CVE-2020-5801
First published: Tue Dec 29 2020(Updated: )
An attacker can craft and send an OpenNamespace message to port 4241 with valid session-id that triggers an unhandled exception in CFTLDManager::HandleRequest function in RnaDaSvr.dll, resulting in process termination. Observed in FactoryTalk Linx 6.11. All versions of FactoryTalk Linx are affected.
Credit: vulnreport@tenable.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Rockwellautomation Factorytalk Linx | <=6.11 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-5801?
CVE-2020-5801 is a vulnerability that allows an attacker to trigger an unhandled exception in the RnaDaSvr.dll component of FactoryTalk Linx 6.11, resulting in process termination.
What is the severity of CVE-2020-5801?
CVE-2020-5801 has a severity score of 7.5 (high).
How does CVE-2020-5801 affect FactoryTalk Linx?
CVE-2020-5801 affects all versions of FactoryTalk Linx, with the observed impact in version 6.11.
How can an attacker exploit CVE-2020-5801?
An attacker can exploit CVE-2020-5801 by crafting and sending an OpenNamespace message to port 4241 with a valid session ID.
Is there a fix available for CVE-2020-5801?
Currently, there is no known fix available for CVE-2020-5801. It is recommended to apply security patches or updates from the vendor when they become available.
- collector/nvd-index
- vendor/rockwellautomation
- canonical/rockwellautomation factorytalk linx
- version/rockwellautomation factorytalk linx/6.11