Vulnerability CVE-2020-27255

Vulnerability CVE-2020-27255

Published: 2020-11-26

Description:

A heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unauthenticated attacker to send malicious set attribute requests, which could result in the leaking of sensitive information. This information disclosure could lead to the bypass of address space layout randomization (ASLR).

Type:

CWE-122

(Heap-based Buffer Overflow)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score	Impact Subscore	Exploitability Subscore
5/10	2.9/10	10/10

Exploit range	Attack complexity	Authentication
Remote	Low	No required
Confidentiality impact	Integrity impact	Availability impact
Partial	None	None

Affected software
Rockwellautomation -> Factorytalk linx

References:

https://us-cert.cisa.gov/ics/advisories/icsa-20-329-01

Copyright 2024, cxsecurity.com