CVE-2020-27255
Last modified
CVE-2020-27255 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. A heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unauthenticated attacker to send malicious set attribute requests, which could result in the leaking of sensitive information. EPSS estimates a 3.19% chance of exploitation in the next 30 days.
Description
A heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unauthenticated attacker to send malicious set attribute requests, which could result in the leaking of sensitive information. This information disclosure could lead to the bypass of address space layout randomization (ASLR).
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Rockwellautomation | Factorytalk Linx | <= 6.11 |
References
- https://us-cert.cisa.gov/ics/advisories/icsa-20-329-01Third Party Advisory, US Government Resource
- https://us-cert.cisa.gov/ics/advisories/icsa-20-329-01Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-27255?
How severe is CVE-2020-27255?
How do I fix CVE-2020-27255?
Are you affected by CVE-2020-27255?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST