com/DanielEbert/winafl	Trust: 0.1
title:	winafl	url:	https://github.com/googleprojectzero/winafl	Trust: 0.1

sources: VULMON: CVE-2020-12034 // JVNDB: JVNDB-2020-004590 // CNNVD: CNNVD-202005-935

EXTERNAL IDS

db:	ICS CERT	id:	ICSA-20-140-01	Trust: 2.6
db:	NVD	id:	CVE-2020-12034	Trust: 2.6
db:	JVN	id:	JVNVU92757733	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-004590	Trust: 0.8
db:	CNNVD	id:	CNNVD-202005-935	Trust: 0.7
db:	VULHUB	id:	VHN-164672	Trust: 0.1
db:	VULMON	id:	CVE-2020-12034	Trust: 0.1

sources: VULHUB: VHN-164672 // VULMON: CVE-2020-12034 // JVNDB: JVNDB-2020-004590 // CNNVD: CNNVD-202005-935 // NVD: CVE-2020-12034

REFERENCES

url:	https://www.us-cert.gov/ics/advisories/icsa-20-140-01	Trust: 2.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12038	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12034	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu92757733	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12034	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/89.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/hardik05/winafl-powermopt	Trust: 0.1

sources: VULHUB: VHN-164672 // VULMON: CVE-2020-12034 // JVNDB: JVNDB-2020-004590 // CNNVD: CNNVD-202005-935 // NVD: CVE-2020-12034

SOURCES

db:	VULHUB	id:	VHN-164672
db:	VULMON	id:	CVE-2020-12034
db:	JVNDB	id:	JVNDB-2020-004590
db:	CNNVD	id:	CNNVD-202005-935
db:	NVD	id:	CVE-2020-12034

LAST UPDATE DATE

2024-11-23T21:59:18.827000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-164672	date:	2020-05-22T00:00:00
db:	VULMON	id:	CVE-2020-12034	date:	2020-05-22T00:00:00
db:	JVNDB	id:	JVNDB-2020-004590	date:	2020-05-21T00:00:00
db:	CNNVD	id:	CNNVD-202005-935	date:	2021-01-05T00:00:00
db:	NVD	id:	CVE-2020-12034	date:	2024-11-21T04:59:09.277

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-164672	date:	2020-05-20T00:00:00
db:	VULMON	id:	CVE-2020-12034	date:	2020-05-20T00:00:00
db:	JVNDB	id:	JVNDB-2020-004590	date:	2020-05-21T00:00:00
db:	CNNVD	id:	CNNVD-202005-935	date:	2020-05-19T00:00:00
db:	NVD	id:	CVE-2020-12034	date:	2020-05-20T03:15:09.960