Rockwell Automation FactoryTalk Linx Path Traversal Information Disclosure

high Nessus Plugin ID 141304
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote SCADA application is affected by an information disclosure vulnerability.

Description

The Rockwell Automation FactoryTalk Linx running on the remote host is affected by a path traversal vulnerability due to the lack of validation of user-supplied file paths before using them in file operations. An unauthenticated, remote attacker can exploit this, via specially crafted messages, to disclose the contents of files on the remote host with SYSTEM privileges.

This plugin requires the 'Scan Operational Technology devices' scan setting to be enabled for it to be launched.

Note that the application is reportedly affected by other vulnerabilities; however, this plugin has not tested for those issues.

Solution

Apply Patch Aid 1124820 or the May 2020 Patch Roll-up or later.

See Also

http://www.nessus.org/u?8ad24a10

Plugin Details

Severity: High

ID: 141304

File Name: scada_rockwell_ftlinx_cve-2020-12003.nbin

Version: 1.10

Type: remote

Family: SCADA

Published: 10/8/2020

Updated: 7/12/2021

Dependencies: find_service2.nasl, os_fingerprint.nasl

Risk Information

CVSS Score Source: CVE-2020-12003

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: E:POC/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:rockwellautomation:factorytalk_linx

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Patch Publication Date: 6/15/2020

Vulnerability Publication Date: 6/15/2020

Reference Information

CVE: CVE-2020-12003

ICSA: 20-163-02