Details of VAR-202005-0314

ID

VAR-202005-0314

CVE

CVE-2020-12038

TITLE

Rockwell Automation Made EDS Subsystem Multiple vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2020-004590

DESCRIPTION

Products that use EDS Subsystem: Version 28.0.1 and prior (FactoryTalk Linx software (Previously called RSLinx Enterprise): Versions 6.00, 6.10, and 6.11, RSLinx Classic: Version 4.11.00 and prior, RSNetWorx software: Version 28.00.00 and prior, Studio 5000 Logix Designer software: Version 32 and prior) is vulnerable. A memory corruption vulnerability exists in the algorithm that matches square brackets in the EDS subsystem. This may allow an attacker to craft specialized EDS files to crash the EDSParser COM object, leading to denial-of-service conditions. Rockwell Automation Provided by the company EDS Subsystem The following multiple vulnerabilities exist in. * SQL injection (CWE-89) - CVE-2020-12034 * Buffer error (CWE-199) - CVE-2020-12038The expected impact depends on each vulnerability, but it may be affected as follows. * Crafted by a third party on an adjacent network EDS Illegal by reading a file SQL Statement is executed and service operation is interrupted (DoS) Attack is triggered - CVE-2020-12034 * Crafted by a local third party EDS Memory corruption occurs by reading the file, which interferes with service operation. (DoS) Attack is triggered - CVE-2020-12038

Trust: 1.8

sources: NVD: CVE-2020-12038 // JVNDB: JVNDB-2020-004590 // VULHUB: VHN-164676 // VULMON: CVE-2020-12038

AFFECTED PRODUCTS

vendor:	rockwellautomation	model:	eds subsystem	scope:	lte	version:	28.0.1	Trust: 1.0
vendor:	rockwellautomation	model:	rslinx enterprise	scope:	eq	version:	6.00.00	Trust: 1.0
vendor:	rockwellautomation	model:	rslinx enterprise	scope:	eq	version:	6.11.00	Trust: 1.0
vendor:	rockwellautomation	model:	rsnetworx	scope:	lte	version:	28.00.00	Trust: 1.0
vendor:	rockwellautomation	model:	studio 5000 logix designer	scope:	lte	version:	32.0	Trust: 1.0
vendor:	rockwellautomation	model:	rslinx	scope:	lte	version:	4.11.00	Trust: 1.0
vendor:	rockwellautomation	model:	rslinx enterprise	scope:	eq	version:	6.10.00	Trust: 1.0
vendor:	rockwell automation	model:	factorytalk	scope:	eq	version:	linx software (旧称 rslinx enterprise) version 6.00、 6.10 および 6.11	Trust: 0.8
vendor:	rockwell automation	model:	rslinx classic	scope:	eq	version:	version 4.11.00	Trust: 0.8
vendor:	rockwell automation	model:	rsnetworx	scope:	eq	version:	software version 28.00.00	Trust: 0.8
vendor:	rockwell automation	model:	studio 5000 logix designer	scope:	eq	version:	software version 32	Trust: 0.8

sources: JVNDB: JVNDB-2020-004590 // NVD: CVE-2020-12038

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-12038
value:	MEDIUM
Trust: 1.0
IPA:	JVNDB-2020-004590
value:	HIGH
Trust: 0.8
IPA:	JVNDB-2020-004590
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202005-942
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-164676
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2020-12038
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-12038
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-164676
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-12038
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
IPA score:	JVNDB-2020-004590
baseSeverity:	HIGH
baseScore:	8.2
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
IPA score:	JVNDB-2020-004590
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-164676 // VULMON: CVE-2020-12038 // JVNDB: JVNDB-2020-004590 // JVNDB: JVNDB-2020-004590 // CNNVD: CNNVD-202005-942 // NVD: CVE-2020-12038

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.1
problemtype:	CWE-787	Trust: 1.1

sources: VULHUB: VHN-164676 // NVD: CVE-2020-12038

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202005-942

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202005-942

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-004590

PATCH

title:	RAid 1125928 （要ログイン）	url:	https://idp.rockwellautomation.com/adfs/ls/idpinitiatedsignon.aspx?RelayState=RPID%3Drockwellautomation.custhelp.com%26RelayState%3Danswers%2Fanswer_view%2Fa_id%2F1125928	Trust: 0.8
title:	Rockwell Automation EDS Subsystem Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=119474	Trust: 0.6
title:	winafl-powermopt	url:	https://github.com/hardik05/winafl-powermopt	Trust: 0.1
title:	WinAFL	url:	https://github.com/pranav0408/WinAFL	Trust: 0.1
title:	-	url:	https://github.com/DanielEbert/winafl	Trust: 0.1
title:	winafl	url:	https://github.com/googleprojectzero/winafl	Trust: 0.1

sources: VULMON: CVE-2020-12038 // JVNDB: JVNDB-2020-004590 // CNNVD: CNNVD-202005-942

EXTERNAL IDS

db:	NVD	id:	CVE-2020-12038	Trust: 2.6
db:	ICS CERT	id:	ICSA-20-140-01	Trust: 2.6
db:	JVN	id:	JVNVU92757733	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-004590	Trust: 0.8
db:	CNNVD	id:	CNNVD-202005-942	Trust: 0.7
db:	VULHUB	id:	VHN-164676	Trust: 0.1
db:	VULMON	id:	CVE-2020-12038	Trust: 0.1

sources: VULHUB: VHN-164676 // VULMON: CVE-2020-12038 // JVNDB: JVNDB-2020-004590 // CNNVD: CNNVD-202005-942 // NVD: CVE-2020-12038

REFERENCES

url:	https://www.us-cert.gov/ics/advisories/icsa-20-140-01	Trust: 2.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12038	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12034	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu92757733	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12038	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/787.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/hardik05/winafl-powermopt	Trust: 0.1

sources: VULHUB: VHN-164676 // VULMON: CVE-2020-12038 // JVNDB: JVNDB-2020-004590 // CNNVD: CNNVD-202005-942 // NVD: CVE-2020-12038

SOURCES

db:	VULHUB	id:	VHN-164676
db:	VULMON	id:	CVE-2020-12038
db:	JVNDB	id:	JVNDB-2020-004590
db:	CNNVD	id:	CNNVD-202005-942
db:	NVD	id:	CVE-2020-12038

LAST UPDATE DATE

2024-11-23T21:59:18.798000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-164676	date:	2021-09-23T00:00:00
db:	VULMON	id:	CVE-2020-12038	date:	2021-09-23T00:00:00
db:	JVNDB	id:	JVNDB-2020-004590	date:	2020-05-21T00:00:00
db:	CNNVD	id:	CNNVD-202005-942	date:	2021-09-24T00:00:00
db:	NVD	id:	CVE-2020-12038	date:	2024-11-21T04:59:09.737

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-164676	date:	2020-05-19T00:00:00
db:	VULMON	id:	CVE-2020-12038	date:	2020-05-19T00:00:00
db:	JVNDB	id:	JVNDB-2020-004590	date:	2020-05-21T00:00:00
db:	CNNVD	id:	CNNVD-202005-942	date:	2020-05-19T00:00:00
db:	NVD	id:	CVE-2020-12038	date:	2020-05-19T22:15:12.013