CVE-2020-27253

EPSS 0.03%
Published 26.11.2020 02:15:12
Last modified 21.11.2024 05:20:56
Source ics-cert@hq.dhs.gov
Teams watchlist Login
Open Login

A flaw exists in the Ingress/Egress checks routine of FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unauthenticated attacker to specifically craft a malicious packet resulting in a denial-of-service condition on the device.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Rockwellautomation ≫ Factorytalk Linx Version <= 6.11

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.06

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	7.8	10	6.9	AV:N/AC:L/Au:N/C:N/I:N/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://us-cert.cisa.gov/ics/advisories/icsa-20-329-01

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2020-27253

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-27253

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-27253

EUVD