CVE-2020-5801

HIGH

FactoryTalk Linx - Process Termination

Title source: llm

Description

An attacker can craft and send an OpenNamespace message to port 4241 with valid session-id that triggers an unhandled exception in CFTLDManager::HandleRequest function in RnaDaSvr.dll, resulting in process termination. Observed in FactoryTalk Linx 6.11. All versions of FactoryTalk Linx are affected.

References (1)

[Third Party Advisory] https://www.tenable.com/security/research/tra-2020-71

Scores

CVSS v3 7.5

EPSS 0.0022

EPSS Percentile 44.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-755

Status published

Affected Products (1)

rockwellautomation/factorytalk_linx < 6.11

Timeline

Published Dec 29, 2020

Tracked Since Feb 18, 2026