CVE-2020-27255

Vulnerability

A heap-based buffer overflow vulnerability exists in Rockwell Automation FactoryTalk Linx version 6.11 and prior [1]. The flaw resides in the handling of set attribute requests, where improper input validation allows a remote, unauthenticated attacker to send specially crafted packets that overwrite heap memory [1]. This affects all versions up to and including 6.11.

Exploitation

An attacker needs network access to a device running an affected version of FactoryTalk Linx [1]. No authentication is required [1]. The attacker sends malicious set attribute requests to the target; no user interaction is needed [1]. The exploitation requires low skill level [1].

Impact

Successful exploitation leaks sensitive information from the heap [1]. This information disclosure could be used to bypass address space layout randomization (ASLR), lowering the bar for further attacks [1]. The CVSS v3 base score is 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) [1].

Mitigation

Rockwell Automation has released a fix in a later version; users should update to the latest version of FactoryTalk Linx [1]. As a workaround, users can apply defense-in-depth strategies such as network segmentation and restricting access to trusted hosts [1]. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog as of the publication date.