32.02

CVSS 3.3 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

local

low complexity

rockwellautomation

CWE-611

NVD

Published: 2020-07-14

Updated: 2020-12-15

Summary

Rockwell Automation Logix Designer Studio 5000 Versions 32.00, 32.01, and 32.02 vulnerable to an xml external entity (XXE) vulnerability, which may allow an attacker to view hostnames or other resources from the program.

Vulnerable Configurations

Part	Description	Count
Application	Rockwellautomation Rockwellautomation Studio 5000 Logix Designer 32.00 Rockwellautomation Studio 5000 Logix Designer 32.01 Rockwellautomation Studio 5000 Logix Designer 32.02	3

Common Weakness Enumeration (CWE)

CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

References

https://us-cert.cisa.gov/ics/advisories/icsa-20-191-02