CVE-2020-12034

8.2 HIGH

SQL Injection Denial of Service

📋 TL;DR

This SQL injection vulnerability in Rockwell Automation's EDS subsystem allows attackers to craft malicious EDS files that can manipulate the database storing these files. Successful exploitation can lead to denial-of-service conditions by corrupting or disrupting the database. Organizations using affected FactoryTalk Linx, RSLinx, RSNetWorx, or Studio 5000 Logix Designer software are at risk.

💻 Affected Systems

Products:

• FactoryTalk Linx (formerly RSLinx Enterprise)
• RSLinx Classic
• RSNetWorx
• Studio 5000 Logix Designer

Versions: FactoryTalk Linx: 6.00-6.11, RSLinx Classic: ≤4.11.00, RSNetWorx: ≤28.00.00, Studio 5000 Logix Designer: ≤32

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the EDS subsystem used across multiple Rockwell Automation products for device configuration and communication.

📦 What is this software?

Eds Subsystem by Rockwellautomation

View all CVEs affecting Eds Subsystem →

Rslinx by Rockwellautomation

View all CVEs affecting Rslinx →

Rslinx Enterprise by Rockwellautomation

View all CVEs affecting Rslinx Enterprise →

Rslinx Enterprise by Rockwellautomation

View all CVEs affecting Rslinx Enterprise →

Rslinx Enterprise by Rockwellautomation

View all CVEs affecting Rslinx Enterprise →

Rsnetworx by Rockwellautomation

View all CVEs affecting Rsnetworx →

Studio 5000 Logix Designer by Rockwellautomation

View all CVEs affecting Studio 5000 Logix Designer →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete disruption of industrial control systems by corrupting the EDS database, potentially causing production downtime and safety issues in operational technology environments.

🟠

Likely Case

Denial-of-service affecting device configuration and communication capabilities in industrial networks, requiring database restoration and system downtime.

🟢

If Mitigated

Limited impact with proper network segmentation and file validation controls in place, potentially causing minor configuration issues.

🌐 Internet-Facing: LOW - Industrial control systems should not be directly internet-facing, but exposed systems would be vulnerable.

🏢 Internal Only: HIGH - Most industrial control systems operate on internal networks where this vulnerability could be exploited by malicious insiders or through lateral movement.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires ability to craft and deliver malicious EDS files to the target system, typically requiring some level of access to the industrial network.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: FactoryTalk Linx 6.12, RSLinx Classic 4.12, RSNetWorx 28.01, Studio 5000 Logix Designer 33

Vendor Advisory: https://www.us-cert.gov/ics/advisories/icsa-20-140-01

Restart Required: Yes

Instructions:

1. Download updated software versions from Rockwell Automation Product Compatibility & Download Center. 2. Install updates following vendor documentation. 3. Restart affected systems. 4. Validate EDS database integrity.

🔧 Temporary Workarounds

Restrict EDS File Processing

windows

Limit processing of EDS files to trusted sources only and implement file validation controls.

Network Segmentation

all

Isolate affected systems in separate network zones with strict access controls.

🧯 If You Can't Patch

• Implement strict access controls to prevent unauthorized users from uploading or modifying EDS files.
• Deploy application whitelisting to prevent execution of unauthorized processes that could exploit this vulnerability.

🔍 How to Verify

Check if Vulnerable:

Copy

Check installed software versions against affected version lists. Review EDS database for unexpected modifications or corruption.

Check Version:

Copy

Check version in software About dialog or via Windows Programs and Features for installed Rockwell Automation products.

Verify Fix Applied:

Copy

Confirm software versions are updated to patched versions. Test EDS file processing with known safe files.

📡 Detection & Monitoring

Log Indicators:

• Unusual EDS file processing errors
• Database corruption events in application logs
• Failed SQL queries in database logs

Network Indicators:

• Unexpected EDS file transfers to industrial systems
• Unusual database connection attempts

SIEM Query:

Copy

source="rockwell_logs" AND (event_type="EDS_ERROR" OR event_type="DATABASE_CORRUPTION")

📊 Metadata

CVE ID: CVE-2020-12034

CVSS v3 Score: 8.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:H

CWE: CWE-89

Published: May 20, 2020

Last Updated: November 21, 2024

🔗 References

• https://www.us-cert.gov/ics/advisories/icsa-20-140-01 Mitigation,Patch,Third Party Advisory,US Government Resource
• https://www.us-cert.gov/ics/advisories/icsa-20-140-01 Mitigation,Patch,Third Party Advisory,US Government Resource

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-12034, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)

CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)

CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)