var-202007-0192
Vulnerability from variot
Rockwell Automation Logix Designer Studio 5000 Versions 32.00, 32.01, and 32.02 vulnerable to an xml external entity (XXE) vulnerability, which may allow an attacker to view hostnames or other resources from the program. Rockwell Automation Provides Logix Designer Studio 5000 Is management software for control systems for industrial equipment. For the product XML Improper restriction vulnerability in external entity reference (CWE-611) Exists.If an unauthenticated third party creates and loads a specially crafted file, the system host name and resources may be leaked from the product. Authentication is not required to exploit this vulnerability.The specific flaw exists within the parsing of AML files. An attacker can leverage this vulnerability to disclose information in the context of the current process. The vulnerability stems from the program not properly restricting references to XML external entities. Attackers can use the vulnerability to view host names or other resources
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "studio 5000 logix designer",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "32.00"
},
{
"_id": null,
"model": "studio 5000 logix designer",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "32.01"
},
{
"_id": null,
"model": "studio 5000 logix designer",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "32.02"
},
{
"_id": null,
"model": "logix designer studio 5000",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "versions 32.00\u300132.01 \u304a\u3088\u3073 32.02"
},
{
"_id": null,
"model": "studio 5000",
"scope": null,
"trust": 0.7,
"vendor": "rockwell automation",
"version": null
},
{
"_id": null,
"model": "automation studio logix designer",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "500032.00"
},
{
"_id": null,
"model": "automation studio logix designer",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "500032.01"
},
{
"_id": null,
"model": "automation studio logix designer",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "500032.02"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-824"
},
{
"db": "CNVD",
"id": "CNVD-2020-38409"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006585"
},
{
"db": "NVD",
"id": "CVE-2020-12025"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:rockwellautomation:logix_designer_studio5000",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006585"
}
]
},
"credits": {
"_id": null,
"data": "Chris Anastasio (muffin) and Steven Seeley (mr_me) of Incite Team",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-824"
}
],
"trust": 0.7
},
"cve": "CVE-2020-12025",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2020-12025",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2020-38409",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-164662",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"id": "CVE-2020-12025",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "IPA score",
"availabilityImpact": "None",
"baseScore": 3.6,
"baseSeverity": "Low",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2020-006585",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"id": "CVE-2020-12025",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-12025",
"trust": 1.0,
"value": "LOW"
},
{
"author": "IPA",
"id": "JVNDB-2020-006585",
"trust": 0.8,
"value": "Low"
},
{
"author": "ZDI",
"id": "CVE-2020-12025",
"trust": 0.7,
"value": "LOW"
},
{
"author": "CNVD",
"id": "CNVD-2020-38409",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-202007-438",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-164662",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-824"
},
{
"db": "CNVD",
"id": "CNVD-2020-38409"
},
{
"db": "VULHUB",
"id": "VHN-164662"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006585"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-438"
},
{
"db": "NVD",
"id": "CVE-2020-12025"
}
]
},
"description": {
"_id": null,
"data": "Rockwell Automation Logix Designer Studio 5000 Versions 32.00, 32.01, and 32.02 vulnerable to an xml external entity (XXE) vulnerability, which may allow an attacker to view hostnames or other resources from the program. Rockwell Automation Provides Logix Designer Studio 5000 Is management software for control systems for industrial equipment. For the product XML Improper restriction vulnerability in external entity reference (CWE-611) Exists.If an unauthenticated third party creates and loads a specially crafted file, the system host name and resources may be leaked from the product. Authentication is not required to exploit this vulnerability.The specific flaw exists within the parsing of AML files. An attacker can leverage this vulnerability to disclose information in the context of the current process. The vulnerability stems from the program not properly restricting references to XML external entities. Attackers can use the vulnerability to view host names or other resources",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12025"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006585"
},
{
"db": "ZDI",
"id": "ZDI-20-824"
},
{
"db": "CNVD",
"id": "CNVD-2020-38409"
},
{
"db": "VULHUB",
"id": "VHN-164662"
}
],
"trust": 2.88
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-12025",
"trust": 3.8
},
{
"db": "ICS CERT",
"id": "ICSA-20-191-02",
"trust": 3.1
},
{
"db": "ZDI",
"id": "ZDI-20-824",
"trust": 1.3
},
{
"db": "JVN",
"id": "JVNVU96476381",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006585",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10290",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-38409",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202007-438",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.2366",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "47500",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-164662",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-824"
},
{
"db": "CNVD",
"id": "CNVD-2020-38409"
},
{
"db": "VULHUB",
"id": "VHN-164662"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006585"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-438"
},
{
"db": "NVD",
"id": "CVE-2020-12025"
}
]
},
"id": "VAR-202007-0192",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38409"
},
{
"db": "VULHUB",
"id": "VHN-164662"
}
],
"trust": 1.5333333
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38409"
}
]
},
"last_update_date": "2024-11-23T23:01:20.715000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Studio 5000 Logix Designer",
"trust": 0.8,
"url": "https://www.rockwellautomation.com/site-selection.html"
},
{
"title": "Product Compatibility \u0026 Download Center from Rockwell Automation",
"trust": 0.8,
"url": "https://compatibility.rockwellautomation.com/Pages/home.aspx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006585"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-611",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-164662"
},
{
"db": "NVD",
"id": "CVE-2020-12025"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-191-02"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12025"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu96476381/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47500"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2366/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12025"
},
{
"trust": 0.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-824/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38409"
},
{
"db": "VULHUB",
"id": "VHN-164662"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006585"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-438"
},
{
"db": "NVD",
"id": "CVE-2020-12025"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-20-824",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2020-38409",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-164662",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006585",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202007-438",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-12025",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2020-07-09T00:00:00",
"db": "ZDI",
"id": "ZDI-20-824",
"ident": null
},
{
"date": "2020-07-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-38409",
"ident": null
},
{
"date": "2020-07-14T00:00:00",
"db": "VULHUB",
"id": "VHN-164662",
"ident": null
},
{
"date": "2020-07-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006585",
"ident": null
},
{
"date": "2020-07-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-438",
"ident": null
},
{
"date": "2020-07-14T13:15:11.343000",
"db": "NVD",
"id": "CVE-2020-12025",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2021-06-29T00:00:00",
"db": "ZDI",
"id": "ZDI-20-824",
"ident": null
},
{
"date": "2020-07-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-38409",
"ident": null
},
{
"date": "2020-12-15T00:00:00",
"db": "VULHUB",
"id": "VHN-164662",
"ident": null
},
{
"date": "2020-07-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006585",
"ident": null
},
{
"date": "2020-12-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-438",
"ident": null
},
{
"date": "2024-11-21T04:59:08.237000",
"db": "NVD",
"id": "CVE-2020-12025",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-438"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Rockwell Automation Made Logix Designer Studio 5000 To XML Improper restriction vulnerability in external entity reference",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006585"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-438"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…