CVE-2020-12034

IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND ('SQL INJECTION') CWE-89
The EDS subsystem does not provide adequate input sanitization, which may allow an attacker to craft specialized EDS files to inject SQL queries and manipulate the database storing the EDS files. This may lead to denial-of-service (DoS) conditions or allow an attacker to manipulate the SQL engine to write or modify files on the system.

Risk Information

  • CVE ID
  • CVE-2020-12034
  • Vendor
  • Rockwell Automation
  • Product
  • EDS Subsystem
  • CVSS v3
  • 8.2