Main Vulnerability Database Exploits ID:4975 - Exploit for Uncontrolled memory allocation in FactoryTalk Linx - CVE-2020-5806

ID:4975 - Exploit for Uncontrolled memory allocation in FactoryTalk Linx - CVE-2020-5806

Published: December 28, 2020

Vulnerability identifier: #VU49158

Vulnerability risk: Low

CVE-ID: CVE-2020-5806

CWE-ID: CWE-789

Exploitation vector: Local access

Vulnerable software:
FactoryTalk Linx

Link to public exploit:

https://github.com/tenable/poc/blob/master/RockwellAutomation/FactoryTalk/rockwell_ftlinx_LoadIconStream_dos.py

Vulnerability description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to uncontrolled memory allocation in RSLinxNG.exe. An attacker-controlled memory allocation size can be passed to the C++ new operator in the CServerManager::HandleBrowseLoadIconStreamRequest function in messaging.dll. A local attacker can send a specially crafted LoadIconStream message to 127.0.0.1:7153 to cause the new operator to allocate a large amount of memory. It's been observed that a large allocation size (i.e., 0xffffffff) can cause an unhandled exception in RSLinxNG.exe, which results in process termination of RSLinxNG.exe.

A local user can perform a denial of service attack.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

ID:4975 - Exploit for Uncontrolled memory allocation in FactoryTalk Linx - CVE-2020-5806

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human