<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1462084720533760&amp;ev=PageView&amp;noscript=1">
Vulnerability Report

CVE-2020-27251 Rockwell Automation FactoryTalk Linx (RCE)

Virsec Security Research Lab Vulnerability Analysis

The Virsec Security Research Lab provides timely, relevant analysis about recent and notable security vulnerabilities.

1.1        Vulnerability Summary

A heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unauthenticated attacker to send malicious port ranges, which could result in remote code execution.


Watch the video to learn more about this and other important vulnerabilities.

1.2        CVSS Score

The CVSS Base score of this vulnerability is 9.8 critical. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

1.3        Affected Version

FactoryTalk Linx Version 6.11 and earlier version.

1.4        Vulnerability Attribution

This vulnerability is reported by Sharon Brizinov of Claroty.

1.5        Risk Impact

FactoryTalk® software is built for supporting an ecosystem of advanced industrial applications, including IoT. It all starts at the edge where manufacturing happens and scales from on-premises to cloud. Imagine supercharging your industrial environment with software that offers cutting edge design, maximizes operational efficiencies, and delivers predictive and augmented maintenance advantages. Valley Queen, one of the largest cheese producers in South Dakota and the largest employer in Milbank, Valley Queen procures milk from roughly 40 area farms, which enables the production of 500,000 pounds of cheese per day uses FactoryTalk.

An attacker exploiting this vulnerability would be able to plant backdoor or sabotage entire cheese production. A public domain exploit is not yet available.



1.6        Virsec Security Platform (VSP) Support:


The Virsec Security Platform (VSP)- Memory monitors stack based bufferoverflows and will prevent any attempt by attacker to exploit this type of vulnerability.

VSP-Host monitors processes that are spawned which are not part of a set of whitelisted process. Any attempt to execute new command or unknown binary would be denied by VSP-Host’s Process Monitoring capability.

1.7        Reference Links:

Download the full vulnerability report to learn more about this and other important vulnerabilities.