Login Sign Up

CVE-2020-27255

7.5 HIGH

📋 TL;DR

A heap overflow vulnerability in FactoryTalk Linx versions 6.11 and earlier allows remote unauthenticated attackers to send malicious set attribute requests, potentially leaking sensitive memory information. This information disclosure could help bypass ASLR protections, facilitating further exploitation. Organizations using affected FactoryTalk Linx versions in industrial control systems are at risk.

💻 Affected Systems

Products:
  • FactoryTalk Linx
Versions: 6.11 and prior
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Affects FactoryTalk Linx software used in Rockwell Automation industrial control systems.

📦 What is this software?

Factorytalk Linx by Rockwellautomation

View all CVEs affecting Factorytalk Linx →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Information disclosure leads to ASLR bypass, enabling remote code execution and complete system compromise of industrial control systems.

🟠

Likely Case

Remote attackers leak sensitive memory information, potentially exposing credentials, configuration data, or system details that could facilitate further attacks.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to information disclosure without progression to full system compromise.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires sending specially crafted set attribute requests to vulnerable systems.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 6.12 or later

Vendor Advisory: https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133601

Restart Required: Yes

Instructions:

1. Download FactoryTalk Linx version 6.12 or later from Rockwell Automation. 2. Backup current configuration. 3. Install the update following vendor instructions. 4. Restart affected systems. 5. Verify successful installation.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate FactoryTalk Linx systems from untrusted networks using firewalls and VLANs.

Access Control Lists

all

Implement strict network access controls to limit communication to FactoryTalk Linx systems.

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate FactoryTalk Linx systems from untrusted networks.
  • Deploy intrusion detection systems to monitor for malicious set attribute requests and anomalous network traffic.

🔍 How to Verify

Check if Vulnerable:

Check FactoryTalk Linx version in software properties or using Rockwell Automation diagnostic tools.

Check Version:

Check via Windows Programs and Features or FactoryTalk Linx about dialog.

Verify Fix Applied:

Verify installed version is 6.12 or later and test system functionality.

📡 Detection & Monitoring

Log Indicators:

  • Unusual set attribute requests in FactoryTalk Linx logs
  • Memory access violations in system logs

Network Indicators:

  • Malformed set attribute requests on FactoryTalk Linx ports
  • Unusual traffic patterns to FactoryTalk Linx services

SIEM Query:

source="FactoryTalk Linx" AND (event_type="set_attribute" AND size>normal_threshold)

📊 Metadata

CVE ID: CVE-2020-27255
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-122
Published: November 26, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-27255, you might also want to check these:

CVE-2021-21940 10.0

A heap-based buffer overflow vulnerability in Anker Eufy Homebase 2's RTSP handling allows remote co...

Same vulnerability type (CWE-122)
CVE-2023-45318 10.0

This critical vulnerability allows remote attackers to execute arbitrary code on systems running Wes...

Same vulnerability type (CWE-122)
CVE-2025-23123 10.0

A heap buffer overflow vulnerability in UniFi Protect Camera firmware allows remote code execution. ...

Same vulnerability type (CWE-122)