Rockwell Automation FactoryTalk View SE
CVE-2020-12028

7.3HIGH

Key Information:

Vendor
Rockwell Automation
Status
Factorytalk View Se
Vendor
CVE Published:
20 July 2020

Summary

In all versions of FactoryTalk View SEA remote, an authenticated attacker may be able to utilize certain handlers to interact with the data on the remote endpoint since those handlers do not enforce appropriate permissions. Rockwell Automation recommends enabling built in security features found within FactoryTalk View SE. Users should follow guidance found in knowledge base articles 109056 and 1126943 to set up IPSec and/or HTTPs.

Affected Version(s)

FactoryTalk View SE all versions

References

https://us-cert.cisa.gov/ics/advisories/icsa-20-170-05
x_refsource_MISC
https://rockwellautomation.custhelp.com/app/answers/detai...
x_refsource_MISC
http://packetstormsecurity.com/files/160156/Rockwell-Fact...
x_refsource_MISC

EPSS Score

15% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Trend Micro’s Zero Day Initiative reported these vulnerabilities to Rockwell Automation
.