Details of VAR-202007-0192

ID

VAR-202007-0192

CVE

CVE-2020-12025

TITLE

Rockwell Automation Made Logix Designer Studio 5000 To XML Improper restriction vulnerability in external entity reference

Trust: 0.8

sources: JVNDB: JVNDB-2020-006585

DESCRIPTION

Rockwell Automation Logix Designer Studio 5000 Versions 32.00, 32.01, and 32.02 vulnerable to an xml external entity (XXE) vulnerability, which may allow an attacker to view hostnames or other resources from the program. Rockwell Automation Provides Logix Designer Studio 5000 Is management software for control systems for industrial equipment. For the product XML Improper restriction vulnerability in external entity reference (CWE-611) Exists.If an unauthenticated third party creates and loads a specially crafted file, the system host name and resources may be leaked from the product. Authentication is not required to exploit this vulnerability.The specific flaw exists within the parsing of AML files. An attacker can leverage this vulnerability to disclose information in the context of the current process. The vulnerability stems from the program not properly restricting references to XML external entities. Attackers can use the vulnerability to view host names or other resources

Trust: 2.88

sources: NVD: CVE-2020-12025 // JVNDB: JVNDB-2020-006585 // ZDI: ZDI-20-824 // CNVD: CNVD-2020-38409 // VULHUB: VHN-164662

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-38409

AFFECTED PRODUCTS

vendor:	rockwellautomation	model:	studio 5000 logix designer	scope:	eq	version:	32.00	Trust: 1.0
vendor:	rockwellautomation	model:	studio 5000 logix designer	scope:	eq	version:	32.01	Trust: 1.0
vendor:	rockwellautomation	model:	studio 5000 logix designer	scope:	eq	version:	32.02	Trust: 1.0
vendor:	rockwell automation	model:	logix designer studio 5000	scope:	eq	version:	versions 32.00、32.01 および 32.02	Trust: 0.8
vendor:	rockwell automation	model:	studio 5000	scope:	-	version:	-	Trust: 0.7
vendor:	rockwell	model:	automation studio logix designer	scope:	eq	version:	500032.00	Trust: 0.6
vendor:	rockwell	model:	automation studio logix designer	scope:	eq	version:	500032.01	Trust: 0.6
vendor:	rockwell	model:	automation studio logix designer	scope:	eq	version:	500032.02	Trust: 0.6

sources: ZDI: ZDI-20-824 // CNVD: CNVD-2020-38409 // JVNDB: JVNDB-2020-006585 // NVD: CVE-2020-12025

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-12025
value:	LOW
Trust: 1.0
IPA:	JVNDB-2020-006585
value:	LOW
Trust: 0.8
ZDI:	CVE-2020-12025
value:	LOW
Trust: 0.7
CNVD:	CNVD-2020-38409
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202007-438
value:	LOW
Trust: 0.6
VULHUB:	VHN-164662
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-12025
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2020-38409
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-164662
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-12025
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	1.4
version:	3.1
Trust: 1.0
IPA score:	JVNDB-2020-006585
baseSeverity:	LOW
baseScore:	3.6
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
ZDI:	CVE-2020-12025
baseSeverity:	LOW
baseScore:	3.3
vectorString:	AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	1.4
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-20-824 // CNVD: CNVD-2020-38409 // VULHUB: VHN-164662 // JVNDB: JVNDB-2020-006585 // CNNVD: CNNVD-202007-438 // NVD: CVE-2020-12025

PROBLEMTYPE DATA

problemtype:

CWE-611

Trust: 1.1

sources: VULHUB: VHN-164662 // NVD: CVE-2020-12025

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202007-438

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202007-438

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-006585

PATCH

title:	Studio 5000 Logix Designer	url:	https://www.rockwellautomation.com/site-selection.html	Trust: 0.8
title:	Product Compatibility & Download Center from Rockwell Automation	url:	https://compatibility.rockwellautomation.com/Pages/home.aspx	Trust: 0.8

sources: JVNDB: JVNDB-2020-006585

EXTERNAL IDS

db:	NVD	id:	CVE-2020-12025	Trust: 3.8
db:	ICS CERT	id:	ICSA-20-191-02	Trust: 3.1
db:	ZDI	id:	ZDI-20-824	Trust: 1.3
db:	JVN	id:	JVNVU96476381	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-006585	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-10290	Trust: 0.7
db:	CNVD	id:	CNVD-2020-38409	Trust: 0.7
db:	CNNVD	id:	CNNVD-202007-438	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.2366	Trust: 0.6
db:	NSFOCUS	id:	47500	Trust: 0.6
db:	VULHUB	id:	VHN-164662	Trust: 0.1

sources: ZDI: ZDI-20-824 // CNVD: CNVD-2020-38409 // VULHUB: VHN-164662 // JVNDB: JVNDB-2020-006585 // CNNVD: CNNVD-202007-438 // NVD: CVE-2020-12025

REFERENCES

url:	https://us-cert.cisa.gov/ics/advisories/icsa-20-191-02	Trust: 3.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12025	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu96476381/	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/47500	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2366/	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12025	Trust: 0.6
url:	https://www.zerodayinitiative.com/advisories/zdi-20-824/	Trust: 0.6

sources: CNVD: CNVD-2020-38409 // VULHUB: VHN-164662 // JVNDB: JVNDB-2020-006585 // CNNVD: CNNVD-202007-438 // NVD: CVE-2020-12025

CREDITS

Chris Anastasio (muffin) and Steven Seeley (mr_me) of Incite Team

Trust: 0.7

sources: ZDI: ZDI-20-824

SOURCES

db:	ZDI	id:	ZDI-20-824
db:	CNVD	id:	CNVD-2020-38409
db:	VULHUB	id:	VHN-164662
db:	JVNDB	id:	JVNDB-2020-006585
db:	CNNVD	id:	CNNVD-202007-438
db:	NVD	id:	CVE-2020-12025

LAST UPDATE DATE

2024-11-23T23:01:20.715000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-20-824	date:	2021-06-29T00:00:00
db:	CNVD	id:	CNVD-2020-38409	date:	2020-07-13T00:00:00
db:	VULHUB	id:	VHN-164662	date:	2020-12-15T00:00:00
db:	JVNDB	id:	JVNDB-2020-006585	date:	2020-07-13T00:00:00
db:	CNNVD	id:	CNNVD-202007-438	date:	2020-12-16T00:00:00
db:	NVD	id:	CVE-2020-12025	date:	2024-11-21T04:59:08.237

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-20-824	date:	2020-07-09T00:00:00
db:	CNVD	id:	CNVD-2020-38409	date:	2020-07-13T00:00:00
db:	VULHUB	id:	VHN-164662	date:	2020-07-14T00:00:00
db:	JVNDB	id:	JVNDB-2020-006585	date:	2020-07-13T00:00:00
db:	CNNVD	id:	CNNVD-202007-438	date:	2020-07-09T00:00:00
db:	NVD	id:	CVE-2020-12025	date:	2020-07-14T13:15:11.343