CVE-2020-11999
Description
FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. An exposed API call allows users to provide files to be processed without sanitation. This may allow an attacker to specify a filename to execute unauthorized code and modify files or data.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An exposed API in FactoryTalk Linx and related Rockwell products allows remote, low-privileged attackers to upload a malicious file, leading to code execution.
Vulnerability
An improper input validation vulnerability (CWE-20) exists in an exposed API call in FactoryTalk Linx versions 6.00, 6.10, and 6.11, as well as in products that use the software: Connected Components Workbench (version 12 and prior), ControlFLASH (version 14 and later), ControlFLASH Plus (version 1 and later), FactoryTalk Asset Centre (version 9 and later), FactoryTalk Linx CommDTM (version 1 and later), Studio 5000 Launcher (version 31 and later), and Studio 5000 Logix Designer (version 32 and prior) [1]. The API allows users to provide files to be processed without proper input sanitization, enabling an attacker to specify a filename that can execute unauthorized code and modify files or data [1].
Exploitation
An attacker needs network access to the affected system and a low-privileged account (CVSS v3 vector AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N) [1]. The attack requires no user interaction; the attacker sends a specially crafted request to the exposed API with a malicious filename that bypasses sanitization. The low skill level to exploit makes this accessible to a broad range of attackers [1].
Impact
Successful exploitation allows an attacker to achieve remote code execution and modify files or data on the target system. The CVSS v3 score of 9.6 reflects high impacts to both confidentiality and integrity, and the scope change (S:C) indicates the attacker can affect resources beyond the original component [1]. The attacker can also read sensitive information by leveraging the path traversal capability associated with this vulnerability [1].
Mitigation
Rockwell Automation has released an update A to the advisory; however, the specific fixed version is not explicitly listed in the available reference [1]. Users are directed to the Rockwell Automation product security advisory for the latest patch information. The advisory recommends restricting network access to affected systems and following defense-in-depth practices. As of the publication date, control products that rely on FactoryTalk Linx software (except the standalone FactoryTalk Linx product) are continuing to be addressed, and no CVE-2020-11999-related KEV listing has been issued.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Rockwell Automation/FactoryTalk Linxdescription
- Range: 6.00, 6.10, 6.11
- Range: <=12
- Range: <=4.11.00
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.us-cert.gov/ics/advisories/icsa-20-163-02mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.