Main Vulnerability Database Exploits ID:4976 - Exploit for Uncontrolled memory allocation in FactoryTalk Linx - CVE-2020-5802

ID:4976 - Exploit for Uncontrolled memory allocation in FactoryTalk Linx - CVE-2020-5802

Published: December 28, 2020

Vulnerability identifier: #VU49157

Vulnerability risk: Medium

CVE-ID: CVE-2020-5802

CWE-ID: CWE-789

Exploitation vector: Remote access

Vulnerable software:
FactoryTalk Linx

Link to public exploit:

https://github.com/tenable/poc/blob/master/RockwellAutomation/FactoryTalk/rockwell_ftlinx_ConfigureItems_dos.py

Vulnerability description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an uncontrolled memory allocation in RSLinxNG.exe. An attacker-controlled memory allocation size can be passed to the C++ new operator in RnaDaSvr.dll by sending a specially crafted ConfigureItems message to TCP prot 4241. This will cause the new operator to allocate a large amount of memory. It's been observed that a large allocation size (i.e., 0xfffffff3) can cause an unhandled exception in RSLinxNG.exe, which results in process termination of RSLinxNG.exe.

A remote non-authenticated attacker can send a malformed request and crash the RSLinxNG.exe service.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

ID:4976 - Exploit for Uncontrolled memory allocation in FactoryTalk Linx - CVE-2020-5802

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human