Skip to main content

Factorytalk View CVE-2020-12028

HIGH
Permissions, Privileges, and Access Controls (CWE-264)
2020-07-20 ics-cert@hq.dhs.gov
8.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.1 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
Jul 20, 2020 - 16:15 nvd
HIGH 8.1

DescriptionNVD

In all versions of FactoryTalk View SEA remote, an authenticated attacker may be able to utilize certain handlers to interact with the data on the remote endpoint since those handlers do not enforce appropriate permissions. Rockwell Automation recommends enabling built in security features found within FactoryTalk View SE. Users should follow guidance found in knowledge base articles 109056 and 1126943 to set up IPSec and/or HTTPs.

AnalysisAI

In all versions of FactoryTalk View SEA remote, an authenticated attacker may be able to utilize certain handlers to interact with the data on the remote endpoint since those handlers do not enforce. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-264. In all versions of FactoryTalk View SEA remote, an authenticated attacker may be able to utilize certain handlers to interact with the data on the remote endpoint since those handlers do not enforce appropriate permissions. Rockwell Automation recommends enabling built in security features found within FactoryTalk View SE. Users should follow guidance found in knowledge base articles 109056 and 1126943 to set up IPSec and/or HTTPs. Affected products include: Rockwellautomation Factorytalk View.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2020-12029 HIGH POC
7.8 Jul 20

All versions of FactoryTalk View SE do not properly validate input of filenames within a project directory. Rated high s

CVE-2020-12027 MEDIUM POC
4.3 Jul 20

All versions of FactoryTalk View SE disclose the hostnames and file paths for certain files within the system. Rated med

CVE-2023-2071 CRITICAL
9.8 Sep 12

Rockwell Automation FactoryTalk View Machine Edition on the PanelView Plus, improperly verifies user’s input, which allo

CVE-2024-45824 CRITICAL
9.2 Sep 12

CVE-2024-45824 IMPACT A remote code vulnerability exists in the affected products. Rated critical severity (CVSS 9.2), t

CVE-2024-4609 HIGH
8.8 May 16

A vulnerability exists in the Rockwell Automation FactoryTalk® View SE Datalog function that could allow a threat actor

CVE-2024-7513 HIGH
8.5 Aug 14

CVE-2024-7513 IMPACT A code execution vulnerability exists in the affected product. Rated high severity (CVSS 8.5), this

CVE-2024-37369 HIGH
8.5 Jun 14

A privilege escalation vulnerability exists in the affected product. Rated high severity (CVSS 8.5), this vulnerability

CVE-2024-37368 HIGH
8.2 Jun 14

A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE. Rated high severity (CVSS 8.

CVE-2024-37367 HIGH
8.2 Jun 14

A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE v12. Rated high severity (CVS

CVE-2020-12031 HIGH
7.8 Jul 20

In all versions of FactoryTalk View SE, after bypassing memory corruption mechanisms found in the operating system, a lo

CVE-2023-46289 HIGH
7.5 Oct 27

Rockwell Automation FactoryTalk View Site Edition insufficiently validates user input, which could potentially allow thr

CVE-2024-37365 HIGH
7.0 Nov 12

A remote code execution vulnerability exists in the affected product. Rated high severity (CVSS 7.0), this vulnerability

Share

CVE-2020-12028 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy