漏洞标题
N/A
漏洞描述信息
工厂Talk Linx版本6.00、6.10和6.11, RSLinx Classic v4.11.00和之前,Connected Components Workbench:版本12和之前,ControlFLASH:版本14和之后,ControlFLASH Plus:版本1和之后, FactoryTalk Asset Centre:版本9和之后, FactoryTalk Linx CommDTM:版本1和之后, Studio 5000 Launcher:版本31和之后, Stud, 5000 Logix Designer software:版本32和之前是脆弱的。处理某些文件类型的解析机制没有提供输入 sanitation。这可能导致攻击者使用特别编写的文件穿越文件系统,修改或暴露敏感数据或执行任意代码。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. The parsing mechanism that processes certain file types does not provide input sanitation. This may allow an attacker to use specially crafted files to traverse the file system and modify or expose sensitive data or execute arbitrary code.
CVSS信息
N/A
漏洞类别
输入验证不恰当
漏洞标题
多款Rockwell Automation产品输入验证错误漏洞
漏洞描述信息
Rockwell Automation RSLinx Classic等都是美国罗克韦尔(Rockwell Automation)公司的产品。Rockwell Automation RSLinx Classic是一套工业通信解决方案。Rockwell Automation FactoryTalk Linx是一套工业通信解决方案。Rockwell Automation ControlFLASH是一款固件更新实用程序。 多款Rockwell Automation产品中存在输入验证错误漏洞,该漏洞源于解析机制没有
CVSS信息
N/A
漏洞类别
输入验证错误