CVE-2020-12003

IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22
An exposed API call allows users to provide files to be processed without sanitation. This may allow an attacker to use specially crafted requests to traverse the file system and expose sensitive data on the local hard drive.

Risk Information

  • CVE ID
  • CVE-2020-12003
  • Vendor
  • Rockwell Automation
  • Product
  • FactoryTalk Linx
  • CVSS v3
  • 7.5