CVE-2020-5807 in FactoryTalk Diagnostics Viewerinfo

Summary

by MITRE • 12/30/2020

An unauthenticated remote attacker can send data to RsvcHost.exe listening on TCP port 5241 to add entries in the FactoryTalk Diagnostics event log. The attacker can specify long fields in the log entry, which can cause an unhandled exception in wcscpy_s() if a local user opens FactoryTalk Diagnostics Viewer (FTDiagViewer.exe) to view the log entry. Observed in FactoryTalk Diagnostics 6.11. All versions of FactoryTalk Diagnostics are affected.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Disclosure

12/30/2020

Moderation

accepted

Entry

VDB-167006

CPE

ready

CWE

CWE-119 (confirmed)

CVSS

7.3 (VulDB)

EPSS

0.33836

KEV

Activities

very low

Sector

Pharma, Telecommunication, ...

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2020-5807
NVD	https://nvd.nist.gov/vuln/detail/CVE-2020-5807
CVE Details	https://www.cvedetails.com/cve/CVE-2020-5807/

◂ Previous Overview Next ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!