CVE-2020-27255

EPSS 1.52%
Published 26.11.2020 02:15:12
Last modified 21.11.2024 05:20:57
Source ics-cert@hq.dhs.gov
Teams watchlist Login
Open Login

A heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unauthenticated attacker to send malicious set attribute requests, which could result in the leaking of sensitive information. This information disclosure could lead to the bypass of address space layout randomization (ASLR).

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Rockwellautomation ≫ Factorytalk Linx Version <= 6.11

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.52%	0.794

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-122 Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

https://us-cert.cisa.gov/ics/advisories/icsa-20-329-01

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2020-27255

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-27255

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-27255

EUVD