High
A flaw exists in the Ingress/Egress checks routine of FactoryTalk Linx. This vulnerability could allow a remote, unauthenticated attacker to specifically craft a malicious packet resulting in a denial-of-service condition on the device.
A heap overflow vulnerability exists within FactoryTalk Linx. This vulnerability could allow a remote, unauthenticated attacker to send malicious port ranges, which could result in remote code execution.
A heap overflow vulnerability exists within FactoryTalk Linx. This vulnerability could allow a remote, unauthenticated attacker to send malicious set attribute requests, which could result in the leaking of sensitive information. This information disclosure could lead to the bypass of address space layout randomization (ASLR).
Rockwell Automation
FactoryTalk Linx: Version 6.11 and prior
Rockwell Automation recommends users of the affected FactoryTalk Linx update to a fixed version.
FactoryTalk Linx v6.10/6.11