CVE-2020-5802

An attacker-controlled memory allocation size can be passed to the C++ new operator in RnaDaSvr.dll by sending a specially crafted ConfigureItems message to TCP port 4241. This will cause an unhandled exception, resulting in termination of RSLinxNG.exe. Observed in FactoryTalk 6.11. All versions of FactoryTalk Linx are affected.
References
Link Resource
https://www.tenable.com/security/research/tra-2020-71 Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:rockwellautomation:factorytalk_linx:*:*:*:*:*:*:*:*

Information

Published : 2020-12-29 04:15

Updated : 2022-07-12 05:42


NVD link : CVE-2020-5802

Mitre link : CVE-2020-5802

Products Affected
No products.
CWE